From 40aa980aef7e3561a0a94f3af2fd0edac2c8d443 Mon Sep 17 00:00:00 2001 From: Adam Wolfe Gordon Date: Thu, 7 May 2026 12:06:15 -0600 Subject: [PATCH 1/3] Introduce Project api for developer experience tooling The central concept in our developer experience is the Project. Introduce the Project API in preparation for adding the tooling. Signed-off-by: Adam Wolfe Gordon --- apis/dev/v1alpha1/defaults.go | 51 +++ apis/dev/v1alpha1/doc.go | 21 + apis/dev/v1alpha1/project_types.go | 188 +++++++++ apis/dev/v1alpha1/validate.go | 174 +++++++++ apis/dev/v1alpha1/validate_test.go | 429 +++++++++++++++++++++ apis/dev/v1alpha1/zz_generated.deepcopy.go | 223 +++++++++++ generate.go | 3 + hack/boilerplate.go.txt | 15 + 8 files changed, 1104 insertions(+) create mode 100644 apis/dev/v1alpha1/defaults.go create mode 100644 apis/dev/v1alpha1/doc.go create mode 100644 apis/dev/v1alpha1/project_types.go create mode 100644 apis/dev/v1alpha1/validate.go create mode 100644 apis/dev/v1alpha1/validate_test.go create mode 100644 apis/dev/v1alpha1/zz_generated.deepcopy.go create mode 100644 hack/boilerplate.go.txt diff --git a/apis/dev/v1alpha1/defaults.go b/apis/dev/v1alpha1/defaults.go new file mode 100644 index 0000000..254cea3 --- /dev/null +++ b/apis/dev/v1alpha1/defaults.go @@ -0,0 +1,51 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +// Default sets default values for a Project. +func (p *Project) Default() { + if p.Spec.Paths == nil { + p.Spec.Paths = &ProjectPaths{} + } + p.Spec.Paths.Default() + + if len(p.Spec.Architectures) == 0 { + p.Spec.Architectures = []string{"amd64", "arm64"} + } +} + +// Default sets default values for ProjectPaths. +func (p *ProjectPaths) Default() { + if p.APIs == "" { + p.APIs = "apis" + } + if p.Functions == "" { + p.Functions = "functions" + } + if p.Examples == "" { + p.Examples = "examples" + } + if p.Tests == "" { + p.Tests = "tests" + } + if p.Operations == "" { + p.Operations = "operations" + } + if p.Schemas == "" { + p.Schemas = "schemas" + } +} diff --git a/apis/dev/v1alpha1/doc.go b/apis/dev/v1alpha1/doc.go new file mode 100644 index 0000000..aff333a --- /dev/null +++ b/apis/dev/v1alpha1/doc.go @@ -0,0 +1,21 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1alpha1 contains the Project API type. +// +// +groupName=dev.crossplane.io +// +kubebuilder:object:generate=true +package v1alpha1 diff --git a/apis/dev/v1alpha1/project_types.go b/apis/dev/v1alpha1/project_types.go new file mode 100644 index 0000000..dc9dad5 --- /dev/null +++ b/apis/dev/v1alpha1/project_types.go @@ -0,0 +1,188 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + pkgmetav1 "github.com/crossplane/crossplane/apis/v2/pkg/meta/v1" + pkgv1beta1 "github.com/crossplane/crossplane/apis/v2/pkg/v1beta1" +) + +// Dependency type constants. +const ( + // DependencyTypeK8s represents Kubernetes API dependencies. + DependencyTypeK8s = "k8s" + // DependencyTypeCRD represents Custom Resource Definition dependencies. + DependencyTypeCRD = "crd" + // DependencyTypeXpkg represents Crossplane package dependencies. + DependencyTypeXpkg = "xpkg" +) + +// Project defines a Crossplane Project, which can be built into a Crossplane +// Configuration package. +// +// +kubebuilder:object:root=true +type Project struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ProjectSpec `json:"spec"` +} + +// ProjectSpec is the spec for a Project. Since a Project is not a Kubernetes +// resource there is no Status, only Spec. +type ProjectSpec struct { + ProjectPackageMetadata `json:",inline"` + + // Repository is the OCI repository to which the configuration package built + // from this project will be pushed. It is also used to form the OCI + // repository paths for embedded functions in the project by appending an + // underscore and the function name. The repository can be overridden at + // build time, but the repository used for build and push must match in + // order for dependencies on embedded functions to resolve correctly. + Repository string `json:"repository"` + + // Crossplane defines the Crossplane version constraints for the + // configuration package built from the project. If not specified, the + // constraint will be '>=v2.0.0-rc.0' such that the packages support any + // Crossplane 2.x release. + Crossplane *pkgmetav1.CrossplaneConstraints `json:"crossplane,omitempty"` + // Dependencies are built-time and runtime dependencies of the project. + Dependencies []Dependency `json:"dependencies,omitempty"` + // Paths defines the relative paths to various parts of the project. + Paths *ProjectPaths `json:"paths,omitempty"` + // Architectures indicates for which architectures embedded functions should + // be built. If not specified, it defaults to [amd64, arm64]. + Architectures []string `json:"architectures,omitempty"` + // ImageConfigs configure how images are fetched during + // development. Currently, only rewriting is supported; other options will + // be silently ignored. Note that these configs are for development only; + // any necessary ImageConfigs for deployment into a cluster must be created + // separately at deployment time. + ImageConfigs []pkgv1beta1.ImageConfig `json:"imageConfigs,omitempty"` +} + +// ProjectPackageMetadata holds metadata about the project, which will become +// package metadata when a project is built into a Crossplane package. +type ProjectPackageMetadata struct { + Maintainer string `json:"maintainer,omitempty"` + Source string `json:"source,omitempty"` + License string `json:"license,omitempty"` + Description string `json:"description,omitempty"` + Readme string `json:"readme,omitempty"` +} + +// ProjectPaths configures the locations of various parts of the project, for +// use at build time. All paths must be relative to the project root. +type ProjectPaths struct { + // APIs is the directory holding the project's apis (XRDs and + // compositions). If not specified, it defaults to `apis/`. + APIs string `json:"apis,omitempty"` + // Functions is the directory holding the project's functions. If not + // specified, it defaults to `functions/`. + Functions string `json:"functions,omitempty"` + // Examples is the directory holding the project's examples. If not + // specified, it defaults to `examples/`. + Examples string `json:"examples,omitempty"` + // Tests is the directory holding the project's tests. If not + // specified, it defaults to `tests/`. + Tests string `json:"tests,omitempty"` + // Operations is the directory holding the project's operations. If not + // specified, it defaults to `operations/`. + Operations string `json:"operations,omitempty"` + // Schemas is the directory holding language bindings for the project's XRDs + // and dependencies. If not specified, it defaults to `schemas/`. + Schemas string `json:"schemas,omitempty"` +} + +// Dependency defines a dependency for a Crossplane project. The Type field +// determines which sub-fields are relevant. +type Dependency struct { + // Type defines the type of dependency. + // +kubebuilder:validation:Enum=k8s;crd;xpkg + Type string `json:"type"` + + // Xpkg defines the Crossplane package reference for the dependency. + // Only used when Type is "xpkg". + // +optional + Xpkg *XpkgDependency `json:"xpkg,omitempty"` + + // Git defines the git repository source for the dependency. + // Only used when Type is "crd". + // +optional + Git *GitDependency `json:"git,omitempty"` + + // HTTP defines the HTTP source for the dependency. + // Only used when Type is "crd". + // +optional + HTTP *HTTPDependency `json:"http,omitempty"` + + // K8s defines the Kubernetes API version for the dependency. + // Only used when Type is "k8s". + // +optional + K8s *K8sDependency `json:"k8s,omitempty"` +} + +// XpkgDependency defines the xpkg-specific fields for a package dependency. +type XpkgDependency struct { + // APIVersion of the dependency package. This should be the package + // apiVersion (e.g., pkg.crossplane.io/v1), not the package metadata type. + APIVersion string `json:"apiVersion"` + + // Kind of the dependency package. + Kind string `json:"kind"` + + // Package is the OCI image reference of the dependency package. + Package string `json:"package"` + + // Version is the semantic version constraints for the dependency. + Version string `json:"version"` + + // APIOnly indicates that this dependency is only needed for API/schema + // purposes and should not be included as a runtime dependency in the + // built package. Only xpkg dependencies can be runtime dependencies. + // Default is false, meaning xpkg dependencies are runtime by default. + // +optional + APIOnly bool `json:"apiOnly,omitempty"` +} + +// GitDependency defines a git repository source for an API dependency. +type GitDependency struct { + // Repository is the git repository URL. + Repository string `json:"repository"` + + // Ref is the git reference (branch, tag, or commit SHA). + // +optional + Ref string `json:"ref,omitempty"` + + // Path is the path within the repository to the API definition. + // +optional + Path string `json:"path,omitempty"` +} + +// HTTPDependency defines an HTTP source for an API dependency. +type HTTPDependency struct { + // URL is the HTTP/HTTPS URL to fetch the API dependency from. + URL string `json:"url"` +} + +// K8sDependency defines a Kubernetes API version reference. +type K8sDependency struct { + // Version is the Kubernetes API version (e.g., "v1.33.0"). + Version string `json:"version"` +} diff --git a/apis/dev/v1alpha1/validate.go b/apis/dev/v1alpha1/validate.go new file mode 100644 index 0000000..7bb63b2 --- /dev/null +++ b/apis/dev/v1alpha1/validate.go @@ -0,0 +1,174 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + "fmt" + "path/filepath" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" +) + +// Validate validates a project. +func (p *Project) Validate() error { + var errs []error + + if p.GetName() == "" { + errs = append(errs, errors.New("name must not be empty")) + } + errs = append(errs, p.Spec.Validate()) + + return errors.Join(errs...) +} + +// Validate validates a project's spec. +func (s *ProjectSpec) Validate() error { + var errs []error + + if s.Repository == "" { + errs = append(errs, errors.New("repository must not be empty")) + } + + if s.Paths != nil { + if s.Paths.APIs != "" && filepath.IsAbs(s.Paths.APIs) { + errs = append(errs, errors.New("apis path must be relative")) + } + if s.Paths.Functions != "" && filepath.IsAbs(s.Paths.Functions) { + errs = append(errs, errors.New("functions path must be relative")) + } + if s.Paths.Examples != "" && filepath.IsAbs(s.Paths.Examples) { + errs = append(errs, errors.New("examples path must be relative")) + } + if s.Paths.Tests != "" && filepath.IsAbs(s.Paths.Tests) { + errs = append(errs, errors.New("tests path must be relative")) + } + if s.Paths.Operations != "" && filepath.IsAbs(s.Paths.Operations) { + errs = append(errs, errors.New("operations path must be relative")) + } + if s.Paths.Schemas != "" && filepath.IsAbs(s.Paths.Schemas) { + errs = append(errs, errors.New("schemas path must be relative")) + } + } + + if s.Architectures != nil && len(s.Architectures) == 0 { + errs = append(errs, errors.New("architectures must not be empty")) + } + + // Validate dependencies + for i, dep := range s.Dependencies { + if err := dep.Validate(); err != nil { + errs = append(errs, errors.Wrapf(err, "dependency %d", i)) + } + } + + return errors.Join(errs...) +} + +// Validate validates a dependency. +func (d *Dependency) Validate() error { + var errs []error + + if d.Type == "" { + errs = append(errs, errors.New("type must not be empty")) + } + + // Count non-nil sources + sourceCount := 0 + if d.Xpkg != nil { + sourceCount++ + if err := d.Xpkg.Validate(); err != nil { + errs = append(errs, fmt.Errorf("xpkg: %w", err)) + } + } + if d.Git != nil { + sourceCount++ + if err := d.Git.Validate(); err != nil { + errs = append(errs, fmt.Errorf("git: %w", err)) + } + } + if d.HTTP != nil { + sourceCount++ + if err := d.HTTP.Validate(); err != nil { + errs = append(errs, fmt.Errorf("http: %w", err)) + } + } + if d.K8s != nil { + sourceCount++ + if err := d.K8s.Validate(); err != nil { + errs = append(errs, fmt.Errorf("k8s: %w", err)) + } + } + + if sourceCount != 1 { + errs = append(errs, errors.New("exactly one source (xpkg, git, http, or k8s) must be specified")) + } + + return errors.Join(errs...) +} + +// Validate validates an xpkg dependency. +func (x *XpkgDependency) Validate() error { + var errs []error + + if x.APIVersion == "" { + errs = append(errs, errors.New("apiVersion must not be empty")) + } + if x.Kind == "" { + errs = append(errs, errors.New("kind must not be empty")) + } + if x.Package == "" { + errs = append(errs, errors.New("package must not be empty")) + } + if x.Version == "" { + errs = append(errs, errors.New("version must not be empty")) + } + + return errors.Join(errs...) +} + +// Validate validates a git dependency. +func (g *GitDependency) Validate() error { + var errs []error + + if g.Repository == "" { + errs = append(errs, errors.New("repository must not be empty")) + } + + return errors.Join(errs...) +} + +// Validate validates an HTTP dependency. +func (h *HTTPDependency) Validate() error { + var errs []error + + if h.URL == "" { + errs = append(errs, errors.New("url must not be empty")) + } + + return errors.Join(errs...) +} + +// Validate validates a Kubernetes API dependency. +func (k *K8sDependency) Validate() error { + var errs []error + + if k.Version == "" { + errs = append(errs, errors.New("version must not be empty")) + } + + return errors.Join(errs...) +} diff --git a/apis/dev/v1alpha1/validate_test.go b/apis/dev/v1alpha1/validate_test.go new file mode 100644 index 0000000..66c4ab1 --- /dev/null +++ b/apis/dev/v1alpha1/validate_test.go @@ -0,0 +1,429 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + "strings" + "testing" + + "github.com/google/go-cmp/cmp" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + pkgmetav1 "github.com/crossplane/crossplane/apis/v2/pkg/meta/v1" +) + +func TestValidate(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + input *Project + expectedErrors []string + }{ + "MinimalValid": { + input: &Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-project", + }, + Spec: ProjectSpec{ + Repository: "xpkg.upbound.io/acmeco/my-project", + }, + }, + }, + "MaximalValid": { + input: &Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-project", + }, + Spec: ProjectSpec{ + Repository: "xpkg.upbound.io/acmeco/my-project", + ProjectPackageMetadata: ProjectPackageMetadata{ + Maintainer: "Acme Corporation", + Source: "https://github.com/acmeco/my-project.git", + License: "Apache-2.0", + Description: "I'm a unit test", + Readme: "Don't use me, I'm a unit test", + }, + Crossplane: &pkgmetav1.CrossplaneConstraints{ + Version: ">=1.17.0", + }, + Dependencies: []Dependency{{ + Type: "xpkg", + Xpkg: &XpkgDependency{ + Package: "xpkg.upbound.io/upbound/provider-aws-s3", + Version: ">=0.2.1", + APIVersion: "pkg.crossplane.io/v1", + Kind: "Provider", + }, + }}, + Paths: &ProjectPaths{ + APIs: "apis/", + Functions: "functions/", + Examples: "examples/", + Tests: "tests/", + Operations: "operations/", + }, + Architectures: []string{"arch1"}, + }, + }, + }, + "MissingName": { + input: &Project{ + ObjectMeta: metav1.ObjectMeta{}, + Spec: ProjectSpec{ + Repository: "xpkg.upbound.io/acmeco/my-project", + }, + }, + expectedErrors: []string{ + "name must not be empty", + }, + }, + "MissingRepository": { + input: &Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-project", + }, + Spec: ProjectSpec{}, + }, + expectedErrors: []string{ + "repository must not be empty", + }, + }, + "AbsolutePaths": { + input: &Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-project", + }, + Spec: ProjectSpec{ + Repository: "xpkg.upbound.io/acmeco/my-project", + Paths: &ProjectPaths{ + APIs: "/tmp/apis", + Functions: "/tmp/functions", + Examples: "/tmp/examples", + Tests: "/tmp/tests", + Operations: "/tmp/operations", + }, + }, + }, + expectedErrors: []string{ + "apis path must be relative", + "functions path must be relative", + "examples path must be relative", + "tests path must be relative", + "operations path must be relative", + }, + }, + "EmptyArchitectures": { + input: &Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-project", + }, + Spec: ProjectSpec{ + Repository: "xpkg.upbound.io/acmeco/my-project", + Architectures: []string{}, + }, + }, + expectedErrors: []string{ + "architectures must not be empty", + }, + }, + "ValidAPIDependency": { + input: &Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-project", + }, + Spec: ProjectSpec{ + Repository: "xpkg.upbound.io/acmeco/my-project", + Dependencies: []Dependency{ + { + Type: "crd", + Git: &GitDependency{ + Repository: "https://github.com/crossplane/crossplane.git", + Ref: "v1.14.0", + Path: "cluster/crds", + }, + }, + }, + }, + }, + }, + "InvalidAPIDependencyNoType": { + input: &Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-project", + }, + Spec: ProjectSpec{ + Repository: "xpkg.upbound.io/acmeco/my-project", + Dependencies: []Dependency{ + { + Git: &GitDependency{ + Repository: "https://github.com/crossplane/crossplane.git", + }, + }, + }, + }, + }, + expectedErrors: []string{ + "dependency 0: type must not be empty", + }, + }, + "InvalidAPIDependencyNoSource": { + input: &Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-project", + }, + Spec: ProjectSpec{ + Repository: "xpkg.upbound.io/acmeco/my-project", + Dependencies: []Dependency{ + { + Type: "crd", + }, + }, + }, + }, + expectedErrors: []string{ + "dependency 0: exactly one source (xpkg, git, http, or k8s) must be specified", + }, + }, + "InvalidAPIDependencyMultipleSources": { + input: &Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-project", + }, + Spec: ProjectSpec{ + Repository: "xpkg.upbound.io/acmeco/my-project", + Dependencies: []Dependency{ + { + Type: "crd", + Git: &GitDependency{ + Repository: "https://github.com/crossplane/crossplane.git", + }, + HTTP: &HTTPDependency{ + URL: "https://example.com/api.yaml", + }, + }, + }, + }, + }, + expectedErrors: []string{ + "dependency 0: exactly one source (xpkg, git, http, or k8s) must be specified", + }, + }, + "InvalidAPIDependencyGitEmptyRepository": { + input: &Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-project", + }, + Spec: ProjectSpec{ + Repository: "xpkg.upbound.io/acmeco/my-project", + Dependencies: []Dependency{ + { + Type: "crd", + Git: &GitDependency{ + Repository: "", + }, + }, + }, + }, + }, + expectedErrors: []string{ + "dependency 0: git: repository must not be empty", + }, + }, + "InvalidAPIDependencyHTTPEmptyURL": { + input: &Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-project", + }, + Spec: ProjectSpec{ + Repository: "xpkg.upbound.io/acmeco/my-project", + Dependencies: []Dependency{ + { + Type: "crd", + HTTP: &HTTPDependency{ + URL: "", + }, + }, + }, + }, + }, + expectedErrors: []string{ + "dependency 0: http: url must not be empty", + }, + }, + "InvalidAPIDependencyK8sEmptyVersion": { + input: &Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-project", + }, + Spec: ProjectSpec{ + Repository: "xpkg.upbound.io/acmeco/my-project", + Dependencies: []Dependency{ + { + Type: "k8s", + K8s: &K8sDependency{ + Version: "", + }, + }, + }, + }, + }, + expectedErrors: []string{ + "dependency 0: k8s: version must not be empty", + }, + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + err := tc.input.Validate() + if len(tc.expectedErrors) == 0 { + if err != nil { + t.Errorf("Validate(): unexpected error: %v", err) + } + return + } + for _, expected := range tc.expectedErrors { + if err == nil || !strings.Contains(err.Error(), expected) { + t.Errorf("Validate(): expected error containing %q, got %v", expected, err) + } + } + }) + } +} + +func TestDefault(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + input *Project + want *Project + }{ + "FullySpecified": { + input: &Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-project", + }, + Spec: ProjectSpec{ + Repository: "xpkg.upbound.io/acmeco/my-project", + ProjectPackageMetadata: ProjectPackageMetadata{ + Maintainer: "Acme Corporation", + Source: "https://github.com/acmeco/my-project.git", + License: "Apache-2.0", + Description: "I'm a unit test", + Readme: "Don't use me, I'm a unit test", + }, + Crossplane: &pkgmetav1.CrossplaneConstraints{ + Version: ">=1.17.0", + }, + Dependencies: []Dependency{{ + Type: "xpkg", + Xpkg: &XpkgDependency{ + Package: "xpkg.upbound.io/upbound/provider-aws-s3", + Version: ">=0.2.1", + APIVersion: "pkg.crossplane.io/v1", + Kind: "Provider", + }, + }}, + Paths: &ProjectPaths{ + APIs: "not-default-apis/", + Functions: "not-default-functions/", + Examples: "not-default-examples/", + Tests: "not-default-tests/", + Operations: "not-default-operations/", + }, + Architectures: []string{"arch1"}, + }, + }, + want: &Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-project", + }, + Spec: ProjectSpec{ + Repository: "xpkg.upbound.io/acmeco/my-project", + ProjectPackageMetadata: ProjectPackageMetadata{ + Maintainer: "Acme Corporation", + Source: "https://github.com/acmeco/my-project.git", + License: "Apache-2.0", + Description: "I'm a unit test", + Readme: "Don't use me, I'm a unit test", + }, + Crossplane: &pkgmetav1.CrossplaneConstraints{ + Version: ">=1.17.0", + }, + Dependencies: []Dependency{{ + Type: "xpkg", + Xpkg: &XpkgDependency{ + Package: "xpkg.upbound.io/upbound/provider-aws-s3", + Version: ">=0.2.1", + APIVersion: "pkg.crossplane.io/v1", + Kind: "Provider", + }, + }}, + Paths: &ProjectPaths{ + APIs: "not-default-apis/", + Functions: "not-default-functions/", + Examples: "not-default-examples/", + Tests: "not-default-tests/", + Operations: "not-default-operations/", + Schemas: "schemas", + }, + Architectures: []string{"arch1"}, + }, + }, + }, + "MinimalValid": { + input: &Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-project", + }, + Spec: ProjectSpec{ + Repository: "xpkg.upbound.io/acmeco/my-project", + }, + }, + want: &Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-project", + }, + Spec: ProjectSpec{ + Repository: "xpkg.upbound.io/acmeco/my-project", + Paths: &ProjectPaths{ + APIs: "apis", + Examples: "examples", + Functions: "functions", + Tests: "tests", + Operations: "operations", + Schemas: "schemas", + }, + Architectures: []string{"amd64", "arm64"}, + }, + }, + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + tc.input.Default() + if diff := cmp.Diff(tc.want, tc.input); diff != "" { + t.Errorf("Default(): -want, +got:\n%s", diff) + } + }) + } +} diff --git a/apis/dev/v1alpha1/zz_generated.deepcopy.go b/apis/dev/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 0000000..19714fc --- /dev/null +++ b/apis/dev/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,223 @@ +//go:build !ignore_autogenerated + +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "github.com/crossplane/crossplane/apis/v2/pkg/meta/v1" + "github.com/crossplane/crossplane/apis/v2/pkg/v1beta1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Dependency) DeepCopyInto(out *Dependency) { + *out = *in + if in.Xpkg != nil { + in, out := &in.Xpkg, &out.Xpkg + *out = new(XpkgDependency) + **out = **in + } + if in.Git != nil { + in, out := &in.Git, &out.Git + *out = new(GitDependency) + **out = **in + } + if in.HTTP != nil { + in, out := &in.HTTP, &out.HTTP + *out = new(HTTPDependency) + **out = **in + } + if in.K8s != nil { + in, out := &in.K8s, &out.K8s + *out = new(K8sDependency) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Dependency. +func (in *Dependency) DeepCopy() *Dependency { + if in == nil { + return nil + } + out := new(Dependency) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GitDependency) DeepCopyInto(out *GitDependency) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitDependency. +func (in *GitDependency) DeepCopy() *GitDependency { + if in == nil { + return nil + } + out := new(GitDependency) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPDependency) DeepCopyInto(out *HTTPDependency) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPDependency. +func (in *HTTPDependency) DeepCopy() *HTTPDependency { + if in == nil { + return nil + } + out := new(HTTPDependency) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *K8sDependency) DeepCopyInto(out *K8sDependency) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new K8sDependency. +func (in *K8sDependency) DeepCopy() *K8sDependency { + if in == nil { + return nil + } + out := new(K8sDependency) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Project) DeepCopyInto(out *Project) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Project. +func (in *Project) DeepCopy() *Project { + if in == nil { + return nil + } + out := new(Project) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Project) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProjectPackageMetadata) DeepCopyInto(out *ProjectPackageMetadata) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectPackageMetadata. +func (in *ProjectPackageMetadata) DeepCopy() *ProjectPackageMetadata { + if in == nil { + return nil + } + out := new(ProjectPackageMetadata) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProjectPaths) DeepCopyInto(out *ProjectPaths) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectPaths. +func (in *ProjectPaths) DeepCopy() *ProjectPaths { + if in == nil { + return nil + } + out := new(ProjectPaths) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProjectSpec) DeepCopyInto(out *ProjectSpec) { + *out = *in + out.ProjectPackageMetadata = in.ProjectPackageMetadata + if in.Crossplane != nil { + in, out := &in.Crossplane, &out.Crossplane + *out = new(v1.CrossplaneConstraints) + **out = **in + } + if in.Dependencies != nil { + in, out := &in.Dependencies, &out.Dependencies + *out = make([]Dependency, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Paths != nil { + in, out := &in.Paths, &out.Paths + *out = new(ProjectPaths) + **out = **in + } + if in.Architectures != nil { + in, out := &in.Architectures, &out.Architectures + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ImageConfigs != nil { + in, out := &in.ImageConfigs, &out.ImageConfigs + *out = make([]v1beta1.ImageConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectSpec. +func (in *ProjectSpec) DeepCopy() *ProjectSpec { + if in == nil { + return nil + } + out := new(ProjectSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *XpkgDependency) DeepCopyInto(out *XpkgDependency) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XpkgDependency. +func (in *XpkgDependency) DeepCopy() *XpkgDependency { + if in == nil { + return nil + } + out := new(XpkgDependency) + in.DeepCopyInto(out) + return out +} diff --git a/generate.go b/generate.go index 2e0fe6c..ee4e8d9 100644 --- a/generate.go +++ b/generate.go @@ -26,4 +26,7 @@ limitations under the License. // Note that the vendor dir does temporarily exist during a Nix build. //go:generate buf generate --exclude-path vendor +// Generate deepcopy methods for the dev API group. +//go:generate controller-gen object:headerFile=./hack/boilerplate.go.txt paths=./apis/dev/v1alpha1 + package generate diff --git a/hack/boilerplate.go.txt b/hack/boilerplate.go.txt new file mode 100644 index 0000000..55b2fca --- /dev/null +++ b/hack/boilerplate.go.txt @@ -0,0 +1,15 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ From e408c5f8c9218d5fcdaa516ee6bbf8ce1e6e8fd6 Mon Sep 17 00:00:00 2001 From: Adam Wolfe Gordon Date: Thu, 7 May 2026 13:31:19 -0600 Subject: [PATCH 2/3] Add initial developer experience commands MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit introduces the initial set of DevEx tools based around the concept of control plane Projects. Specifically, it introduces tools for: - Scaffolding a new, empty project. - Generating XRDs from example XRs or simpleschema documents. - Scaffolding compositions. - Scaffolding functions in go, go-templating, kcl, and python and adding them to composition pipelines. - Managing both runtime and build-time dependencies for a project, including generating language bindings (schemas) for added dependencies. - Building a project into a set of xpkgs. - Pushing xpkgs built from a project to an OCI registry. - Installing a project into a local control plane (created using kind) for testing. Fixes crossplane/crossplane#6840 This work is based on (and imports a large amount of code from) the developer experience tooling originally built as part of the proprietary `up` CLI at Upbound. The following people contributed to that work: Co-authored-by: Christopher Haar Co-authored-by: Hasan Turken Co-authored-by: Jason Tang Co-authored-by: Murph Co-authored-by: Nic Cope Co-authored-by: Nicholas Thomson Co-authored-by: Philippe Scorsolini Co-authored-by: Tobias Kässer Co-authored-by: nullable-eth <2248325+nullable-eth@users.noreply.github.com> Co-authored-by: tnthornton <2375126+tnthornton@users.noreply.github.com> Signed-off-by: Adam Wolfe Gordon --- cmd/crossplane/composition/composition.go | 5 +- cmd/crossplane/composition/generate.go | 259 + cmd/crossplane/composition/generate_test.go | 243 + cmd/crossplane/dependency/add.go | 175 + cmd/crossplane/dependency/auth.go | 37 + cmd/crossplane/dependency/cache.go | 137 + cmd/crossplane/dependency/dependency.go | 25 + cmd/crossplane/function/function.go | 23 + cmd/crossplane/function/generate.go | 403 + cmd/crossplane/function/generate_test.go | 473 + cmd/crossplane/function/pipeline.go | 89 + .../go-templating/00-prelude.yaml.gotmpl | 4 + .../go-templating/01-compose.yaml.gotmpl | 24 + cmd/crossplane/function/templates/go.tar | Bin 0 -> 40960 bytes .../function/templates/kcl/kcl.mod.lock | 1 + .../function/templates/kcl/kcl.mod.tmpl | 8 + cmd/crossplane/function/templates/kcl/main.k | 32 + .../function/templates/python/README.md | 4 + .../templates/python/function/__init__.py | 0 .../templates/python/function/__version__.py | 1 + .../function/templates/python/function/fn.py | 29 + .../templates/python/function/main.py | 51 + .../templates/python/pyproject.toml.tmpl | 32 + cmd/crossplane/main.go | 15 + cmd/crossplane/project/build.go | 164 + cmd/crossplane/project/init.go | 116 + cmd/crossplane/project/project.go | 27 + cmd/crossplane/project/push.go | 177 + cmd/crossplane/project/run.go | 314 + cmd/crossplane/project/stop.go | 71 + cmd/crossplane/xrd/generate.go | 447 + cmd/crossplane/xrd/generate_test.go | 759 + cmd/crossplane/xrd/xrd.go | 23 + go.mod | 83 +- go.sum | 204 + gomod2nix.toml | 215 +- internal/async/event.go | 60 + internal/crd/convert.go | 169 + internal/crd/convert_test.go | 379 + internal/crd/generator.go | 99 + internal/crd/generator_test.go | 117 + internal/crd/testdata/claimable-xrd.yaml | 47 + .../template.fn.crossplane.io_kclinputs.yaml | 161 + internal/crd/testdata/unclaimable-xrd.yaml | 44 + internal/dependency/cache_dir.go | 31 + internal/dependency/manager.go | 384 + internal/dependency/manager_test.go | 552 + internal/docker/docker.go | 103 +- internal/filesystem/filesystem.go | 474 + internal/filesystem/filesystem_test.go | 724 + internal/git/git.go | 252 + internal/git/git_test.go | 568 + internal/kcl/import.go | 79 + internal/kcl/import_test.go | 74 + internal/project/build.go | 600 + internal/project/build_test.go | 298 + internal/project/certs/cert_generator.go | 96 + internal/project/certs/tls.go | 252 + internal/project/controlplane/controlplane.go | 642 + internal/project/functions/build.go | 146 + internal/project/functions/build_test.go | 330 + internal/project/functions/go.go | 138 + internal/project/functions/go_templating.go | 159 + internal/project/functions/kcl.go | 213 + internal/project/functions/python.go | 247 + .../resource1.yaml.gotmpl | 26 + .../resource2.yaml.tmpl | 12 + .../functions/testdata/kcl-function/kcl.mod | 6 + .../testdata/kcl-function/kcl.mod.lock | 0 .../functions/testdata/kcl-function/main.k | 32 + internal/project/helm/helm.go | 233 + internal/project/helm/restclientgetter.go | 78 + internal/project/image.go | 140 + internal/project/install.go | 346 + internal/project/install_test.go | 268 + internal/project/projectfile/projectfile.go | 99 + .../project/projectfile/projectfile_test.go | 299 + internal/project/push.go | 215 + internal/project/push_test.go | 162 + internal/project/sort.go | 53 + internal/schemas/generator/go.go | 1374 + internal/schemas/generator/go_test.go | 141 + internal/schemas/generator/interface.go | 44 + internal/schemas/generator/json.go | 205 + internal/schemas/generator/json_test.go | 124 + internal/schemas/generator/kcl.go | 902 + internal/schemas/generator/kcl_test.go | 49 + internal/schemas/generator/python.go | 799 + internal/schemas/generator/python_test.go | 157 + .../account_scaffold_composition.yaml | 58 + .../testdata/account_scaffold_definition.yaml | 41 + .../generator/testdata/api__v1_openapi.json | 39034 ++++++++++++++++ .../generator/testdata/api_openapi.json | 122 + .../testdata/azure_linux_function_app.yaml | 10878 +++++ .../testdata/configuration_crossplane.yaml | 21 + internal/schemas/manager/lock.go | 31 + internal/schemas/manager/manager.go | 249 + internal/schemas/manager/manager_test.go | 215 + internal/schemas/manager/source.go | 531 + internal/schemas/manager/source_test.go | 682 + internal/schemas/runner/run.go | 164 + internal/schemas/runner/run_test.go | 168 + .../template.fn.crossplane.io_kclinputs.yaml | 161 + internal/terminal/spinner.go | 447 + internal/xpkg/client.go | 108 + internal/xpkg/doc.go | 19 + internal/xpkg/fetcher.go | 106 + internal/xpkg/metadata.go | 63 + internal/xpkg/resolver.go | 117 + internal/xpkg/resolver_test.go | 151 + internal/xrd/infer.go | 132 + internal/xrd/infer_test.go | 247 + 112 files changed, 71580 insertions(+), 37 deletions(-) create mode 100644 cmd/crossplane/composition/generate.go create mode 100644 cmd/crossplane/composition/generate_test.go create mode 100644 cmd/crossplane/dependency/add.go create mode 100644 cmd/crossplane/dependency/auth.go create mode 100644 cmd/crossplane/dependency/cache.go create mode 100644 cmd/crossplane/dependency/dependency.go create mode 100644 cmd/crossplane/function/function.go create mode 100644 cmd/crossplane/function/generate.go create mode 100644 cmd/crossplane/function/generate_test.go create mode 100644 cmd/crossplane/function/pipeline.go create mode 100644 cmd/crossplane/function/templates/go-templating/00-prelude.yaml.gotmpl create mode 100644 cmd/crossplane/function/templates/go-templating/01-compose.yaml.gotmpl create mode 100644 cmd/crossplane/function/templates/go.tar create mode 100644 cmd/crossplane/function/templates/kcl/kcl.mod.lock create mode 100644 cmd/crossplane/function/templates/kcl/kcl.mod.tmpl create mode 100644 cmd/crossplane/function/templates/kcl/main.k create mode 100644 cmd/crossplane/function/templates/python/README.md create mode 100644 cmd/crossplane/function/templates/python/function/__init__.py create mode 100644 cmd/crossplane/function/templates/python/function/__version__.py create mode 100644 cmd/crossplane/function/templates/python/function/fn.py create mode 100644 cmd/crossplane/function/templates/python/function/main.py create mode 100644 cmd/crossplane/function/templates/python/pyproject.toml.tmpl create mode 100644 cmd/crossplane/project/build.go create mode 100644 cmd/crossplane/project/init.go create mode 100644 cmd/crossplane/project/project.go create mode 100644 cmd/crossplane/project/push.go create mode 100644 cmd/crossplane/project/run.go create mode 100644 cmd/crossplane/project/stop.go create mode 100644 cmd/crossplane/xrd/generate.go create mode 100644 cmd/crossplane/xrd/generate_test.go create mode 100644 cmd/crossplane/xrd/xrd.go create mode 100644 internal/async/event.go create mode 100644 internal/crd/convert.go create mode 100644 internal/crd/convert_test.go create mode 100644 internal/crd/generator.go create mode 100644 internal/crd/generator_test.go create mode 100644 internal/crd/testdata/claimable-xrd.yaml create mode 100644 internal/crd/testdata/template.fn.crossplane.io_kclinputs.yaml create mode 100644 internal/crd/testdata/unclaimable-xrd.yaml create mode 100644 internal/dependency/cache_dir.go create mode 100644 internal/dependency/manager.go create mode 100644 internal/dependency/manager_test.go create mode 100644 internal/filesystem/filesystem.go create mode 100644 internal/filesystem/filesystem_test.go create mode 100644 internal/git/git.go create mode 100644 internal/git/git_test.go create mode 100644 internal/kcl/import.go create mode 100644 internal/kcl/import_test.go create mode 100644 internal/project/build.go create mode 100644 internal/project/build_test.go create mode 100644 internal/project/certs/cert_generator.go create mode 100644 internal/project/certs/tls.go create mode 100644 internal/project/controlplane/controlplane.go create mode 100644 internal/project/functions/build.go create mode 100644 internal/project/functions/build_test.go create mode 100644 internal/project/functions/go.go create mode 100644 internal/project/functions/go_templating.go create mode 100644 internal/project/functions/kcl.go create mode 100644 internal/project/functions/python.go create mode 100644 internal/project/functions/testdata/go-templating-function/resource1.yaml.gotmpl create mode 100644 internal/project/functions/testdata/go-templating-function/resource2.yaml.tmpl create mode 100644 internal/project/functions/testdata/kcl-function/kcl.mod create mode 100644 internal/project/functions/testdata/kcl-function/kcl.mod.lock create mode 100644 internal/project/functions/testdata/kcl-function/main.k create mode 100644 internal/project/helm/helm.go create mode 100644 internal/project/helm/restclientgetter.go create mode 100644 internal/project/image.go create mode 100644 internal/project/install.go create mode 100644 internal/project/install_test.go create mode 100644 internal/project/projectfile/projectfile.go create mode 100644 internal/project/projectfile/projectfile_test.go create mode 100644 internal/project/push.go create mode 100644 internal/project/push_test.go create mode 100644 internal/project/sort.go create mode 100644 internal/schemas/generator/go.go create mode 100644 internal/schemas/generator/go_test.go create mode 100644 internal/schemas/generator/interface.go create mode 100644 internal/schemas/generator/json.go create mode 100644 internal/schemas/generator/json_test.go create mode 100644 internal/schemas/generator/kcl.go create mode 100644 internal/schemas/generator/kcl_test.go create mode 100644 internal/schemas/generator/python.go create mode 100644 internal/schemas/generator/python_test.go create mode 100644 internal/schemas/generator/testdata/account_scaffold_composition.yaml create mode 100644 internal/schemas/generator/testdata/account_scaffold_definition.yaml create mode 100644 internal/schemas/generator/testdata/api__v1_openapi.json create mode 100644 internal/schemas/generator/testdata/api_openapi.json create mode 100644 internal/schemas/generator/testdata/azure_linux_function_app.yaml create mode 100644 internal/schemas/generator/testdata/configuration_crossplane.yaml create mode 100644 internal/schemas/manager/lock.go create mode 100644 internal/schemas/manager/manager.go create mode 100644 internal/schemas/manager/manager_test.go create mode 100644 internal/schemas/manager/source.go create mode 100644 internal/schemas/manager/source_test.go create mode 100644 internal/schemas/runner/run.go create mode 100644 internal/schemas/runner/run_test.go create mode 100644 internal/schemas/runner/testdata/template.fn.crossplane.io_kclinputs.yaml create mode 100644 internal/terminal/spinner.go create mode 100644 internal/xpkg/client.go create mode 100644 internal/xpkg/doc.go create mode 100644 internal/xpkg/fetcher.go create mode 100644 internal/xpkg/metadata.go create mode 100644 internal/xpkg/resolver.go create mode 100644 internal/xpkg/resolver_test.go create mode 100644 internal/xrd/infer.go create mode 100644 internal/xrd/infer_test.go diff --git a/cmd/crossplane/composition/composition.go b/cmd/crossplane/composition/composition.go index f9b42c0..693b2ff 100644 --- a/cmd/crossplane/composition/composition.go +++ b/cmd/crossplane/composition/composition.go @@ -24,6 +24,7 @@ import ( // Cmd contains commands for working with Crossplane Compositions. type Cmd struct { - Convert convert.Cmd `cmd:"" help:"Convert a Composition to a newer version." maturity:"beta"` - Render xr.Cmd `cmd:"" help:"Render a composite resource (XR)."` + Convert convert.Cmd `cmd:"" help:"Convert a Composition to a newer version." maturity:"beta"` + Generate generateCmd `cmd:"" help:"Generate a Composition for a CompositeResourceDefinition (XRD)." maturity:"beta"` + Render xr.Cmd `cmd:"" help:"Render a composite resource (XR)."` } diff --git a/cmd/crossplane/composition/generate.go b/cmd/crossplane/composition/generate.go new file mode 100644 index 0000000..31eb3df --- /dev/null +++ b/cmd/crossplane/composition/generate.go @@ -0,0 +1,259 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package composition + +import ( + "context" + "fmt" + "path/filepath" + "strings" + + "github.com/spf13/afero" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/yaml" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg" + + apiextv1 "github.com/crossplane/crossplane/apis/v2/apiextensions/v1" + v2 "github.com/crossplane/crossplane/apis/v2/apiextensions/v2" + pkgv1 "github.com/crossplane/crossplane/apis/v2/pkg/v1" + + "github.com/crossplane/cli/v2/apis/dev/v1alpha1" + "github.com/crossplane/cli/v2/internal/dependency" + "github.com/crossplane/cli/v2/internal/project/projectfile" + "github.com/crossplane/cli/v2/internal/terminal" + clixpkg "github.com/crossplane/cli/v2/internal/xpkg" +) + +const ( + functionAutoReadyName = "crossplane-contrib-function-auto-ready" + functionAutoReadyPackage = "xpkg.crossplane.io/crossplane-contrib/function-auto-ready" +) + +type generateCmd struct { + XRD string `arg:"" help:"Path to the CompositeResourceDefinition (XRD) file."` + Name string `help:"Name prefix for the composition." optional:""` + Plural string `help:"Custom plural for the CompositeTypeRef.Kind." optional:""` + Path string `help:"Output file path override." optional:""` + ProjectFile string `default:"crossplane-project.yaml" help:"Path to project definition file." short:"f"` + CacheDir string `env:"CROSSPLANE_XPKG_CACHE" help:"Directory for cached xpkg package contents." name:"cache-dir"` + + projFS afero.Fs + apisFS afero.Fs + proj *v1alpha1.Project + depManager *dependency.Manager +} + +// AfterApply sets up the project filesystem. +func (c *generateCmd) AfterApply() error { + projFilePath, err := filepath.Abs(c.ProjectFile) + if err != nil { + return err + } + projDirPath := filepath.Dir(projFilePath) + c.projFS = afero.NewBasePathFs(afero.NewOsFs(), projDirPath) + + proj, err := projectfile.Parse(c.projFS, filepath.Base(c.ProjectFile)) + if err != nil { + return err + } + + c.proj = proj + c.apisFS = afero.NewBasePathFs(c.projFS, proj.Spec.Paths.APIs) + cacheDir := c.CacheDir + if cacheDir == "" { + cacheDir = dependency.DefaultCacheDir() + } + + client, err := clixpkg.NewClient( + clixpkg.NewRemoteFetcher(), + clixpkg.WithCacheDir(afero.NewOsFs(), cacheDir), + clixpkg.WithImageConfigs(proj.Spec.ImageConfigs), + ) + if err != nil { + return err + } + resolver := clixpkg.NewResolver(client) + + c.depManager = dependency.NewManager(proj, c.projFS, + dependency.WithProjectFile(filepath.Base(c.ProjectFile)), + dependency.WithXpkgClient(client), + dependency.WithResolver(resolver), + ) + return nil +} + +func (c *generateCmd) Run(sp terminal.SpinnerPrinter) error { + ctx := context.Background() + + if err := sp.WrapWithSuccessSpinner("Ensuring function-auto-ready dependency", func() error { + return c.ensureFunctionAutoReady(ctx) + }); err != nil { + return errors.Wrap(err, "failed to ensure function-auto-ready dependency") + } + + return sp.WrapWithSuccessSpinner("Writing Composition", func() error { + comp, plural, err := c.newComposition() + if err != nil { + return errors.Wrap(err, "failed to create Composition") + } + + compYAML, err := marshalComposition(comp) + if err != nil { + return errors.Wrap(err, "failed to marshal Composition to YAML") + } + + filePath := c.Path + if filePath == "" { + if c.Name != "" { + filePath = fmt.Sprintf("%s/composition-%s.yaml", strings.ToLower(plural), c.Name) + } else { + filePath = fmt.Sprintf("%s/composition.yaml", strings.ToLower(plural)) + } + } + + exists, err := afero.Exists(c.apisFS, filePath) + if err != nil { + return errors.Wrap(err, "failed to check if file exists") + } + if exists { + return errors.Errorf("file %q already exists, use --path to specify a different output path or delete the existing file", filePath) + } + + if err := c.apisFS.MkdirAll(filepath.Dir(filePath), 0o755); err != nil { + return errors.Wrap(err, "failed to create directories for the specified output path") + } + + return afero.WriteFile(c.apisFS, filePath, compYAML, 0o644) + }) +} + +func (c *generateCmd) ensureFunctionAutoReady(ctx context.Context) error { + for _, dep := range c.proj.Spec.Dependencies { + if dep.Type == v1alpha1.DependencyTypeXpkg && dep.Xpkg != nil && dep.Xpkg.Package == functionAutoReadyPackage { + return nil + } + } + + return c.depManager.AddDependency(ctx, &v1alpha1.Dependency{ + Type: v1alpha1.DependencyTypeXpkg, + Xpkg: &v1alpha1.XpkgDependency{ + APIVersion: pkgv1.FunctionGroupVersionKind.GroupVersion().String(), + Kind: pkgv1.FunctionKind, + Package: functionAutoReadyPackage, + Version: ">=v0.0.0", + }, + }) +} + +func (c *generateCmd) newComposition() (*apiextv1.Composition, string, error) { + group, version, kind, plural, err := c.processXRD() + if err != nil { + return nil, "", errors.Wrap(err, "failed to load XRD") + } + + name := strings.ToLower(fmt.Sprintf("%s.%s", plural, group)) + if c.Name != "" { + name = strings.ToLower(fmt.Sprintf("%s.%s.%s", c.Name, plural, group)) + } + + comp := &apiextv1.Composition{ + TypeMeta: metav1.TypeMeta{ + APIVersion: apiextv1.CompositionGroupVersionKind.GroupVersion().String(), + Kind: apiextv1.CompositionGroupVersionKind.Kind, + }, + ObjectMeta: metav1.ObjectMeta{ + Name: name, + }, + Spec: apiextv1.CompositionSpec{ + CompositeTypeRef: apiextv1.TypeReference{ + APIVersion: fmt.Sprintf("%s/%s", group, version), + Kind: kind, + }, + Mode: apiextv1.CompositionModePipeline, + Pipeline: []apiextv1.PipelineStep{ + { + Step: functionAutoReadyName, + FunctionRef: apiextv1.FunctionReference{ + Name: xpkg.ToDNSLabel(functionAutoReadyName), + }, + }, + }, + }, + } + + return comp, plural, nil +} + +func (c *generateCmd) processXRD() (group, version, kind, plural string, err error) { + raw, err := afero.ReadFile(c.projFS, c.XRD) + if err != nil { + return "", "", "", "", errors.Wrapf(err, "failed to read XRD file %s", c.XRD) + } + + var xrd v2.CompositeResourceDefinition + if err := yaml.Unmarshal(raw, &xrd); err != nil { + return "", "", "", "", errors.Wrap(err, "failed to unmarshal XRD") + } + + if xrd.Spec.Group == "" { + return "", "", "", "", errors.New("XRD spec.group is required") + } + if xrd.Spec.Names.Kind == "" { + return "", "", "", "", errors.New("XRD spec.names.kind is required") + } + + group = xrd.Spec.Group + kind = xrd.Spec.Names.Kind + plural = xrd.Spec.Names.Plural + if c.Plural != "" { + plural = c.Plural + } + + // Find the version that is served and referenceable. + for _, v := range xrd.Spec.Versions { + if v.Served && v.Referenceable { + version = v.Name + break + } + } + if version == "" { + return "", "", "", "", errors.New("no served and referenceable version found in XRD") + } + + return group, version, kind, plural, nil +} + +// marshalComposition marshals a Composition to YAML, removing creationTimestamp and status. +func marshalComposition(obj any) ([]byte, error) { + unst, err := runtime.DefaultUnstructuredConverter.ToUnstructured(obj) + if err != nil { + return nil, errors.Wrap(err, "cannot convert composition to output format") + } + + unstructured.RemoveNestedField(unst, "status") + unstructured.RemoveNestedField(unst, "metadata", "creationTimestamp") + + data, err := yaml.Marshal(unst) + if err != nil { + return nil, errors.Wrap(err, "cannot marshal composition to YAML") + } + return data, nil +} diff --git a/cmd/crossplane/composition/generate_test.go b/cmd/crossplane/composition/generate_test.go new file mode 100644 index 0000000..e3dfbe1 --- /dev/null +++ b/cmd/crossplane/composition/generate_test.go @@ -0,0 +1,243 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package composition + +import ( + "context" + "io" + "strings" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/spf13/afero" + "sigs.k8s.io/yaml" + + apiextv1 "github.com/crossplane/crossplane/apis/v2/apiextensions/v1" + + "github.com/crossplane/cli/v2/apis/dev/v1alpha1" + "github.com/crossplane/cli/v2/internal/terminal" +) + +const testProjectYAML = `apiVersion: dev.crossplane.io/v1alpha1 +kind: Project +metadata: + name: test-project +spec: + paths: + apis: apis +` + +const testXRDYAML = `apiVersion: apiextensions.crossplane.io/v2 +kind: CompositeResourceDefinition +metadata: + name: xexamples.example.org +spec: + group: example.org + names: + kind: XExample + plural: xexamples + versions: + - name: v1alpha1 + served: true + referenceable: true + schema: + openAPIV3Schema: + type: object +` + +// testProjectWithAutoReady returns a Project that already has +// function-auto-ready in dependencies, so ensureFunctionAutoReady is a no-op +// without needing a real dependency manager. +func testProjectWithAutoReady() *v1alpha1.Project { + return &v1alpha1.Project{ + Spec: v1alpha1.ProjectSpec{ + Paths: &v1alpha1.ProjectPaths{ + APIs: "apis", + }, + Dependencies: []v1alpha1.Dependency{ + { + Type: v1alpha1.DependencyTypeXpkg, + Xpkg: &v1alpha1.XpkgDependency{ + Package: functionAutoReadyPackage, + Version: ">=v0.0.0", + }, + }, + }, + }, + } +} + +func setupTestFS(t *testing.T) (afero.Fs, afero.Fs) { + t.Helper() + fs := afero.NewMemMapFs() + _ = afero.WriteFile(fs, "crossplane-project.yaml", []byte(testProjectYAML), 0o644) + _ = fs.MkdirAll("apis/xexamples", 0o755) + _ = afero.WriteFile(fs, "apis/xexamples/definition.yaml", []byte(testXRDYAML), 0o644) + return fs, afero.NewBasePathFs(fs, "apis") +} + +func TestGenerateComposition(t *testing.T) { + type want struct { + file string + compName string + apiVersion string + kind string + mode apiextv1.CompositionMode + pipelineLen int + firstStep string + errSubstring string + } + + cases := map[string]struct { + name string + plural string + preExisting map[string]string + want want + }{ + "Default": { + want: want{ + file: "xexamples/composition.yaml", + compName: "xexamples.example.org", + apiVersion: "example.org/v1alpha1", + kind: "XExample", + mode: apiextv1.CompositionModePipeline, + pipelineLen: 1, + firstStep: functionAutoReadyName, + }, + }, + "WithName": { + name: "aws", + want: want{ + file: "xexamples/composition-aws.yaml", + compName: "aws.xexamples.example.org", + }, + }, + "WithCustomPlural": { + plural: "xthings", + want: want{ + file: "xthings/composition.yaml", + compName: "xthings.example.org", + }, + }, + "FileAlreadyExists": { + preExisting: map[string]string{ + "apis/xexamples/composition.yaml": "existing", + }, + want: want{ + errSubstring: "already exists", + }, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + fs, apisFS := setupTestFS(t) + for path, content := range tc.preExisting { + _ = afero.WriteFile(fs, path, []byte(content), 0o644) + } + + cmd := &generateCmd{ + XRD: "apis/xexamples/definition.yaml", + Name: tc.name, + Plural: tc.plural, + projFS: fs, + apisFS: apisFS, + proj: testProjectWithAutoReady(), + } + + err := cmd.Run(terminal.NewSpinnerPrinter(io.Discard, false)) + if tc.want.errSubstring != "" { + if err == nil { + t.Fatalf("expected error containing %q, got nil", tc.want.errSubstring) + } + if !strings.Contains(err.Error(), tc.want.errSubstring) { + t.Errorf("error = %q, want substring %q", err.Error(), tc.want.errSubstring) + } + return + } + if err != nil { + t.Fatal(err) + } + + exists, err := afero.Exists(apisFS, tc.want.file) + if err != nil { + t.Fatal(err) + } + if !exists { + t.Fatalf("expected %q to be created", tc.want.file) + } + + data, err := afero.ReadFile(apisFS, tc.want.file) + if err != nil { + t.Fatal(err) + } + + var comp apiextv1.Composition + if err := yaml.Unmarshal(data, &comp); err != nil { + t.Fatal(err) + } + + if diff := cmp.Diff(tc.want.compName, comp.Name); diff != "" { + t.Errorf("name mismatch (-want +got):\n%s", diff) + } + if tc.want.apiVersion != "" { + if diff := cmp.Diff(tc.want.apiVersion, comp.Spec.CompositeTypeRef.APIVersion); diff != "" { + t.Errorf("apiVersion mismatch (-want +got):\n%s", diff) + } + } + if tc.want.kind != "" { + if diff := cmp.Diff(tc.want.kind, comp.Spec.CompositeTypeRef.Kind); diff != "" { + t.Errorf("kind mismatch (-want +got):\n%s", diff) + } + } + if tc.want.mode != "" { + if diff := cmp.Diff(tc.want.mode, comp.Spec.Mode); diff != "" { + t.Errorf("mode mismatch (-want +got):\n%s", diff) + } + } + if tc.want.pipelineLen > 0 { + if len(comp.Spec.Pipeline) != tc.want.pipelineLen { + t.Fatalf("pipeline len = %d, want %d", len(comp.Spec.Pipeline), tc.want.pipelineLen) + } + if diff := cmp.Diff(tc.want.firstStep, comp.Spec.Pipeline[0].Step); diff != "" { + t.Errorf("first step mismatch (-want +got):\n%s", diff) + } + } + }) + } +} + +func TestEnsureFunctionAutoReady(t *testing.T) { + cases := map[string]struct { + proj *v1alpha1.Project + }{ + // depManager is nil — if ensureFunctionAutoReady doesn't short-circuit, + // it will panic, which is the desired failure mode for this test. + "AlreadyExists": { + proj: testProjectWithAutoReady(), + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + cmd := &generateCmd{proj: tc.proj} + if err := cmd.ensureFunctionAutoReady(context.Background()); err != nil { + t.Fatalf("unexpected error: %v", err) + } + }) + } +} diff --git a/cmd/crossplane/dependency/add.go b/cmd/crossplane/dependency/add.go new file mode 100644 index 0000000..e1419b0 --- /dev/null +++ b/cmd/crossplane/dependency/add.go @@ -0,0 +1,175 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package dependency + +import ( + "context" + "path/filepath" + "strings" + + "github.com/google/go-containerregistry/pkg/name" + "github.com/spf13/afero" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/logging" + + "github.com/crossplane/cli/v2/apis/dev/v1alpha1" + "github.com/crossplane/cli/v2/internal/dependency" + "github.com/crossplane/cli/v2/internal/project/projectfile" + "github.com/crossplane/cli/v2/internal/terminal" + clixpkg "github.com/crossplane/cli/v2/internal/xpkg" +) + +// addCmd adds a dependency to the current project. +type addCmd struct { + Package string `arg:"" help:"Package to be added (e.g. xpkg.crossplane.io/crossplane-contrib/provider-nop:v0.5.0, k8s:v1.33.0, a git repo URL, or an HTTP URL)."` + ProjectFile string `default:"crossplane-project.yaml" help:"Path to project definition file." short:"f"` + CacheDir string `env:"CROSSPLANE_XPKG_CACHE" help:"Directory for cached xpkg package contents." name:"cache-dir"` + + // Flags for specific dependency types. + APIOnly bool `help:"Mark an xpkg dependency as API-only (not a runtime dependency)." name:"api-only"` + GitRef string `help:"Git ref for CRD dependencies (branch, tag, or commit SHA)." name:"git-ref"` + GitPath string `help:"Path within the git repository for CRD dependencies." name:"git-path"` +} + +// Run executes the add command. +func (c *addCmd) Run(logger logging.Logger, sp terminal.SpinnerPrinter) error { + ctx := context.Background() + + projFilePath, err := filepath.Abs(c.ProjectFile) + if err != nil { + return err + } + projDirPath := filepath.Dir(projFilePath) + projFS := afero.NewBasePathFs(afero.NewOsFs(), projDirPath) + + proj, err := projectfile.Parse(projFS, filepath.Base(c.ProjectFile)) + if err != nil { + return err + } + + cacheDir := c.CacheDir + if cacheDir == "" { + cacheDir = dependency.DefaultCacheDir() + } + + client, err := clixpkg.NewClient( + clixpkg.NewRemoteFetcher(), + clixpkg.WithCacheDir(afero.NewOsFs(), cacheDir), + clixpkg.WithImageConfigs(proj.Spec.ImageConfigs), + ) + if err != nil { + return err + } + resolver := clixpkg.NewResolver(client) + + m := dependency.NewManager(proj, projFS, + dependency.WithProjectFile(c.ProjectFile), + dependency.WithXpkgClient(client), + dependency.WithResolver(resolver), + ) + + dep, err := c.buildDependency() + if err != nil { + return err + } + + desc := dependency.GetSourceDescription(dep) + logger.Debug("Adding dependency", "dependency", desc) + return sp.WrapWithSuccessSpinner("Adding "+desc, func() error { + return m.AddDependency(ctx, &dep) + }) +} + +func (c *addCmd) buildDependency() (v1alpha1.Dependency, error) { + // k8s dependency: k8s:vX.Y.Z + if version, found := strings.CutPrefix(c.Package, "k8s:"); found { + if version == "" { + return v1alpha1.Dependency{}, errors.New("k8s version is required (e.g., k8s:v1.33.0)") + } + if c.APIOnly { + return v1alpha1.Dependency{}, errors.New("--api-only is only valid for xpkg dependencies") + } + return v1alpha1.Dependency{ + Type: v1alpha1.DependencyTypeK8s, + K8s: &v1alpha1.K8sDependency{ + Version: version, + }, + }, nil + } + + // CRD dependency via git ref. + if c.GitRef != "" { + if c.Package == "" { + return v1alpha1.Dependency{}, errors.New("repository URL is required for git-based CRD dependencies") + } + if c.APIOnly { + return v1alpha1.Dependency{}, errors.New("--api-only is only valid for xpkg dependencies") + } + return v1alpha1.Dependency{ + Type: v1alpha1.DependencyTypeCRD, + Git: &v1alpha1.GitDependency{ + Repository: c.Package, + Ref: c.GitRef, + Path: c.GitPath, + }, + }, nil + } + + // CRD dependency via HTTP URL. + if strings.HasPrefix(c.Package, "http://") || strings.HasPrefix(c.Package, "https://") { + if c.APIOnly { + return v1alpha1.Dependency{}, errors.New("--api-only is only valid for xpkg dependencies") + } + return v1alpha1.Dependency{ + Type: v1alpha1.DependencyTypeCRD, + HTTP: &v1alpha1.HTTPDependency{ + URL: c.Package, + }, + }, nil + } + + // Default: xpkg dependency. We allow three formats: + // + // 1. registry.example.com/repo: + // 2. registry.example.com/repo@ + // 3. registry.example.com/repo (implies a semver constraint of '>=v0.0.0'). + pkg := c.Package + version := ">=v0.0.0" + if ref, err := name.NewDigest(c.Package, name.StrictValidation); err == nil { + pkg = ref.Context().String() + version = ref.DigestStr() + } else if repo, tag, ok := strings.Cut(c.Package, ":"); ok { + // NOTE(adamwg): This doesn't work properly if the dependency has a + // colon in the registry part for a port number (e.g., + // example.com:5000/my-repo:v1.2.3). But there's no easy way to handle + // that correctly in all cases (since we also allow + // `example.com:5000/my-repo, with no tag/constraint), so leave the + // corner case unhandled for now. + pkg = repo + version = tag + } + + return v1alpha1.Dependency{ + Type: v1alpha1.DependencyTypeXpkg, + Xpkg: &v1alpha1.XpkgDependency{ + Package: pkg, + Version: version, + APIOnly: c.APIOnly, + }, + }, nil +} diff --git a/cmd/crossplane/dependency/auth.go b/cmd/crossplane/dependency/auth.go new file mode 100644 index 0000000..2a3ecca --- /dev/null +++ b/cmd/crossplane/dependency/auth.go @@ -0,0 +1,37 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package dependency + +import ( + "github.com/go-git/go-git/v5/plumbing/transport" + "github.com/go-git/go-git/v5/plumbing/transport/http" +) + +type gitAuthProvider struct { + username string + token string +} + +func (g *gitAuthProvider) GetAuthMethod() (transport.AuthMethod, error) { + if g.token != "" { + return &http.BasicAuth{ + Username: g.username, + Password: g.token, + }, nil + } + return nil, nil +} diff --git a/cmd/crossplane/dependency/cache.go b/cmd/crossplane/dependency/cache.go new file mode 100644 index 0000000..e4ae378 --- /dev/null +++ b/cmd/crossplane/dependency/cache.go @@ -0,0 +1,137 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package dependency + +import ( + "context" + "fmt" + "path/filepath" + + "github.com/alecthomas/kong" + "github.com/spf13/afero" + + "github.com/crossplane/crossplane-runtime/v2/pkg/logging" + + "github.com/crossplane/cli/v2/internal/async" + "github.com/crossplane/cli/v2/internal/dependency" + "github.com/crossplane/cli/v2/internal/project/projectfile" + "github.com/crossplane/cli/v2/internal/terminal" + clixpkg "github.com/crossplane/cli/v2/internal/xpkg" +) + +// updateCacheCmd updates the dependency cache by regenerating all schemas. +type updateCacheCmd struct { + ProjectFile string `default:"crossplane-project.yaml" help:"Path to project definition file." short:"f"` + CacheDir string `env:"CROSSPLANE_XPKG_CACHE" help:"Directory for cached xpkg package contents." name:"cache-dir"` + GitToken string `env:"CROSSPLANE_GIT_TOKEN" help:"Token for git HTTPS authentication."` + GitUsername string `default:"x-access-token" env:"CROSSPLANE_GIT_USERNAME" help:"Username for git HTTPS authentication."` +} + +// Run executes the update-cache command. +func (c *updateCacheCmd) Run(logger logging.Logger, sp terminal.SpinnerPrinter) error { + ctx := context.Background() + + projFilePath, err := filepath.Abs(c.ProjectFile) + if err != nil { + return err + } + projDirPath := filepath.Dir(projFilePath) + projFS := afero.NewBasePathFs(afero.NewOsFs(), projDirPath) + + proj, err := projectfile.Parse(projFS, filepath.Base(c.ProjectFile)) + if err != nil { + return err + } + + cacheDir := c.CacheDir + if cacheDir == "" { + cacheDir = dependency.DefaultCacheDir() + } + + client, err := clixpkg.NewClient( + clixpkg.NewRemoteFetcher(), + clixpkg.WithCacheDir(afero.NewOsFs(), cacheDir), + clixpkg.WithImageConfigs(proj.Spec.ImageConfigs), + ) + if err != nil { + return err + } + resolver := clixpkg.NewResolver(client) + + opts := []dependency.ManagerOption{ + dependency.WithProjectFile(c.ProjectFile), + dependency.WithXpkgClient(client), + dependency.WithResolver(resolver), + } + + if c.GitToken != "" { + opts = append(opts, dependency.WithGitAuthProvider(&gitAuthProvider{ + username: c.GitUsername, + token: c.GitToken, + })) + } + + m := dependency.NewManager(proj, projFS, opts...) + + logger.Debug("Updating all dependencies") + return sp.WrapAsyncWithSuccessSpinners(func(ch async.EventChannel) error { + return m.RefreshAll(ctx, ch) + }) +} + +// cleanCacheCmd removes all generated schemas. +type cleanCacheCmd struct { + ProjectFile string `default:"crossplane-project.yaml" help:"Path to project definition file." short:"f"` + CacheDir string `env:"CROSSPLANE_XPKG_CACHE" help:"Directory for cached xpkg package contents." name:"cache-dir"` + KeepPackages bool `help:"Keep cached xpkg package contents; remove only generated schemas." name:"keep-packages"` +} + +// Run executes the clean-cache command. +func (c *cleanCacheCmd) Run(k *kong.Context, _ logging.Logger) error { + projFilePath, err := filepath.Abs(c.ProjectFile) + if err != nil { + return err + } + projDirPath := filepath.Dir(projFilePath) + projFS := afero.NewBasePathFs(afero.NewOsFs(), projDirPath) + + proj, err := projectfile.Parse(projFS, filepath.Base(c.ProjectFile)) + if err != nil { + return err + } + + m := dependency.NewManager(proj, projFS, + dependency.WithProjectFile(c.ProjectFile), + ) + + if err := m.Clean(); err != nil { + return err + } + + if !c.KeepPackages { + cacheDir := c.CacheDir + if cacheDir == "" { + cacheDir = dependency.DefaultCacheDir() + } + if err := dependency.CleanPackages(cacheDir, afero.NewOsFs()); err != nil { + return err + } + } + + fmt.Fprintln(k.Stdout, "Schema cache cleaned") //nolint:errcheck // TODO(adamwg): Clean up output. + return nil +} diff --git a/cmd/crossplane/dependency/dependency.go b/cmd/crossplane/dependency/dependency.go new file mode 100644 index 0000000..bbc46cf --- /dev/null +++ b/cmd/crossplane/dependency/dependency.go @@ -0,0 +1,25 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package dependency contains commands for managing project dependencies. +package dependency + +// Cmd contains commands for dependency management. +type Cmd struct { + Add addCmd `cmd:"" help:"Add a dependency to the current project."` + UpdateCache updateCacheCmd `cmd:"" help:"Update the dependency cache for the current project."` + CleanCache cleanCacheCmd `cmd:"" help:"Clean the dependency cache."` +} diff --git a/cmd/crossplane/function/function.go b/cmd/crossplane/function/function.go new file mode 100644 index 0000000..7ce0ae8 --- /dev/null +++ b/cmd/crossplane/function/function.go @@ -0,0 +1,23 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package function contains commands for working with Functions. +package function + +// Cmd contains Function subcommands. +type Cmd struct { + Generate generateCmd `cmd:"" help:"Generate a Function for a Composition."` +} diff --git a/cmd/crossplane/function/generate.go b/cmd/crossplane/function/generate.go new file mode 100644 index 0000000..a8ec2cc --- /dev/null +++ b/cmd/crossplane/function/generate.go @@ -0,0 +1,403 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package function + +import ( + "archive/tar" + "bytes" + "context" + "embed" + "fmt" + "io/fs" + "path" + "path/filepath" + "strings" + "text/template" + + "github.com/google/go-containerregistry/pkg/name" + "github.com/spf13/afero" + "github.com/spf13/afero/tarfs" + "golang.org/x/mod/module" + "k8s.io/apimachinery/pkg/util/validation" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg" + + v1alpha1 "github.com/crossplane/cli/v2/apis/dev/v1alpha1" + "github.com/crossplane/cli/v2/internal/filesystem" + "github.com/crossplane/cli/v2/internal/kcl" + "github.com/crossplane/cli/v2/internal/project/projectfile" + "github.com/crossplane/cli/v2/internal/schemas/generator" + "github.com/crossplane/cli/v2/internal/schemas/manager" + "github.com/crossplane/cli/v2/internal/schemas/runner" + "github.com/crossplane/cli/v2/internal/terminal" +) + +var ( + //go:embed templates/kcl/* + kclTemplates embed.FS + //go:embed all:templates/python + pythonTemplates embed.FS + //go:embed templates/go-templating/* + goTemplatingTemplates embed.FS + + // The go template contains a go.mod, so we can't embed it as an + // embed.FS. Instead we have to embed it as a tar archive and extract it + // in code. + //go:embed templates/go.tar + goTemplate []byte +) + +type generateCmd struct { + Name string `arg:"" help:"Name of the function to generate. Must be a valid DNS-1035 label."` + PipelinePath string `arg:"" help:"Path to a Composition YAML file to add a pipeline step to." optional:""` + Language string `default:"go-templating" enum:"go,go-templating,kcl,python" help:"Language to use for the function." short:"l"` + ProjectFile string `default:"crossplane-project.yaml" help:"Path to project definition file." short:"f"` + + projFS afero.Fs + functionsFS afero.Fs + schemasFS afero.Fs + proj *v1alpha1.Project + fsPath string + projectRepository string + projectSource string +} + +// AfterApply sets up the project filesystem. +func (c *generateCmd) AfterApply() error { + if errs := validation.IsDNS1035Label(c.Name); len(errs) > 0 { + return errors.Errorf("invalid function name %q: %s", c.Name, strings.Join(errs, "; ")) + } + + projFilePath, err := filepath.Abs(c.ProjectFile) + if err != nil { + return err + } + projDirPath := filepath.Dir(projFilePath) + c.projFS = afero.NewBasePathFs(afero.NewOsFs(), projDirPath) + + proj, err := projectfile.Parse(c.projFS, filepath.Base(c.ProjectFile)) + if err != nil { + return err + } + c.proj = proj + + c.functionsFS = afero.NewBasePathFs(c.projFS, proj.Spec.Paths.Functions) + c.schemasFS = afero.NewBasePathFs(c.projFS, proj.Spec.Paths.Schemas) + c.fsPath = path.Join(proj.Spec.Paths.Functions, c.Name) + c.projectRepository = proj.Spec.Repository + c.projectSource = proj.Spec.Source + return nil +} + +// Run generates a function scaffold. +func (c *generateCmd) Run(sp terminal.SpinnerPrinter) error { + if err := c.validatePaths(); err != nil { + return err + } + + ctx := context.Background() + apisFS := afero.NewBasePathFs(c.projFS, c.proj.Spec.Paths.APIs) + if c.proj.Spec.Paths.APIs == "/" { + apisFS = c.projFS + } + schemaMgr := manager.New( + c.schemasFS, + generator.AllLanguages(), + runner.NewRealSchemaRunner(runner.WithImageConfig(c.proj.Spec.ImageConfigs)), + ) + + if err := sp.WrapWithSuccessSpinner("Generating schemas", func() error { + _, err := schemaMgr.Generate(ctx, manager.NewFSSource(c.proj.Spec.Paths.APIs, apisFS)) + return err + }); err != nil { + return errors.Wrap(err, "failed to generate schemas") + } + + type generatorFunc func(afero.Fs) error + generators := map[string]generatorFunc{ + "go": c.generateGoFiles, + "go-templating": c.generateGoTemplatingFiles, + "kcl": c.generateKCLFiles, + "python": c.generatePythonFiles, + } + + generator, ok := generators[c.Language] + if !ok { + return errors.Errorf("unsupported language %q", c.Language) + } + + memFS := afero.NewMemMapFs() + if err := sp.WrapWithSuccessSpinner(fmt.Sprintf("Generating %s function", c.Language), func() error { + return generator(memFS) + }); err != nil { + return errors.Wrap(err, "cannot generate function files") + } + + if err := sp.WrapWithSuccessSpinner("Writing function files", func() error { + if err := copyFiles(memFS, c.functionsFS, c.Name); err != nil { + return errors.Wrap(err, "cannot write function files") + } + + if needsModelsSymlink(c.Language) { + symlinkPath := filepath.Join(c.proj.Spec.Paths.Functions, c.Name, "model") + schemasPath := filepath.Join(c.proj.Spec.Paths.Schemas, c.Language) + + projFS, ok := c.projFS.(*afero.BasePathFs) + if !ok { + return errors.Errorf("unexpected filesystem type %T for project", c.projFS) + } + + if err := filesystem.CreateSymlink(projFS, symlinkPath, projFS, schemasPath); err != nil { + return errors.Wrapf(err, "cannot create models symlink") + } + } + return nil + }); err != nil { + return err + } + + if c.PipelinePath != "" { + if err := sp.WrapWithSuccessSpinner("Adding pipeline step to composition", func() error { + repo, err := name.NewRepository(c.projectRepository + "_" + c.Name) + if err != nil { + return errors.Wrapf(err, "cannot build function reference from repository %q", c.projectRepository) + } + functionRef := xpkg.ToDNSLabel(repo.RepositoryStr()) + return addStepToComposition(c.projFS, c.PipelinePath, c.Name, functionRef) + }); err != nil { + return errors.Wrap(err, "cannot add pipeline step to composition") + } + } + + return nil +} + +func (c *generateCmd) validatePaths() error { + if c.PipelinePath != "" { + exists, err := afero.Exists(c.projFS, c.PipelinePath) + if err != nil { + return errors.Wrapf(err, "cannot check pipeline path %q", c.PipelinePath) + } + if !exists { + return errors.Errorf("pipeline path %q does not exist", c.PipelinePath) + } + } + + exists, err := afero.DirExists(c.functionsFS, c.Name) + if err != nil { + return errors.Wrapf(err, "cannot check function directory %q", c.Name) + } + if exists { + empty, err := afero.IsEmpty(c.functionsFS, c.Name) + if err != nil { + return errors.Wrapf(err, "cannot check function directory %q", c.Name) + } + if !empty { + return errors.Errorf("function directory %q already exists and is not empty", c.Name) + } + } + + return nil +} + +func needsModelsSymlink(language string) bool { + return language == "kcl" +} + +type kclTemplateData struct { + ModName string + Imports []kclImportStatement +} + +type kclImportStatement struct { + ImportPath string + Alias string +} + +func (c *generateCmd) generateKCLFiles(fs afero.Fs) error { + tmpls := template.Must(template.ParseFS(kclTemplates, "templates/kcl/*")) + + foundFolders, _ := filesystem.FindNestedFoldersWithPattern(c.schemasFS, "kcl", "*.k") + + imports := kcl.FormatKclImportPaths(foundFolders) + importStatements := make([]kclImportStatement, 0, len(imports)) + for alias, path := range imports { + importStatements = append(importStatements, kclImportStatement{ + ImportPath: path, + Alias: alias, + }) + } + + tmplData := kclTemplateData{ + ModName: c.Name, + Imports: importStatements, + } + + return renderTemplates(fs, tmpls, tmplData) +} + +type pythonTemplateData struct { + HasSchemas bool + SchemasPath string +} + +func (c *generateCmd) generatePythonFiles(targetFS afero.Fs) error { + hasSchemas, _ := afero.DirExists(c.schemasFS, "python") + if hasSchemas { + entries, err := afero.ReadDir(c.schemasFS, "python") + if err != nil { + return errors.Wrap(err, "cannot read python schemas directory") + } + hasSchemas = len(entries) > 0 + } + + // Compute the relative path from the function dir to schemas/python/. + fnDir := filepath.Join("/", c.proj.Spec.Paths.Functions, c.Name) + relRoot, err := filepath.Rel(fnDir, "/") + if err != nil { + return errors.Wrap(err, "cannot determine path to schemas directory") + } + schemasPath := filepath.ToSlash(filepath.Join(relRoot, c.proj.Spec.Paths.Schemas, "python")) + + // template.ParseFS doesn't handle subdirectories, so we need to template + // the top-level directory and the 'function' sub-directory separately. + data := pythonTemplateData{ + HasSchemas: hasSchemas, + SchemasPath: schemasPath, + } + tmpls := template.Must(template.ParseFS(pythonTemplates, "templates/python/*.*")) + if err := renderTemplates(targetFS, tmpls, data); err != nil { + return err + } + + if err := targetFS.Mkdir("function", 0o755); err != nil { + return errors.Wrap(err, "cannot create function directory") + } + tmpls = template.Must(template.ParseFS(pythonTemplates, "templates/python/function/*.*")) + return renderTemplates(afero.NewBasePathFs(targetFS, "function"), tmpls, data) +} + +type goTemplateData struct { + ModulePath string + Imports []goImport +} + +type goImport struct { + Module string + Version string + Replace string +} + +func (c *generateCmd) generateGoFiles(fs afero.Fs) error { + source := strings.TrimPrefix(c.projectSource, "https://") + goModPath := path.Join(source, "functions", c.Name) + if source == "" || module.CheckPath(goModPath) != nil { + goModPath = c.projectRepository + "/" + c.Name + } + if module.CheckPath(goModPath) != nil { + goModPath = "project.example.com/functions/" + c.Name + } + + // Compute relative path from the function dir to schemas/go/. + fnDir := filepath.Join("/", c.proj.Spec.Paths.Functions, c.Name) + relRoot, err := filepath.Rel(fnDir, "/") + if err != nil { + return errors.Wrap(err, "cannot determine path to models directory") + } + + var imports []goImport + schemasGoPath := filepath.Join(relRoot, c.proj.Spec.Paths.Schemas, "go") + hasSchemas, _ := afero.DirExists(c.schemasFS, "go") + if hasSchemas { + imports = []goImport{{ + Module: "dev.crossplane.io/models", + Version: "v0.0.0", + Replace: schemasGoPath, + }} + } + + tr := tar.NewReader(bytes.NewReader(goTemplate)) + templateFS := afero.NewIOFS(tarfs.New(tr)) + + tmpls := template.Must(template.ParseFS(templateFS, "*")) + tmplData := goTemplateData{ + ModulePath: goModPath, + Imports: imports, + } + + return renderTemplates(fs, tmpls, tmplData) +} + +type goTemplatingTemplateData struct { + ModelIndexPath string +} + +func (c *generateCmd) generateGoTemplatingFiles(fs afero.Fs) error { + var modelPath string + indexExists, _ := afero.Exists(c.schemasFS, "json/index.schema.json") + if indexExists { + var err error + modelPath, err = filepath.Rel(c.fsPath, "schemas/json/index.schema.json") + if err != nil { + return errors.Wrap(err, "cannot determine model path") + } + } + + tmpls := template.Must(template.ParseFS(goTemplatingTemplates, "templates/go-templating/*")) + tmplData := goTemplatingTemplateData{ + ModelIndexPath: modelPath, + } + + return renderTemplates(fs, tmpls, tmplData) +} + +func renderTemplates(targetFS afero.Fs, tmpls *template.Template, data any) error { + for _, tmpl := range tmpls.Templates() { + fname := tmpl.Name() + // Strip .tmpl suffix from output filename. + outName := strings.TrimSuffix(fname, ".tmpl") + + file, err := targetFS.Create(filepath.Clean(outName)) + if err != nil { + return errors.Wrapf(err, "cannot create file %s", outName) + } + if err := tmpl.Execute(file, data); err != nil { + return errors.Wrapf(err, "cannot render template %s", fname) + } + if err := file.Close(); err != nil { + return errors.Wrapf(err, "cannot close file %s", outName) + } + } + return nil +} + +func copyFiles(src, dst afero.Fs, dstDir string) error { + return afero.Walk(src, "", func(p string, info fs.FileInfo, err error) error { + if err != nil { + return err + } + if info.IsDir() { + return dst.MkdirAll(path.Join(dstDir, p), 0o755) + } + data, err := afero.ReadFile(src, p) + if err != nil { + return err + } + return afero.WriteFile(dst, path.Join(dstDir, p), data, 0o644) + }) +} diff --git a/cmd/crossplane/function/generate_test.go b/cmd/crossplane/function/generate_test.go new file mode 100644 index 0000000..eee1372 --- /dev/null +++ b/cmd/crossplane/function/generate_test.go @@ -0,0 +1,473 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package function + +import ( + "bytes" + "io" + "strings" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/spf13/afero" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/yaml" + + apiextv1 "github.com/crossplane/crossplane/apis/v2/apiextensions/v1" + + v1alpha1 "github.com/crossplane/cli/v2/apis/dev/v1alpha1" + "github.com/crossplane/cli/v2/internal/terminal" +) + +func testProject() *v1alpha1.Project { + return &v1alpha1.Project{ + Spec: v1alpha1.ProjectSpec{ + Paths: &v1alpha1.ProjectPaths{ + Functions: "functions", + Schemas: "schemas", + }, + }, + } +} + +// seedFS returns a fresh MemMapFs populated with the given files. A nil byte +// slice creates an empty file. +func seedFS(t *testing.T, files map[string][]byte) afero.Fs { + t.Helper() + fs := afero.NewMemMapFs() + for path, content := range files { + dir := path[:strings.LastIndex(path, "/")+1] + if dir != "" { + _ = fs.MkdirAll(strings.TrimSuffix(dir, "/"), 0o755) + } + _ = afero.WriteFile(fs, path, content, 0o644) + } + return fs +} + +func assertFiles(t *testing.T, fs afero.Fs, paths []string) { + t.Helper() + for _, f := range paths { + exists, err := afero.Exists(fs, f) + if err != nil { + t.Fatal(err) + } + if !exists { + t.Errorf("expected file %q to exist", f) + } + } +} + +func assertContains(t *testing.T, fs afero.Fs, contains, notContains map[string][]byte) { + t.Helper() + for path, want := range contains { + data, err := afero.ReadFile(fs, path) + if err != nil { + t.Fatalf("read %s: %v", path, err) + } + if !bytes.Contains(data, want) { + t.Errorf("%s: missing %q\ngot:\n%s", path, want, data) + } + } + for path, want := range notContains { + data, err := afero.ReadFile(fs, path) + if err != nil { + t.Fatalf("read %s: %v", path, err) + } + if bytes.Contains(data, want) { + t.Errorf("%s: should not contain %q\ngot:\n%s", path, want, data) + } + } +} + +func TestGenerateGoTemplatingFiles(t *testing.T) { + cases := map[string]struct { + seedSchemas map[string][]byte + wantFiles []string + wantContains map[string][]byte + wantNotContains map[string][]byte + }{ + "NoSchema": { + wantFiles: []string{"00-prelude.yaml.gotmpl", "01-compose.yaml.gotmpl"}, + }, + "WithSchema": { + seedSchemas: map[string][]byte{ + "json/index.schema.json": []byte("{}"), + }, + wantFiles: []string{"00-prelude.yaml.gotmpl", "01-compose.yaml.gotmpl"}, + wantContains: map[string][]byte{ + "01-compose.yaml.gotmpl": []byte("yaml-language-server"), + }, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + c := &generateCmd{ + Name: "my-func", + schemasFS: seedFS(t, tc.seedSchemas), + fsPath: "functions/my-func", + } + fs := afero.NewMemMapFs() + if err := c.generateGoTemplatingFiles(fs); err != nil { + t.Fatal(err) + } + assertFiles(t, fs, tc.wantFiles) + assertContains(t, fs, tc.wantContains, tc.wantNotContains) + }) + } +} + +func TestGenerateKCLFiles(t *testing.T) { + cases := map[string]struct { + seedSchemas map[string][]byte + wantFiles []string + wantContains map[string][]byte + wantNotContains map[string][]byte + }{ + "NoSchemas": { + wantFiles: []string{"main.k", "kcl.mod", "kcl.mod.lock"}, + wantContains: map[string][]byte{ + "kcl.mod": []byte(`name = "my-func"`), + }, + wantNotContains: map[string][]byte{ + "kcl.mod": []byte("[dependencies]"), + }, + }, + "WithSchemas": { + seedSchemas: map[string][]byte{ + "kcl/io/example/aws/ec2/v1beta1/res.k": []byte("schema Bucket:"), + "kcl/io/example/aws/s3/v1beta2/res.k": []byte("schema Bucket:"), + }, + wantFiles: []string{"main.k", "kcl.mod", "kcl.mod.lock"}, + wantContains: map[string][]byte{ + "main.k": []byte("import models.io.example.aws.ec2.v1beta1 as ec2v1beta1"), + "kcl.mod": []byte(`models = { path = "./model" }`), + }, + }, + "WithSchemasS3Import": { + seedSchemas: map[string][]byte{ + "kcl/io/example/aws/s3/v1beta2/res.k": []byte("schema Bucket:"), + }, + wantContains: map[string][]byte{ + "main.k": []byte("import models.io.example.aws.s3.v1beta2 as s3v1beta2"), + }, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + c := &generateCmd{ + Name: "my-func", + schemasFS: seedFS(t, tc.seedSchemas), + } + fs := afero.NewMemMapFs() + if err := c.generateKCLFiles(fs); err != nil { + t.Fatal(err) + } + assertFiles(t, fs, tc.wantFiles) + assertContains(t, fs, tc.wantContains, tc.wantNotContains) + }) + } +} + +func TestGeneratePythonFiles(t *testing.T) { + cases := map[string]struct { + seedSchemas map[string][]byte + wantFiles []string + wantContains map[string][]byte + wantNotContains map[string][]byte + }{ + "NoSchemas": { + wantFiles: []string{ + "README.md", + "pyproject.toml", + "function/__init__.py", + "function/__version__.py", + "function/main.py", + "function/fn.py", + }, + wantNotContains: map[string][]byte{ + "pyproject.toml": []byte("crossplane-models"), + }, + }, + "WithSchemas": { + seedSchemas: map[string][]byte{ + "python/io/example/aws/v1beta1/__init__.py": nil, + }, + wantContains: map[string][]byte{ + "pyproject.toml": []byte("crossplane-models @ file:./../../schemas/python"), + }, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + c := &generateCmd{ + Name: "my-func", + schemasFS: seedFS(t, tc.seedSchemas), + proj: testProject(), + } + fs := afero.NewMemMapFs() + if err := c.generatePythonFiles(fs); err != nil { + t.Fatal(err) + } + assertFiles(t, fs, tc.wantFiles) + assertContains(t, fs, tc.wantContains, tc.wantNotContains) + }) + } +} + +func TestGenerateGoFiles(t *testing.T) { + cases := map[string]struct { + seedSchemas map[string][]byte + wantFiles []string + wantContains map[string][]byte + }{ + "NoSchemas": { + wantFiles: []string{"main.go", "fn.go", "fn_test.go", "go.mod", "go.sum"}, + wantContains: map[string][]byte{ + "go.mod": []byte("github.com/example/my-project"), + }, + }, + "WithSchemas": { + seedSchemas: map[string][]byte{ + "go/.keep": nil, + }, + wantContains: map[string][]byte{ + "go.mod": []byte("dev.crossplane.io/models"), + }, + }, + "WithSchemasReplace": { + seedSchemas: map[string][]byte{ + "go/.keep": nil, + }, + wantContains: map[string][]byte{ + "go.mod": []byte("replace dev.crossplane.io/models"), + }, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + schemasFS := seedFS(t, tc.seedSchemas) + // Tests that probe for the schemas dir need it to exist; an empty + // MemMapFs has no entries, so create the dir explicitly. + if len(tc.seedSchemas) > 0 { + _ = schemasFS.MkdirAll("go", 0o755) + } + + c := &generateCmd{ + Name: "my-func", + projectSource: "github.com/example/my-project", + schemasFS: schemasFS, + proj: testProject(), + } + fs := afero.NewMemMapFs() + if err := c.generateGoFiles(fs); err != nil { + t.Fatal(err) + } + assertFiles(t, fs, tc.wantFiles) + assertContains(t, fs, tc.wantContains, nil) + }) + } +} + +func TestRunErrors(t *testing.T) { + cases := map[string]struct { + name string + language string + seedFunctionsFS map[string][]byte + stage string // "afterApply" or "run" + wantErrSubstring string + }{ + "InvalidName": { + name: "INVALID_NAME", + stage: "afterApply", + wantErrSubstring: "invalid function name", + }, + "DirectoryNotEmpty": { + name: "my-func", + language: "go-templating", + seedFunctionsFS: map[string][]byte{ + "my-func/existing.txt": []byte("data"), + }, + stage: "run", + wantErrSubstring: "already exists and is not empty", + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + c := &generateCmd{ + Name: tc.name, + Language: tc.language, + functionsFS: seedFS(t, tc.seedFunctionsFS), + projFS: afero.NewMemMapFs(), + } + var err error + switch tc.stage { + case "afterApply": + err = c.AfterApply() + case "run": + err = c.Run(terminal.NewSpinnerPrinter(io.Discard, false)) + } + if err == nil { + t.Fatalf("expected error containing %q, got nil", tc.wantErrSubstring) + } + if !strings.Contains(err.Error(), tc.wantErrSubstring) { + t.Errorf("error = %q, want substring %q", err.Error(), tc.wantErrSubstring) + } + }) + } +} + +func TestAddCompositionStep(t *testing.T) { + cases := map[string]struct { + start []apiextv1.PipelineStep + step string + fnRef string + wantLen int + wantFirstStep string + wantFirstFn string + }{ + "PrependsToExisting": { + start: []apiextv1.PipelineStep{ + { + Step: "existing", + FunctionRef: apiextv1.FunctionReference{Name: "existing-fn"}, + }, + }, + step: "my-func", + fnRef: "my-fn-ref", + wantLen: 2, + wantFirstStep: "my-func", + wantFirstFn: "my-fn-ref", + }, + "DedupsWhenAlreadyPresent": { + start: []apiextv1.PipelineStep{ + { + Step: "my-func", + FunctionRef: apiextv1.FunctionReference{Name: "my-fn-ref"}, + }, + }, + step: "my-func", + fnRef: "my-fn-ref", + wantLen: 1, + wantFirstStep: "my-func", + wantFirstFn: "my-fn-ref", + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + comp := &apiextv1.Composition{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "apiextensions.crossplane.io/v1", + Kind: "Composition", + }, + Spec: apiextv1.CompositionSpec{ + Pipeline: tc.start, + }, + } + if err := addCompositionStep(comp, tc.step, tc.fnRef); err != nil { + t.Fatal(err) + } + if len(comp.Spec.Pipeline) != tc.wantLen { + t.Fatalf("pipeline len = %d, want %d", len(comp.Spec.Pipeline), tc.wantLen) + } + if diff := cmp.Diff(tc.wantFirstStep, comp.Spec.Pipeline[0].Step); diff != "" { + t.Errorf("first step mismatch (-want +got):\n%s", diff) + } + if diff := cmp.Diff(tc.wantFirstFn, comp.Spec.Pipeline[0].FunctionRef.Name); diff != "" { + t.Errorf("first functionRef mismatch (-want +got):\n%s", diff) + } + }) + } +} + +func TestAddStepToComposition(t *testing.T) { + cases := map[string]struct { + comp *apiextv1.Composition + step string + fnRef string + wantLen int + wantFirstStep string + }{ + "PrependsAndPersists": { + comp: &apiextv1.Composition{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "apiextensions.crossplane.io/v1", + Kind: "Composition", + }, + ObjectMeta: metav1.ObjectMeta{Name: "test-comp"}, + Spec: apiextv1.CompositionSpec{ + CompositeTypeRef: apiextv1.TypeReference{ + APIVersion: "example.org/v1", + Kind: "XExample", + }, + Mode: apiextv1.CompositionModePipeline, + Pipeline: []apiextv1.PipelineStep{ + { + Step: "auto-ready", + FunctionRef: apiextv1.FunctionReference{Name: "crossplane-contrib-function-auto-ready"}, + }, + }, + }, + }, + step: "my-func", + fnRef: "my-fn-ref", + wantLen: 2, + wantFirstStep: "my-func", + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + compYAML, err := yaml.Marshal(tc.comp) + if err != nil { + t.Fatal(err) + } + + fs := afero.NewMemMapFs() + if err := afero.WriteFile(fs, "composition.yaml", compYAML, 0o644); err != nil { + t.Fatal(err) + } + + if err := addStepToComposition(fs, "composition.yaml", tc.step, tc.fnRef); err != nil { + t.Fatal(err) + } + + data, err := afero.ReadFile(fs, "composition.yaml") + if err != nil { + t.Fatal(err) + } + + var result apiextv1.Composition + if err := yaml.Unmarshal(data, &result); err != nil { + t.Fatal(err) + } + + if len(result.Spec.Pipeline) != tc.wantLen { + t.Fatalf("pipeline len = %d, want %d", len(result.Spec.Pipeline), tc.wantLen) + } + if diff := cmp.Diff(tc.wantFirstStep, result.Spec.Pipeline[0].Step); diff != "" { + t.Errorf("first step mismatch (-want +got):\n%s", diff) + } + }) + } +} diff --git a/cmd/crossplane/function/pipeline.go b/cmd/crossplane/function/pipeline.go new file mode 100644 index 0000000..a92ca7f --- /dev/null +++ b/cmd/crossplane/function/pipeline.go @@ -0,0 +1,89 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package function + +import ( + "github.com/spf13/afero" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/yaml" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + + apiextv1 "github.com/crossplane/crossplane/apis/v2/apiextensions/v1" +) + +func addStepToComposition(fs afero.Fs, path, stepName, functionRef string) error { + comp, err := readAndUnmarshalComposition(fs, path) + if err != nil { + return err + } + + if err := addCompositionStep(comp, stepName, functionRef); err != nil { + return err + } + + data, err := marshalComposition(comp) + if err != nil { + return errors.Wrap(err, "cannot marshal composition") + } + + return afero.WriteFile(fs, path, data, 0o644) +} + +func addCompositionStep(comp *apiextv1.Composition, stepName, functionRef string) error { + for _, step := range comp.Spec.Pipeline { + if step.Step == stepName && step.FunctionRef.Name == functionRef { + return nil // already exists + } + } + + step := apiextv1.PipelineStep{ + Step: stepName, + FunctionRef: apiextv1.FunctionReference{ + Name: functionRef, + }, + } + + comp.Spec.Pipeline = append([]apiextv1.PipelineStep{step}, comp.Spec.Pipeline...) + return nil +} + +func readAndUnmarshalComposition(fs afero.Fs, path string) (*apiextv1.Composition, error) { + data, err := afero.ReadFile(fs, path) + if err != nil { + return nil, errors.Wrapf(err, "cannot read composition at %q", path) + } + + var comp apiextv1.Composition + if err := yaml.Unmarshal(data, &comp); err != nil { + return nil, errors.Wrap(err, "cannot unmarshal composition") + } + return &comp, nil +} + +func marshalComposition(obj any) ([]byte, error) { + unst, err := runtime.DefaultUnstructuredConverter.ToUnstructured(obj) + if err != nil { + return nil, err + } + + unstructured.RemoveNestedField(unst, "status") + unstructured.RemoveNestedField(unst, "metadata", "creationTimestamp") + + return yaml.Marshal(unst) +} diff --git a/cmd/crossplane/function/templates/go-templating/00-prelude.yaml.gotmpl b/cmd/crossplane/function/templates/go-templating/00-prelude.yaml.gotmpl new file mode 100644 index 0000000..c67ec6e --- /dev/null +++ b/cmd/crossplane/function/templates/go-templating/00-prelude.yaml.gotmpl @@ -0,0 +1,4 @@ +{{ print `# Get the observed composite resource into a variable. This can be used in any +# subsequent templates. +{{ $xr := getCompositeResource . }} +` }} diff --git a/cmd/crossplane/function/templates/go-templating/01-compose.yaml.gotmpl b/cmd/crossplane/function/templates/go-templating/01-compose.yaml.gotmpl new file mode 100644 index 0000000..d6bb114 --- /dev/null +++ b/cmd/crossplane/function/templates/go-templating/01-compose.yaml.gotmpl @@ -0,0 +1,24 @@ +{{- if .ModelIndexPath -}} +# code: language=yaml +# yaml-language-server: $schema={{- .ModelIndexPath }} +{{ end -}} +{{ print ` +# Write your composed resources here. You can use any of the features described +# in this documentation: +# https://github.com/crossplane-contrib/function-go-templating?tab=readme-ov-file#using-this-function +# +# Example: +# +# --- +# apiVersion: nop.crossplane.io/v1alpha1 +# kind: NopResource +# metadata: +# annotations: +# {{ setResourceNameAnnotation "example" }} +# spec: +# forProvider: +# conditionAfter: +# - conditionType: Ready +# conditionStatus: "True" +# time: 5s +` }} diff --git a/cmd/crossplane/function/templates/go.tar b/cmd/crossplane/function/templates/go.tar new file mode 100644 index 0000000000000000000000000000000000000000..1720727f8a7c4d55a2218766f3a0bc6a64f2fdf8 GIT binary patch literal 40960 zcmeIbd6VNfvM2cdt@;$2T${0~R!8u@YVEC=C{Yw8ijt_4+F9$zn-ov+5J|Q5cOR!B zqLPX$v#Ptt#?~_1x5lk17j$(`?LKDM=|n0 zFbbnclw!#Cdkn=0>_2+wzZcdM^)fH?tk?Swy>dTo?pxn~TKWInFH_wNbl2`hx*z}i zvmd2NR`h=P`KK>t5*Kz|eEAtZyME!7#-o`;h?ymMo`!mCBTgBcg`dO^xfMLP2@)o* z>&NbwpMP@V3)cJ2T4|OP339=p+IQB->^x24-2U?OuRs5cAieQ3j-H?QnxxEnfHO^U zzs1&j0r~iI(WLg*vU!n}X3_im6WGUX3|$ZH$c9c^F9g*xj_qu1XBXeJ+aGoY+<E~a2 znSJj4rRC*gr=V(|OFJ)q?fvr3S5J)jYtPQIB>VN&yGOwKD8)|l%NL*$!vOuxlP`bm zeJOMoen3l)qFv1GLjUF0_R~gpfB6;I`%{*uz2E*53Otd1+$6t1;kL%}A4ayLmtnEl z$Zc^Lj?H4U_^mgvtf#?v>21q1-|TsIX8*URf?87cOg--9cG1&&CQQU6>cMO*%Dm-; z^)!GmhAkh>Q1_$9-o}GL*26HVZe!gml3SZF;!zplo ze~pXGH_9T(a>TMPc8KJ@`=Dp0=NGnFl$nj_ss8}wE+A_lq4{HE{a+xP06u(p>iq-E ziPX*t-_BtGUKkBx@x+o%R@%S7xWMSWFn3*=rk&^QfWCbE6*}?LM$cTk7(UMjdk|a0 zmXE*OM%D&2aqmVb_CpZj|8up}4`lx?4mk1OK$?qx>mr~v@}Js&{Kfv$6h;tW|1pfF zf7t(j*O+(de%t>4^raP$n_<5<(QcBsp^do7gBhg={Qs2+fAf7?CP|C@R_<0A#157c z?qia<$Za8Dln(OT+|wU!WbfPkH!eXyFW$`b2727FxxW;>zdWOQ+}zCSZ7~7LH3viT zvXJ=6Eb7-r9CYw!R{ZCm{_*oqH(He*7hPJd-TlzO168o_PgcGq@$*lnp4)kAs3Sf7 ze*qE<*Z$N}Nw_Dr2Ui$;6{k^5vn#fp>?7#L3^Jf2Hl)wnz zT7fmwPer>V`Q@oZ%dxi{`spX9t@uA)Ow`}O{{Qy-!b!0!B}t!_Prv*MOaMN$7Om|T z)N;Bjo?i;{u|@g_{B7|({Q_)lt=LaL`A*OBom*odERQ4j+}3D&^LV3q`_E0f+V3}+ z9_P?KFoM7S-%mCF+kf`Hd}$X;@UM6j+O?DO%a{M2|Ihdy$K&JUufO#kZtS`d?Yl|Q z8qnYVXZ+t=;|t9`ar&<}!oRi@TW)?168e1W_+NX^^W#xCm#~t#0m=V4m^a!tnDFUy zm;e<3|KrCxpsODLfB)G{9;3v1EMWKZZ|mzf>_5X`*wg+W%s$Sv`+p3lsUPo} z!Z7${X!rj9_s99|(^4R9UOJLuF1PN>^ zFX$uph~5?X*ig5nsaK`%mJ4kG=2qatbwUsJ#RUC`p+Eoq?+-oD>R_NArJDmIhaUX& zdzb$4kG6X|JIi6a1>dyA?bzzUN3bBB-dTF)Cy%g+L?Sx_20#PoBi@5Otq)tT4ElT5 zJ;P42m_cBt7UWN5u@B3_?kv?|?^oBJo_ojz?_Kam;t~D0!dE}bS2jLmCF~g^`?)^) zNqtMd*rw~XtFt_{s}>)O=L7Ty#aNUjP>jPcf_<=9hv8`5Aqdm_5R4u9W)RwbOAYp; zg;R#eh3H*~M+|@bxYPDUk5jKkPO$cPNcF;mj#Ir0)e6doZ8>`3d$5lVVFl8HWk;^`+I_c?WY1jrj5y%Gfw5~CHDF|1+`zTc2LF4&QJh3sa7BWbl0qMB!ywg* zxRXE_G@CqN9&f*Zs%@xeO;wO|B6EI(_aTP?F4 zaJYa=pFM{UzYf7Vd9gS^`Z*m1U4S#1L!C_ zgei7Y37_=*wjC+KhttxhKVwpsnh&;_}@8ueQ9gJd?vqL z#m}K~)0S`5)yL&QEV8)uJOj_nG6OjWF?^ZHpyddZMqwpEk`IP%TAaz)4hC+?kMwyf zW>55B*0eH>KQWQGX-%9$2^_}>oFJG7g3=iiXH5bF@8XB_ZtmkNFhK`@U~J#!)RUS4 z<%?n{s9_SLA9ThtS%bz*7XO(2Y2YHTga@}`+ePjZt@~AA5i|6GCx3g|WVfBc@lR&O z+lse|*R}^{_QP&=tAQK#Ni^v1YzQiw&aF!r^+_9f>R<$-gD!g#)X%6tl{FJ1({Dlz zQuiVDr?RONwhFJEFxbc9R+A(Px-QWRjBa_tKE4*^Ea z+-)iHttRc3YK7Z_nSwqNZ}m;LVBWy_2Nc8J>1hWW=;Rx*&r5;gif+X|2iKlpeFwC5 zO?89z&Pa8j6-n}BhKRR|l5S6L_MpARHwa4bRF76DF?d)@Sw@{J7k$h@6= z322;F_Iz-HT+p_yw@T-w%uP<8j2rn@jGqZT6?&G=S5q=z^G82vPeyK|^=94i^?Mjl zJ8l>9`9sTx+o9aI>cAS&^Wh}#W>Scch(9SyFejgqGr>qaz<@j%&QFU%DUg9Dw!DlJ zSR^>*#z{e`ryruqn8vOeHCbiv)g8%YSwc$wJ zwA+n$_Vn@VjvThH|M~y4zkV(Byo3F^mxWKAJ^df~2>zeEjQ&WCKVJ58{}0751pXZV zK~oflxA7kY^&|e{k2CsD)cC;X;bFhAR6q5{nu-;3L(OD!RH+!-klWdm&?nf&xcWG` zQ}@_r#{TEe?~?(8)p{3uKuthABQ8;;o{#xcI+p~39I2wbKaU#JrN-rK7xfc>BF% zJD~Zi%~9jV*=9^lkgH>MlKY2cA3eJ%a&_5e-QN`a3EK~d;3MiC-&l)Rq%8kXn=CcE zBs<(ekLs?R=RQeE8SmEIb)<;O38N`}`5_xR6gyBgl4&S+=1fw|8=1^-!Yu5AD@$qG zU*Qp^_^3?fgdwqu{3EEKd2arNR(G{fJqaJM^TF`s*zRz-J97>;mM;>&?vJt+K3nnQ z;}Y}7*Ms>T6gyDI88}y%Q%%~7!;Tq*%N;$~9c3+(rBbrji+!=D7+XLV2zf{NJ%1bE z+=a$$7AwwT>a-{N~?zu~It zOd?)p%#8SgV1l}yu2A3brgRntX>~{SLq{JV-OAuws<+(woR34_xR$PaJsrHnWek~4 z4jgYN$5_U<!#fjP?=o^EDN?pdQFB{_*dSN)-nF8NqGosBg*6A!}FRjtgpmx{06(N1jI z%PQpe&Y+#nq=7|kuaUsoxqciBQu{J53za2s@ifI&u1P6w#;|--XVOQVX^%WRp>OSC z2i)21tf|KRbdjs{DU`O8<0)OsbYYb1CA#IA9H;u^Kn#?o$S1RVmC@W~8H~4aOC$aCHG632&>q<&^wN@;NB4p|e zD&Ito0&1OB!i1>i9JzDO^5$s1vL)}3>wqN3cDPQ}N)Sis3d5s;bv;{)G8i^w$?mts zLZicAgU}P_e(;<;P72>?ke3hb&Z2ca08(pEW%P>Q@JA^S*(_P<)03DuXquveJ?_5% z=|`tA09Q$8%jh)X-L1n%IbCG*^cZX=g)F=w z4dOfGIv}|XhLYm7$u_<_mNK>~sEE(ZVlww5R59?0EN0P)L}wT6HHU5>^TN8hPjT>g z0!VMYuP4cQb_eilts-V7v)CT2%Un`x@IA?D-Rac-RSdqwgBvO}%|GMa;jrr;Np zr5U!T3W?p&hwZFE>~$HPhQo_JO4ZCJcQfH#klm9!0C^Ct9edcbSF0NP)nb5;vc|*Q z6FyT{&0>)#5#NwP8cOCHS-kbRL#_i-o7t(ID!hf2NYZ!~(yXH5v^zu*SI%WpI&9tf zqEcBzeAD&rS>Wpp{j%{SZG|iky8(%*b{+PEMKD;7tb?G%Iqh7xZ-k)Rz}sU?0I%kKjq%op z4NFXQ(_n&ebBam-v?zDt`m(Ubc)xJ5jha=Tf`3E117D7gk(+0mVCQnONDBJI)>xAt z<)N~iCn#;|ZbD5JIf(8Tr66=K@b3;&0re#pcGJ-|!M)`aFG>_Sn0+!%^turo=b%VA zVJ^1vu`gzCBeR!;5S-ISmwc;4}5aVAWk;TOYyKa#^0-H~c8{ zJV5f$k04ke^TF%*?54e$ntYoRm*BE(qEX7veBwO8wDp-^1zevSfqlUv1-tOHP)**b zhY#s?VDDLybv-e?5UUemd7Gu$Oq+D3`sblFIr@X^%;mfgqb7ss*djJhAuI)WP z$K%rPpX1#{nUib6NqBEKknw}N-1c>5Y^8Q+Y|gJo?LCSer~@j>=V3M}?>5xg9sSyCmz3=xm)cb^4m4PqD}EMhF1l zbG0cFm&d5Nc^K)+d2_U`%c(lK=(}k+2>X-WDwd7Ksqkba~sx8yP*(rA0C1A4q#hE`EZR*1}LN_cJNZfH}OU@*CU zKLUZ{0i44qf}|kI2{Q=Pfp{LqGFrx<9HSQtKVRaydSWhPS6lJMSRuFMR5@%FEv>DIY! zR14r&q>DZs%@_Fzv|@~%2A;fjui4<*U=ug%drD@23$4$QFAJ}+#2vFXQNz3n%XS4{b4+zX7%htV|9o0TZ%$bv+hM454y zs39|NEAqQ$?qH#`=EdTmrg@31VD)o9oBo-GJ017txE>z!Ia~r{QH3B>-lnIhP2z;i z_Y-S=Vk|1# z^T8|E&@DFU(`cpNo9T4wFq>P957#MFak-vPku5n{qSrNkab^EAsg!`vT+Oh51#Dqfyf1!mUdF(|F|MozZp z>HRM5Bbpt!>3YAV<^zdnM(4hBQR7^tTw&g;!Ee#-z`vwp1|4ssA!}4RvDn8$ zaAe}+v+U%;fLo4Dvcgh)N>j$YyZEE9EkJz<*W{HVleKkW^P|D>L!3yhcnZ-xlEV%DXw)P&fwL9zotYKL7Ina>b2bV|dB2r#BTo5Yb}tw&lwp!UNXT1DcJOBUqCX#x_vR&# z)=053)d0mJY)nb&IIm=T)lXIv#We4iOF^iYaIH2k+S{cN9g;&R%yS4Vu-HU~XU9OZ zzUKF*g(RFAV!S`>0yT;G&_Rc)qM7WmC~E5!A3mhoVFkWS`?G6pHq~Kwm}eB)KcFi_ z&JB`StR~uC9cuW%-#69%enk^xu)4FK!}TB@xK$HQsE$ZQskFg14N?y_krN0NSILA*7GzgR|sbg;XPB}`#tXj^FdMpz4 zD~@Jxo$M(FsEru|aFkM`nvNdN8s4}&f~HqjxCc9tFk*Vm=u_TH*Zsl0@B_FG zr4BS(wlfCDH+JBQGY>2zBHgrJ~+Hm6>B3Xc#WgF!! z1g(ug0+i}f$#QQmjU-ycU3Je16F=M+A#%%L)5{&uKFMX6wq!(ZE%^@Hj(qWFuKBlo4sGG zLuuvg$6;+;<)h7b)p)CB_XhNRiXEu+)yeEKBnWCc*q^E7cx|G^!pH*aN^RpU8Hmnw zDr=k)-m~G8=u?2p4LEtSK93Q`YIeH=?V?-GtRgNIiD1dO>#JEx%gHj=rF;4Om}&WVo38hJ;a+4vAlU)C@9)@UdwGApxXdmCdpcpHvNYEm zxyFa|$(bP|#@Y-wFyHQ0USC6HKM1|WaTcX95(0>9R3|t%lQl@Zdm=<5{nWBnjU2O*OH6rccusikUf+DPfsGqg){mSyLMnE-^Ee{Tmj@l& zWh*$Wt7Ixs*bpOEp{cw&iujXFcG&#SclJIa8Sl_;_N9G^!2vi;hYf{~_xt%}J7lYz zi4b|3pS0^pN0E#T%X`iEwO9AFzZLBajNDTNiUz4Wwx+%_A;BHC2?drrh8!^#!lc&s zM@Iz3?4DnV_@4`~{#SJN&xB$_PlrUsEzgpKV#wl*nOM9XL@YaBOw84g3#mv7*YiPo zoM)5!a1BUC0TF_KEcCn6&3?>m*l5O1%GJgkSAu3BU`EtvBrIb=*~FWnI>R(^$2VPG_a)#hH? zy&-l7(1c^K)%6gG-u$R+?d4Kmo|hNCo(!ZsI^@-HmY8DMe{~!Q#ttqKK_-sp3kUQg z)k0)zA5}M7hvL?YwIdYA`K8)i4%+-GlI{*C4!g93@t%qU33k}6nJuxSDVogp$^OSRlpYZ66aP6KRLna z_z1sO>+g{3fMiEpe^aL0F-oL%N07E_& zc)7-4KZ=n_m7W^rob$F{8(TFfy%ij8&ZuoAi<_#r_lLY8)&U4xuc~$?{8-ubW!&4Q z7|hF2>Ffw;Uc@8Sa@TY7Uv0}InPV_RyN5IUyTG*5t~)QPYfB{ zsnvSBOosElO7X%~3J`Ep9F4*1eq)nGcttB2t$e!qd=8Y9qI zPZv!9{BgGSkjxI|{g@cqYmUO_vO2KF;Ltw935-GGDXaTAZgckv;Vt+sA8r~F2d41U@ImcuDVIwosBVMNc5+d-t z;2eeMp1MjJcJI#V(1wrQyEXt=)7@$@zHVL3naw5#dX)9^$%Y9c#H)u4z2(u+hRh4D zo!&36KP1`#?C>PjsM`yxom|;BXBx!v+HyRf{ozrVNy5Y`QSIJk*3ze-IbzFk-gY&?)AxgSD;`Bx8`Em zsJv!gqj5|(7r1X5#N1JUm=elND{*E}kxbB0cD_GAd52sF<1}JnW7OUN%r;b36;1z#n*XPO8v`7{oY#?}vOt6mF71 z&q;yz@Yz7)D}AAyXam=5O!OyCbvifdA{movr7ilGWi`H^1@DmS^!!hQEWlM`dKr=! zr@B?Q_o6u&2O5Xb(zu^h*2tL;f*rFcs`AY5u9?7!DlLxdekIiNd#ww%CGN>W1aSwg zc9}@%slmNue&YMveRW~5-E_tI`P!Uqkj;5|-L2OJ%W3!ihBsvIop+koFA|a!a#3)! zQlE^jhovbHwYLdsh7i1HC~i|>;fAyOnfead+hJ^7&h06>wo>XiR}VF!?-#UstgVbN zY-t^c6e1$Jq-I2VZxY_4*XjLO%?}FZP=kDM8j91|S@5ryAXSQOUl5g{>=8BP3Yd93W&d<}6s`_l3yZ!rlEzYzIp;O?M)Mi6)OClgmVdmnPd%9zEW8)!rS3928W34>^)p4JL6BA%0?)uK5thW3;q~;pbjaf=DM#_y!mywU_#H00ax$JDXa3a~`jn#_5kJ+B zbPM&{G&^u->gLqf7rGGYvfr=vSg=4wNA*wzV{%B>fq>|TH*SDF4A%t5`ea9>^X*Y7SbWCSjB-y%`u8A zImPwWAWG)5)5XYVg{D@nlMU#7+D@8 zm!IE3v;%kt_YJjcy}gtPekLFuW)#mxC&Ri#3p5{I7nj|@*ZR#i7_`&v6WU!~Kf44t zG?c(8d&qe1G@O@fYk<-Wp_hiMCdTeK_FzRYndIqk*)H|JpLPensn{`j+&lh=U_wgq z*8Q1nQ0if~Kkidi=yUsKH%yI$y2bK*)C45EXtR}km6CBCP{u499jDt#e=u(v3C!Gh zu+%*iY}BSNmr60sB2&4YCVdy#4(JoMQxO5*vV-xnu= zOIDTFE=@c4_CdYb`b|@`7m8u_;WOeo(4u&woOcZ2M-4Z{HpG6|ccY=btZ`2e1Gr~y ziAB2}`G`^n+Ax`n$Vk6%)2Wi}k-Z!`%tSmcPgcbWr8xlYYX?{CKpX9HtV8fk@&Q0+ zgond4Sl8>d!|(VIc6VugwikU_A@q?WuaZ82a`iMX7VTpB6Ji~JINDzozI<*_#iGa7 zisv@+L3c5Hl&^x!$O*5QkDZaiqE8C!_v{GWoCknSpUyo^%q(iPj>1%)XZYMH)LF`eu5G^g_pg!rX_vmzBi9CKD%X7xuY*_}pG)p{M!W|+<8pYs|+(`>^hpa76 zOzzM-Viu=&Pc5vI z;+jH+Aw!fJ3^ZgaTtfTpo}imt;caVh4IG1nDilFIux%<8 z&OtGX>Mph#h(O{AwKD>?NCw+q)3p8Yb z!3Y{B9vI5NSr!`8&F&UbzDmpa%4z0`=ZQ;i8)%E1nx!(iWixqZM+dACWpCtepAkaUh`Re-y^mNpX3p6VZu+t) z{%LZzBq%VUCObA%>*J6NaWf;1XH32n3plOVcyQ$)-UdiRldE;kiq!|WT0)(EDsUeo z)DBa8LfTVbZIJzlU(l2J`M9FbTpWzYu?;p~lsKj&TfeKL`7NC9bwFbWcqQHE(y zn1k!>jm?+4)de>Z3x}O7l$x?Pcvi#=T;bT9rJ;7-?&4Wa6tE8>R&WXH)nt0z6b%{B z+6NgR!;yiKG-Nk|tIA#3zEVSVx7lo>!IWm0%~h7gZ67sG%LOV2D9liDQKikC_v)egF~?tNuq?#F=VHyJY^$v zGU+Gmd4g8eq0){SyIB(ppH9$>7EK#luj_DhE^lhNBjVj0IUq!?KMpkvmr%wj-E*}p z_fwx{lSQ05=W#rhrdM5(B7C~r-F6G_6Y2n4alB}a8>}JYU|ad}Wka2d#v8=K#En9} z?$F)S>cHds{go>c$5|P=bgnMJPa2)W$ttHZo|uQ6ojLYMW9nJ>nr|=3fW8VjPC)WK z7V_6X@=y4TaX19VciK|xxocO{ZdzYUn?g?0jX;(5DLw7Ng^l>vjAzhk;xM>=+k|vj z`=%|(gMzWGc6~4{%Hk-UBy_rUIKND&e^pyx3)|OCK!FqZ1I;)nBwEB^3U_DJKi}3Z zp%M&mNTcyWnV;Zb+RDxqL^XJlAS)M6LI>nx?5erQ1$eUIwy)K|3x`@t9X4>Y&EycR z<3!9#IjzR0-THuriZWoRVH5asVQ3^51$?7V%bz=z-;y}}KDs#MRD}6Qat{`2V3+}h z%w+XWQ|rx=9bHC^iC7Y4up7$Dy&^cR`vQq?;wD#y+og3febKuuB|mA31o45_W58x| zZDJ9IfORd`p6$I1u7@e7y=ij?RTfu5zGtd*rVLLaH!75H81BlkEF7(oVhFbt|3^)M z3gbXbS&G5w2gkB4lR*uVW}Sa!Q;_ANLoQhcUW(19na9LiJ00?7K=q@+)md=U%owDK z;_4eq97&tE1AH5gmrbl=DXY?o>g6f0wwq-v$5dpkF3hpI7?)J9&pAtAZsK!6dp6ir z1)c0%9bgMLm?T9k`XebyOw}y;0k84G!C?oS&N4Pq9!@ED*bu>Mmfq#@0vW!}mug=h zv#t~5<1`y1iiuvN4@~T^%bI&27 z<(Q=g=PQI}CC*i~j=?^E3+*{~*xeW?=Q%5E7Z9f(pMojjoag&~YSIw7U3oqtoziMj zFilfdi?;w@=yh#3bxcfTr53Z@{<`uO1wU_>siSmE``LoKa%?>^?IbTn|3i8(%i8^C zbA{XAh`?RX6gj(wS6&$GV@x@$SL{ei5k;FfEL%@cA=w@^bO-e%uCYzv)?r;UvL<8c zz!m*sp`P>fBq)3LstqNux-%zqL1v0QsXY(nOW&{Iw zIDqVE{dy++o@(k@H?gq9hUiV$Kj04>>gY6!oA|voh#6&AS|*Rg!nNLsk!+0i8kIWx zjeO?KAwE0Or$&Qo$kCf2dPx}fq6piK3JzwDq8@OLbx_m5SQhJ=9;1&7lr_-2Lv=V- zMSP^UgEKGTY~RMsh)aq9wf5FwG7xTFgpPK4)w6b|0=;4(DIE2{m?T5vqy?LZu6`1N zowhnAgIpu2ewJv##nl4IBWn*ipWN+?+gKWY*l?tH+bMt2Sewq0hFA`kWWazE9K+cJ zg>zjMZ%4=BD#?uDmb~N}(pl^;i{;@;+Iy@z?#X2Y$L^(UhuV|3@4d!e9EXz{KU`Q( zTAx`t!sye5KjOQU(^usPuJ}~DZ9b5FLz58c!x3pobp)yr@)cqs+Ke?%9xBt>G1SCWcz5ZsqRyuIEhbygQOCdKTd$05A z<&AoHVcB=K*6E_U8>|kzs9Z4LK&NoI4H+$m>KfsfaW2|MGsnaewOfx;@#ZS(2vPkt zd+N(RERlI_+x^SoZ}Pph*$ z#TQE_(q1dBcbdETDM(0J2Wwo|#F4aaS&&`2)4P9db2v(ZD~2NIHUpre8#WD_pRVos z7d8jlhK1%>=p6Py*(S$1ETKD2_ju+HHV4~%$V{I<*3I=P1NKt_aY!|a-_q-W2o8P1 z-%gvF+uCZ)4DB&ocZQ=RBM{crbk?8oTqv9ST0@REFVZ(Cb_QZFA*?yBN_3g<#~Lmw z>@w#vB?J`VERi(VnNjl74H+f3O9Dw;Mz^f5m$tj`%S{P9XDFlkWk{|o$gnP~FWDmY zEpRN0N8{?CQN3HGqoKB42@E7axtZmUNOizDwnOLAsu4i$^Z%Tc4EwmDG zVZQX)L(@tB% zg!YZyba0Iax)hvK)+;wvI9&~ouvb1M4rKFJ$ladOt~agvrY(qCc}ms~j$hb<5hO|C z4;U<_I2NZFlZICY!Jh}u6_A6GW9`q=06Wg>t&*POLaFq97k)wqlmB|E~QpnqcGhH#_xQtZ=D-lXR)d`h+hI%NfIzZJB3 z+QiX$WM~w79nOa1W5uTGeh%3#^8ICWnKSs!em_&cPX`QqW{5d8OpcH$=qS$@%_v-X zD1i-YTH%z@6yIH(kfDXqz#ZKb!h2*opv?VtWNk#m(e#6v^hajt7}PE{X)(pMp?BUF zMy*0Zrs#0f=+D&P;Yi~qg)frP8d;pg2#UtQcW%)H&M}08*-R@Lr7BJ>(_c(UB1<-m-e=6KW8GGdf4GfKcdPH#1B1F6nuEPE-Ps)o~NE|j>bDpO}(SDKaOZ2eOrfX(+bI(5y+C7~= z3+rq4=~mC(5=es>H5>Q1i?M@X(@DBZm)N)oBPEl@`*L))@d>(vA)(ybk-+)+mP7~4 zaI>H>VK_r(TgKCM;(TUvJzJp$oUP)g5|pQO99Y~n_kl-WDSes>8vt7PIn`ul9=k?v zVud~+rPFk&PB}k}^MjPd)})_tk{`7>A-|7o2lURKvL$B;g3>PxVUzU3aZu^{ap}_K zcqYR#{L&~wRl#k#F7>y$xB)4q)4?R0)&}n7WWfpoRh25TuV)+IKfs^R0VZTC?8(t&v#wgA_~3q1&re<$fUpyP22AMZk17@w6Wbgjiv+bcf9 zH2kFx8Q@p$Dxa&Ywi;G&;P5H64#XM6zb1iLLlh2V`B_f`$PmICC4D7%G#fHa9HbgG zsAzCU{7&?bBs&M(YuV@rb#!$GEK`#LX=JM_PY^ra*x>z|Ii5LnAx$DNZm<76DO0cE;871!PuhaBR=5;_EbBBtkrN;pG~CLY@5tI=nHSMzQTIq8S!g69azLPy<*~JUO?J@yO~ZfGf*cp z47_A%Ev>IpM&cHltB;B$EahIv{lQ%CfZ81#wk$o4j0_114P(M!Qms!Fr6(J2b@Af7 z5JgFwg){BzEd7Hif%zM2fXi{4>Wl}t_$LFP?#yhF5o)!dIsk1 zxl`Yre7=>M6YTN%BH+)H@gns5C{=65jMc{2=o%Q;xbKd@lgMqz;ny+vUizJGEM)g6 zEp@kG1XYmF`{_7|)&<2;>h)YM6o006P{6P|mU^t__ zYR6Bfxwhs8CkHga2h@LeA>Q)v1LRDs#pCd}+2PeRvu)Kq?~=U^uU$K48Exj#x|&^+ zIag;nNa^lU)<~NGhud!@jY*(=kDq1K{LI!b{T z@#j~|>by{=ti>Xla@-52I?!IL}v-f!-Tu&v!-GKY^7c&n2QM!G zTxmPt;>$dWXM6KRokEtZuH zgA`k7%~ZLn5k4Er4UtfT^orvpnkg$z<|uFP^hAnn<_Sq-<4`Q)f6kt~IM z%EZIfQdDt%34{K9j{!gmh8Vm<-&gogmiqkt2iT}F)bslf6hjj2`=1bdLi~9D^G~w- z4^@K)f|gH@6T#Ebe%$lnAy^2AkBhvg_lA&#CdvIa(|K?Fobvqf=V!0|t^ChFLxm(O z+Q&h^bTWd!dL8r&Jc8W)`r~ZpU)nc00n|{IdXUbo@cg{f^zEta_N%9<+`id7x@Ar= z+B`h}m3si?w=dS0o@a;YZ(oGSFM3a@RUo};4$pY@z~}zdABb24Uq;ftNS!}^`7Z#d z*hQ7VeTB|HXa-)=?)}#jxt9XK4LIyIy&ljAeR$L3r z+tJ}Au;0EEW(sZmG_b5&R-X@>cqyP4f4GU?IFcmVMmF+#2oGiCBR_j-=e{5C1wc&T zJ*0NQ0;Asc@%bqwv#r_tr3m3|AG?7kt>J^26~Ff2=^PjhyEh#4;7LOG3=yC3h9+E0 zdfM&u+M2%Ow=Y@&0aL$K`vNbmUVi%mkp8w7)SaOIZ78Ul_1{L4+Cr7$+=iF?>=&Hy z^EQ&b7nZ{-2e%d%hbdK&Bn_pXPe4+U8{rxt4U-Ui(-08lDk^f6s#s1^ftH`g!{m zNF=b%_AkJI=&8z0s^)xmut^{cFZqBJxA0$yaGTv9*wgz9i1Dv&fnR=oddR&MW)Q}& zZ=k&m7``4!z;h%qRn`@=< zaos+Z^~>Am*#GfYc%S_DQu0llp`mA4hd0R|pJnpbyMps)DSH`lsM3+U`?4>i3}s$E z-WPZ~2vGFxAOF%i^=|+9_1BicH&(V<3s?xugXiJfx8vLQQ686imP2oW$AACFU!VRo zvU4-@)0P>(d>QnHzdud!zMA_2ZL}mG$9kcMk|R7l3*Y|bHfSw^Kcs1Y6#l`19~}6> xfgc?B!GRwf_`!i69QeV39~}6>fgc?B!GRwf_`!i69QeV39~}6>f&aZ6_+M1Z?KJ=Z literal 0 HcmV?d00001 diff --git a/cmd/crossplane/function/templates/kcl/kcl.mod.lock b/cmd/crossplane/function/templates/kcl/kcl.mod.lock new file mode 100644 index 0000000..61a252c --- /dev/null +++ b/cmd/crossplane/function/templates/kcl/kcl.mod.lock @@ -0,0 +1 @@ +[dependencies] diff --git a/cmd/crossplane/function/templates/kcl/kcl.mod.tmpl b/cmd/crossplane/function/templates/kcl/kcl.mod.tmpl new file mode 100644 index 0000000..4725b1a --- /dev/null +++ b/cmd/crossplane/function/templates/kcl/kcl.mod.tmpl @@ -0,0 +1,8 @@ +[package] +name = "{{.ModName}}" +version = "0.0.1" +{{- if .Imports }} + +[dependencies] +models = { path = "./model" } +{{- end }} diff --git a/cmd/crossplane/function/templates/kcl/main.k b/cmd/crossplane/function/templates/kcl/main.k new file mode 100644 index 0000000..6527a03 --- /dev/null +++ b/cmd/crossplane/function/templates/kcl/main.k @@ -0,0 +1,32 @@ +{{- if .Imports }} +{{- range .Imports }} +import {{.ImportPath}} as {{.Alias}} +{{- end }} +{{ "\n" -}} +{{- end -}} +oxr = option("params").oxr # observed composite resource +_ocds = option("params").ocds # observed composed resources +_dxr = option("params").dxr # desired composite resource +dcds = option("params").dcds # desired composed resources + +_metadata = lambda name: str -> any { + { annotations = { "krm.kcl.dev/composition-resource-name" = name }} +} + +# Example to retrieve variables from "xr"; update as needed +# _region = "us-east-1" +# if oxr.spec?.parameters?.region: +# _region = oxr.spec.parameters.region + +_items = [ +# Example S3 Bucket managed resource configuration; update as needed +# s3v1beta2.Bucket{ +# metadata: _metadata("my-bucket") +# spec: { +# forProvider: { +# region: _region +# } +# } +# } +] +items = _items diff --git a/cmd/crossplane/function/templates/python/README.md b/cmd/crossplane/function/templates/python/README.md new file mode 100644 index 0000000..7bdbd95 --- /dev/null +++ b/cmd/crossplane/function/templates/python/README.md @@ -0,0 +1,4 @@ +# Composition Function + +The Python `hatch` toolchain requires that projects have a README file. You may +fill in details about your composition function here. diff --git a/cmd/crossplane/function/templates/python/function/__init__.py b/cmd/crossplane/function/templates/python/function/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/cmd/crossplane/function/templates/python/function/__version__.py b/cmd/crossplane/function/templates/python/function/__version__.py new file mode 100644 index 0000000..6c8e6b9 --- /dev/null +++ b/cmd/crossplane/function/templates/python/function/__version__.py @@ -0,0 +1 @@ +__version__ = "0.0.0" diff --git a/cmd/crossplane/function/templates/python/function/fn.py b/cmd/crossplane/function/templates/python/function/fn.py new file mode 100644 index 0000000..5d0d17b --- /dev/null +++ b/cmd/crossplane/function/templates/python/function/fn.py @@ -0,0 +1,29 @@ +"""A Crossplane composition function.""" + +import grpc +from crossplane.function import logging, response +from crossplane.function.proto.v1 import run_function_pb2 as fnv1 +from crossplane.function.proto.v1 import run_function_pb2_grpc as grpcv1 + + +class FunctionRunner(grpcv1.FunctionRunnerService): + """A FunctionRunner handles gRPC RunFunctionRequests.""" + + def __init__(self): + """Create a new FunctionRunner.""" + self.log = logging.get_logger() + + async def RunFunction( + self, req: fnv1.RunFunctionRequest, _: grpc.aio.ServicerContext + ) -> fnv1.RunFunctionResponse: + """Run the function.""" + log = self.log.bind(tag=req.meta.tag) + log.info("Running function") + + rsp = response.to(req) + + # Add your composition logic here. For example, to compose desired + # resources, populate rsp.desired.resources using + # crossplane.function.resource. + + return rsp diff --git a/cmd/crossplane/function/templates/python/function/main.py b/cmd/crossplane/function/templates/python/function/main.py new file mode 100644 index 0000000..26c8806 --- /dev/null +++ b/cmd/crossplane/function/templates/python/function/main.py @@ -0,0 +1,51 @@ +"""The composition function's main CLI.""" + +import click +from crossplane.function import logging, runtime + +from function import fn + + +@click.command() +@click.option( + "--debug", + "-d", + is_flag=True, + help="Emit debug logs.", +) +@click.option( + "--address", + default="0.0.0.0:9443", + show_default=True, + help="Address at which to listen for gRPC connections", +) +@click.option( + "--tls-certs-dir", + help="Serve using mTLS certificates.", + envvar="TLS_SERVER_CERTS_DIR", +) +@click.option( + "--insecure", + is_flag=True, + help="Run without mTLS credentials. " + "If you supply this flag --tls-certs-dir will be ignored.", +) +def cli(debug: bool, address: str, tls_certs_dir: str, insecure: bool) -> None: # noqa:FBT001 + """A Crossplane composition function.""" + try: + level = logging.Level.INFO + if debug: + level = logging.Level.DEBUG + logging.configure(level=level) + runtime.serve( + fn.FunctionRunner(), + address, + creds=runtime.load_credentials(tls_certs_dir), + insecure=insecure, + ) + except Exception as e: + click.echo(f"Cannot run function: {e}") + + +if __name__ == "__main__": + cli() diff --git a/cmd/crossplane/function/templates/python/pyproject.toml.tmpl b/cmd/crossplane/function/templates/python/pyproject.toml.tmpl new file mode 100644 index 0000000..c0c4aec --- /dev/null +++ b/cmd/crossplane/function/templates/python/pyproject.toml.tmpl @@ -0,0 +1,32 @@ +[build-system] +requires = ["hatchling"] +build-backend = "hatchling.build" + +[project] +name = "function" +description = "A Crossplane composition function." +readme = "README.md" +requires-python = ">=3.11,<3.14" +license = "Apache-2.0" +dependencies = [ + "crossplane-function-sdk-python==0.11.0", + "click==8.3.2", + "grpcio>=1.73.1", +{{- if .HasSchemas }} + "crossplane-models @ file:./{{ .SchemasPath }}", +{{- end }} +] +dynamic = ["version"] + +[project.scripts] +function = "function.main:cli" + +[tool.hatch.build.targets.wheel] +packages = ["function"] + +[tool.hatch.version] +path = "function/__version__.py" +validate-bump = false + +[tool.hatch.metadata] +allow-direct-references = true diff --git a/cmd/crossplane/main.go b/cmd/crossplane/main.go index ae8d2d6..173adf7 100644 --- a/cmd/crossplane/main.go +++ b/cmd/crossplane/main.go @@ -24,6 +24,7 @@ import ( "strings" "github.com/alecthomas/kong" + "github.com/charmbracelet/x/term" "github.com/spf13/afero" "github.com/willabides/kongplete" "sigs.k8s.io/controller-runtime/pkg/log/zap" @@ -34,13 +35,18 @@ import ( "github.com/crossplane/cli/v2/cmd/crossplane/completion" "github.com/crossplane/cli/v2/cmd/crossplane/composition" configcmd "github.com/crossplane/cli/v2/cmd/crossplane/config" + "github.com/crossplane/cli/v2/cmd/crossplane/dependency" + "github.com/crossplane/cli/v2/cmd/crossplane/function" "github.com/crossplane/cli/v2/cmd/crossplane/operation" + "github.com/crossplane/cli/v2/cmd/crossplane/project" renderxr "github.com/crossplane/cli/v2/cmd/crossplane/render/xr" "github.com/crossplane/cli/v2/cmd/crossplane/resource" "github.com/crossplane/cli/v2/cmd/crossplane/version" "github.com/crossplane/cli/v2/cmd/crossplane/xpkg" + "github.com/crossplane/cli/v2/cmd/crossplane/xrd" "github.com/crossplane/cli/v2/internal/config" "github.com/crossplane/cli/v2/internal/maturity" + "github.com/crossplane/cli/v2/internal/terminal" ) var _ = kong.Must(&cli{}) @@ -65,10 +71,14 @@ type cli struct { Cluster cluster.Cmd `cmd:"" help:"Inspect a Crossplane cluster." maturity:"beta"` Composition composition.Cmd `cmd:"" help:"Work with Crossplane Compositions."` Config configcmd.Cmd `cmd:"" help:"View and modify the crossplane CLI config file."` + Dependency dependency.Cmd `cmd:"" help:"Manage dependencies of control plane Projects." maturity:"beta"` + Function function.Cmd `cmd:"" help:"Work with functions in control plane Projects." maturity:"beta"` Operation operation.Cmd `cmd:"" help:"Work with Crossplane Operations." maturity:"alpha"` + Project project.Cmd `cmd:"" help:"Work with control plane Projects." maturity:"beta"` Resource resource.Cmd `cmd:"" help:"Work with Crossplane resources." maturity:"beta"` Version version.Cmd `cmd:"" help:"Print the client and server version information for the current context."` XPKG xpkg.Cmd `cmd:"" help:"Work with Crossplane packages."` + XRD xrd.Cmd `cmd:"" help:"Work with Crossplane Composite Resource Definitions (XRDs)." maturity:"beta"` // Hidden top-level alias for render, since it's GA but has moved. Render renderxr.Cmd `cmd:"" help:"Render Crossplane compositions locally using functions." hidden:""` @@ -129,6 +139,11 @@ func main() { ctx, err := parser.Parse(os.Args[1:]) parser.FatalIfErrorf(err) + // Set up a spinner printer for commands to use. This helps ensure output + // consistency across commands. + sp := terminal.NewSpinnerPrinter(os.Stderr, term.IsTerminal(os.Stderr.Fd())) + ctx.BindTo(sp, (*terminal.SpinnerPrinter)(nil)) + err = ctx.Run() ctx.FatalIfErrorf(err) } diff --git a/cmd/crossplane/project/build.go b/cmd/crossplane/project/build.go new file mode 100644 index 0000000..a3e8187 --- /dev/null +++ b/cmd/crossplane/project/build.go @@ -0,0 +1,164 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package project + +import ( + "context" + "fmt" + "path/filepath" + + "github.com/google/go-containerregistry/pkg/name" + "github.com/google/go-containerregistry/pkg/v1/tarball" + "github.com/spf13/afero" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/logging" + + devv1alpha1 "github.com/crossplane/cli/v2/apis/dev/v1alpha1" + "github.com/crossplane/cli/v2/internal/async" + "github.com/crossplane/cli/v2/internal/dependency" + "github.com/crossplane/cli/v2/internal/project" + "github.com/crossplane/cli/v2/internal/project/functions" + "github.com/crossplane/cli/v2/internal/project/projectfile" + "github.com/crossplane/cli/v2/internal/schemas/generator" + "github.com/crossplane/cli/v2/internal/schemas/manager" + "github.com/crossplane/cli/v2/internal/schemas/runner" + "github.com/crossplane/cli/v2/internal/terminal" + clixpkg "github.com/crossplane/cli/v2/internal/xpkg" +) + +// buildCmd builds a project into Crossplane packages. +type buildCmd struct { + ProjectFile string `default:"crossplane-project.yaml" help:"Path to project definition." short:"f"` + Repository string `help:"Override the repository in the project file." optional:""` + OutputDir string `default:"_output" help:"Output directory for packages." short:"o"` + MaxConcurrency uint `default:"8" help:"Max concurrent function builds."` + CacheDir string `env:"CROSSPLANE_XPKG_CACHE" help:"Directory for cached xpkg package contents." name:"cache-dir"` + + proj *devv1alpha1.Project + projFS afero.Fs +} + +// AfterApply parses flags and reads the project file. +func (c *buildCmd) AfterApply() error { + projFilePath, err := filepath.Abs(c.ProjectFile) + if err != nil { + return err + } + projDirPath := filepath.Dir(projFilePath) + c.projFS = afero.NewBasePathFs(afero.NewOsFs(), projDirPath) + + projFileName := filepath.Base(c.ProjectFile) + prj, err := projectfile.Parse(c.projFS, projFileName) + if err != nil { + return errors.Wrapf(err, "failed to parse project file %q", c.ProjectFile) + } + c.proj = prj + + return nil +} + +// Run executes the build command. +func (c *buildCmd) Run(logger logging.Logger, sp terminal.SpinnerPrinter) error { + ctx := context.Background() + + if c.Repository != "" { + ref, err := name.NewRepository(c.Repository) + if err != nil { + return errors.Wrap(err, "failed to parse repository") + } + c.proj.Spec.Repository = ref.String() + } + + concurrency := max(1, c.MaxConcurrency) + + schemasFS := afero.NewBasePathFs(c.projFS, c.proj.Spec.Paths.Schemas) + generators := generator.AllLanguages() + schemaRunner := runner.NewRealSchemaRunner(runner.WithImageConfig(c.proj.Spec.ImageConfigs)) + schemaMgr := manager.New(schemasFS, generators, schemaRunner) + cacheDir := c.CacheDir + if cacheDir == "" { + cacheDir = dependency.DefaultCacheDir() + } + + client, err := clixpkg.NewClient( + clixpkg.NewRemoteFetcher(), + clixpkg.WithCacheDir(afero.NewOsFs(), cacheDir), + clixpkg.WithImageConfigs(c.proj.Spec.ImageConfigs), + ) + if err != nil { + return err + } + resolver := clixpkg.NewResolver(client) + + depMgr := dependency.NewManager(c.proj, c.projFS, + dependency.WithProjectFile(c.ProjectFile), + dependency.WithSchemaFS(schemasFS), + dependency.WithSchemaGenerators(generators), + dependency.WithSchemaRunner(schemaRunner), + dependency.WithXpkgClient(client), + dependency.WithResolver(resolver), + ) + + b := project.NewBuilder( + project.BuildWithMaxConcurrency(concurrency), + project.BuildWithFunctionIdentifier(functions.DefaultIdentifier), + project.BuildWithSchemaManager(schemaMgr), + project.BuildWithDependencyManager(depMgr), + ) + + var imgMap project.ImageTagMap + err = sp.WrapAsyncWithSuccessSpinners(func(ch async.EventChannel) error { + var buildErr error + imgMap, buildErr = b.Build(ctx, c.proj, c.projFS, + project.BuildWithLogger(logger), + project.BuildWithEventChannel(ch), + ) + return buildErr + }) + if err != nil { + return err + } + + outFile := filepath.Join(c.OutputDir, fmt.Sprintf("%s.xpkg", c.proj.Name)) + if err := sp.WrapWithSuccessSpinner("Writing packages to disk", func() error { + outputFS := afero.NewOsFs() + err = outputFS.MkdirAll(c.OutputDir, 0o755) + if err != nil { + return errors.Wrapf(err, "failed to create output directory %q", c.OutputDir) + } + + f, err := outputFS.Create(outFile) + if err != nil { + return errors.Wrapf(err, "failed to create output file %q", outFile) + } + defer f.Close() //nolint:errcheck // Can't do anything useful with this error. + + err = tarball.MultiWrite(imgMap, f) + if err != nil { + return errors.Wrap(err, "failed to write package to file") + } + return nil + }); err != nil { + return err + } + + logger.Debug("Build complete", "output", outFile) + fmt.Printf("Built project %q to %s\n", c.proj.Name, outFile) //nolint:forbidigo // CLI output. + + return nil +} diff --git a/cmd/crossplane/project/init.go b/cmd/crossplane/project/init.go new file mode 100644 index 0000000..aca74a8 --- /dev/null +++ b/cmd/crossplane/project/init.go @@ -0,0 +1,116 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package project + +import ( + "fmt" + "os" + "path/filepath" + "strings" + + "k8s.io/apimachinery/pkg/util/validation" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + + "github.com/crossplane/cli/v2/internal/terminal" +) + +const projectFileName = "crossplane-project.yaml" + +// initCmd initializes a new project. +type initCmd struct { + Name string `arg:"" help:"The name of the new project."` + Directory string `help:"Directory to initialize. Defaults to project name." short:"d" type:"path"` +} + +func (c *initCmd) Run(sp terminal.SpinnerPrinter) error { + // Validate the project name is a valid DNS-1035 label. + if errs := validation.IsDNS1035Label(c.Name); len(errs) > 0 { + return errors.Errorf("'%s' is not a valid project name. DNS-1035 constraints: %s", c.Name, strings.Join(errs, "; ")) + } + + if c.Directory == "" { + c.Directory = c.Name + } + + // Check if the target directory is suitable. + if err := c.checkTargetDirectory(); err != nil { + return err + } + + return sp.WrapWithSuccessSpinner("Initializing project", func() error { + if err := os.MkdirAll(c.Directory, 0o750); err != nil { + return errors.Wrapf(err, "failed to create directory %s", c.Directory) + } + + // Write a minimal crossplane-project.yaml. + projFile := filepath.Join(c.Directory, projectFileName) + content := fmt.Sprintf(`apiVersion: dev.crossplane.io/v1alpha1 +kind: Project +metadata: + name: %s +spec: + repository: example.com/my-org/%s +`, c.Name, c.Name) + + if err := os.WriteFile(projFile, []byte(content), 0o600); err != nil { + return errors.Wrapf(err, "failed to write %s", projectFileName) + } + + // Create default subdirectories. + dirs := []string{"apis", "functions", "examples", "tests", "operations"} + for _, dir := range dirs { + dirPath := filepath.Join(c.Directory, dir) + if err := os.MkdirAll(dirPath, 0o700); err != nil { + return errors.Wrapf(err, "failed to create directory %s", dirPath) + } + // Write a .gitkeep so empty dirs are tracked. + keepFile := filepath.Join(dirPath, ".gitkeep") + if err := os.WriteFile(keepFile, nil, 0o600); err != nil { + return errors.Wrapf(err, "failed to write %s", keepFile) + } + } + + return nil + }) +} + +func (c *initCmd) checkTargetDirectory() error { + f, err := os.Stat(c.Directory) + switch { + case os.IsNotExist(err): + return nil // Will be created + case err != nil: + return errors.Wrapf(err, "failed to stat directory %s", c.Directory) + case !f.IsDir(): + return errors.Errorf("path %s is not a directory", c.Directory) + } + + entries, err := os.ReadDir(c.Directory) + if err != nil { + return errors.Wrapf(err, "failed to read directory %s", c.Directory) + } + + for _, entry := range entries { + if entry.Name() == ".git" && entry.IsDir() { + continue + } + return errors.Errorf("directory %s is not empty", c.Directory) + } + + return nil +} diff --git a/cmd/crossplane/project/project.go b/cmd/crossplane/project/project.go new file mode 100644 index 0000000..d797fa8 --- /dev/null +++ b/cmd/crossplane/project/project.go @@ -0,0 +1,27 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package project contains commands for working with Crossplane projects. +package project + +// Cmd contains project subcommands. +type Cmd struct { + Init initCmd `cmd:"" help:"Initialize a new project."` + Build buildCmd `cmd:"" help:"Build a project into Crossplane packages."` + Push pushCmd `cmd:"" help:"Push a built project to an OCI registry."` + Run runCmd `cmd:"" help:"Build and run a project in a local dev control plane."` + Stop stopCmd `cmd:"" help:"Tear down a local dev control plane."` +} diff --git a/cmd/crossplane/project/push.go b/cmd/crossplane/project/push.go new file mode 100644 index 0000000..818aaba --- /dev/null +++ b/cmd/crossplane/project/push.go @@ -0,0 +1,177 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package project + +import ( + "context" + "crypto/tls" + "fmt" + "io" + "net/http" + "path/filepath" + + "github.com/google/go-containerregistry/pkg/authn" + "github.com/google/go-containerregistry/pkg/name" + "github.com/google/go-containerregistry/pkg/v1/tarball" + "github.com/spf13/afero" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/logging" + + devv1alpha1 "github.com/crossplane/cli/v2/apis/dev/v1alpha1" + "github.com/crossplane/cli/v2/internal/async" + "github.com/crossplane/cli/v2/internal/project" + "github.com/crossplane/cli/v2/internal/project/projectfile" + "github.com/crossplane/cli/v2/internal/terminal" +) + +// pushCmd pushes a built project to an OCI registry. +type pushCmd struct { + ProjectFile string `default:"crossplane-project.yaml" help:"Path to project definition." short:"f"` + Repository string `help:"Override the repository in the project file." optional:""` + Tag string `default:"" help:"Tag for the pushed package. If not provided, a semver tag will be generated." short:"t"` + PackageFile string `help:"Package file to push. Defaults to /.xpkg." optional:""` + OutputDir string `default:"_output" help:"Directory containing built packages." short:"o"` + MaxConcurrency uint `default:"8" help:"Max concurrent function pushes."` + InsecureSkipTLSVerify bool `help:"[INSECURE] Skip verifying TLS certificates."` + + proj *devv1alpha1.Project + projFS afero.Fs + packageFS afero.Fs + transport http.RoundTripper +} + +// AfterApply parses flags, reads the project file, and prepares the push +// runtime (filesystem views and HTTP transport). +func (c *pushCmd) AfterApply() error { + projFilePath, err := filepath.Abs(c.ProjectFile) + if err != nil { + return err + } + projDirPath := filepath.Dir(projFilePath) + c.projFS = afero.NewBasePathFs(afero.NewOsFs(), projDirPath) + + projFileName := filepath.Base(c.ProjectFile) + prj, err := projectfile.Parse(c.projFS, projFileName) + if err != nil { + return errors.Wrapf(err, "failed to parse project file %q", c.ProjectFile) + } + c.proj = prj + + // If a package file was provided, treat it as an OS path. Otherwise read + // from /, which is where `crossplane project + // build` writes packages. + if c.PackageFile == "" { + c.packageFS = afero.NewBasePathFs(c.projFS, c.OutputDir) + } else { + c.packageFS = afero.NewOsFs() + } + + t := http.DefaultTransport.(*http.Transport).Clone() //nolint:forcetypeassert // http.DefaultTransport is always *http.Transport + if c.InsecureSkipTLSVerify { + t.TLSClientConfig = &tls.Config{ + InsecureSkipVerify: true, //nolint:gosec // we need to support insecure connections if requested + } + } + c.transport = t + + return nil +} + +// Run executes the push command. +func (c *pushCmd) Run(logger logging.Logger, sp terminal.SpinnerPrinter) error { + ctx := context.Background() + + if c.Repository != "" { + ref, err := name.NewRepository(c.Repository) + if err != nil { + return errors.Wrap(err, "failed to parse repository") + } + c.proj.Spec.Repository = ref.String() + } + if c.PackageFile == "" { + c.PackageFile = fmt.Sprintf("%s.xpkg", c.proj.Name) + } + + var imgMap project.ImageTagMap + if err := sp.WrapWithSuccessSpinner( + fmt.Sprintf("Loading packages from %s", c.PackageFile), + func() error { + var err error + imgMap, err = c.loadPackages() + return err + }, + ); err != nil { + return err + } + + pusher := project.NewPusher( + project.PushWithTransport(c.transport), + project.PushWithAuthKeychain(authn.DefaultKeychain), + project.PushWithMaxConcurrency(max(1, c.MaxConcurrency)), + ) + + var pushedTag name.Tag + if err := sp.WrapAsyncWithSuccessSpinners(func(ch async.EventChannel) error { + opts := []project.PushOption{project.PushWithEventChannel(ch)} + if c.Tag != "" { + opts = append(opts, project.PushWithTag(c.Tag)) + } + + var perr error + pushedTag, perr = pusher.Push(ctx, c.proj, imgMap, opts...) + return perr + }); err != nil { + return err + } + + logger.Debug("Push complete", "tag", pushedTag.String()) + fmt.Printf("Pushed project %q to %s\n", c.proj.Name, pushedTag) //nolint:forbidigo // CLI output. + + return nil +} + +func (c *pushCmd) loadPackages() (project.ImageTagMap, error) { + opener := func() (io.ReadCloser, error) { + return c.packageFS.Open(c.PackageFile) + } + mfst, err := tarball.LoadManifest(opener) + if err != nil { + return nil, errors.Wrap(err, "failed to read package file manifest") + } + + imgMap := make(project.ImageTagMap) + for _, desc := range mfst { + if len(desc.RepoTags) == 0 { + // Ignore images with no tags; we shouldn't find these in xpkg + // files, but best not to panic if it happens. + continue + } + + tag, err := name.NewTag(desc.RepoTags[0]) + if err != nil { + return nil, errors.Wrapf(err, "failed to parse image tag %q", desc.RepoTags[0]) + } + image, err := tarball.Image(opener, &tag) + if err != nil { + return nil, errors.Wrapf(err, "failed to load image %q from package", tag) + } + imgMap[tag] = image + } + + return imgMap, nil +} diff --git a/cmd/crossplane/project/run.go b/cmd/crossplane/project/run.go new file mode 100644 index 0000000..4ffaab4 --- /dev/null +++ b/cmd/crossplane/project/run.go @@ -0,0 +1,314 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package project + +import ( + "context" + "fmt" + "maps" + "path/filepath" + "time" + + "github.com/google/go-containerregistry/pkg/name" + "github.com/spf13/afero" + "golang.org/x/sync/errgroup" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/client-go/tools/clientcmd" + clientcmdapi "k8s.io/client-go/tools/clientcmd/api" + "sigs.k8s.io/controller-runtime/pkg/scheme" + "sigs.k8s.io/yaml" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/logging" + + xpkgv1 "github.com/crossplane/crossplane/apis/v2/pkg/v1" + xpkgv1beta1 "github.com/crossplane/crossplane/apis/v2/pkg/v1beta1" + + devv1alpha1 "github.com/crossplane/cli/v2/apis/dev/v1alpha1" + "github.com/crossplane/cli/v2/cmd/crossplane/render" + "github.com/crossplane/cli/v2/internal/async" + "github.com/crossplane/cli/v2/internal/dependency" + "github.com/crossplane/cli/v2/internal/project" + "github.com/crossplane/cli/v2/internal/project/controlplane" + "github.com/crossplane/cli/v2/internal/project/functions" + "github.com/crossplane/cli/v2/internal/project/projectfile" + "github.com/crossplane/cli/v2/internal/schemas/generator" + "github.com/crossplane/cli/v2/internal/schemas/manager" + "github.com/crossplane/cli/v2/internal/schemas/runner" + "github.com/crossplane/cli/v2/internal/terminal" + clixpkg "github.com/crossplane/cli/v2/internal/xpkg" +) + +// runCmd builds a project and runs it in a local dev control plane. +type runCmd struct { + ProjectFile string `default:"crossplane-project.yaml" help:"Path to project definition." short:"f"` + Repository string `help:"Override the repository." optional:""` + MaxConcurrency uint `default:"8" help:"Max concurrent builds."` + CacheDir string `env:"CROSSPLANE_XPKG_CACHE" help:"Directory for cached xpkg package contents." name:"cache-dir"` + + ControlPlaneName string `help:"Name of the dev control plane. Defaults to project name."` + CrossplaneVersion string `help:"Version of Crossplane to install."` + RegistryDir string `help:"Directory for local registry images."` + ClusterAdmin bool `default:"true" help:"Allow Crossplane cluster admin." negatable:""` + Timeout time.Duration `default:"5m" help:"Max wait for project readiness."` + InitResources []string `help:"Resources to apply before installing." type:"path"` + ExtraResources []string `help:"Resources to apply after installing." type:"path"` + + proj *devv1alpha1.Project + projFS afero.Fs + + initResources []runtime.RawExtension + extraResources []runtime.RawExtension +} + +// AfterApply parses flags and reads the project file. +func (c *runCmd) AfterApply() error { + projFilePath, err := filepath.Abs(c.ProjectFile) + if err != nil { + return err + } + projDirPath := filepath.Dir(projFilePath) + c.projFS = afero.NewBasePathFs(afero.NewOsFs(), projDirPath) + + projFileName := filepath.Base(c.ProjectFile) + prj, err := projectfile.Parse(c.projFS, projFileName) + if err != nil { + return errors.Wrapf(err, "failed to parse project file %q", c.ProjectFile) + } + c.proj = prj + + for _, m := range c.InitResources { + yamls, err := render.LoadYAMLStream(afero.NewOsFs(), m) + if err != nil { + return errors.Wrapf(err, "failed to read init resources from %s", m) + } + for _, bs := range yamls { + var e runtime.RawExtension + if err := yaml.Unmarshal(bs, &e); err != nil { + return errors.Wrapf(err, "failed to unmarshal init resource from %s", m) + } + c.initResources = append(c.initResources, e) + } + } + for _, m := range c.ExtraResources { + yamls, err := render.LoadYAMLStream(afero.NewOsFs(), m) + if err != nil { + return errors.Wrapf(err, "failed to read extra resources from %s", m) + } + for _, bs := range yamls { + var e runtime.RawExtension + if err := yaml.Unmarshal(bs, &e); err != nil { + return errors.Wrapf(err, "failed to unmarshal extra resource from %s", m) + } + c.extraResources = append(c.extraResources, e) + } + } + + return nil +} + +// Run executes the run command. +func (c *runCmd) Run(logger logging.Logger, sp terminal.SpinnerPrinter) error { //nolint:gocyclo // Main command orchestration. + ctx := context.Background() + + if c.Repository != "" { + ref, err := name.NewRepository(c.Repository) + if err != nil { + return errors.Wrap(err, "failed to parse repository") + } + c.proj.Spec.Repository = ref.String() + } + + if c.ControlPlaneName == "" { + c.ControlPlaneName = "crossplane-" + c.proj.Name + } + + concurrency := max(1, c.MaxConcurrency) + + schemasFS := afero.NewBasePathFs(c.projFS, c.proj.Spec.Paths.Schemas) + generators := generator.AllLanguages() + schemaRunner := runner.NewRealSchemaRunner(runner.WithImageConfig(c.proj.Spec.ImageConfigs)) + schemaMgr := manager.New(schemasFS, generators, schemaRunner) + cacheDir := c.CacheDir + if cacheDir == "" { + cacheDir = dependency.DefaultCacheDir() + } + + client, err := clixpkg.NewClient( + clixpkg.NewRemoteFetcher(), + clixpkg.WithCacheDir(afero.NewOsFs(), cacheDir), + clixpkg.WithImageConfigs(c.proj.Spec.ImageConfigs), + ) + if err != nil { + return err + } + resolver := clixpkg.NewResolver(client) + + depMgr := dependency.NewManager(c.proj, c.projFS, + dependency.WithProjectFile(c.ProjectFile), + dependency.WithSchemaFS(schemasFS), + dependency.WithSchemaGenerators(generators), + dependency.WithSchemaRunner(schemaRunner), + dependency.WithXpkgClient(client), + dependency.WithResolver(resolver), + ) + + b := project.NewBuilder( + project.BuildWithMaxConcurrency(concurrency), + project.BuildWithFunctionIdentifier(functions.DefaultIdentifier), + project.BuildWithSchemaManager(schemaMgr), + project.BuildWithDependencyManager(depMgr), + ) + + var ( + imgMap project.ImageTagMap + devCtp controlplane.DevControlPlane + ) + + // Parallel build + control plane setup with async spinners. + err = sp.WrapAsyncWithSuccessSpinners(func(ch async.EventChannel) error { + eg, egCtx := errgroup.WithContext(ctx) + + eg.Go(func() error { + ch.SendEvent("Setting up control plane", async.EventStatusStarted) + var ctpErr error + devCtp, ctpErr = controlplane.EnsureLocalDevControlPlane(egCtx, + controlplane.WithName(c.ControlPlaneName), + controlplane.WithCrossplaneVersion(c.CrossplaneVersion), + controlplane.WithRegistryDir(c.RegistryDir), + controlplane.WithClusterAdmin(c.ClusterAdmin), + controlplane.WithLogger(logger), + ) + if ctpErr != nil { + ch.SendEvent("Setting up control plane", async.EventStatusFailure) + return ctpErr + } + + ctpSchemeBuilders := []*scheme.Builder{ + xpkgv1.SchemeBuilder, + xpkgv1beta1.SchemeBuilder, + } + for _, bld := range ctpSchemeBuilders { + if err := bld.AddToScheme(devCtp.Client().Scheme()); err != nil { + ch.SendEvent("Setting up control plane", async.EventStatusFailure) + return err + } + } + ch.SendEvent("Setting up control plane", async.EventStatusSuccess) + return nil + }) + + eg.Go(func() error { + var buildErr error + imgMap, buildErr = b.Build(egCtx, c.proj, c.projFS, + project.BuildWithLogger(logger), + project.BuildWithEventChannel(ch), + ) + return buildErr + }) + + return eg.Wait() + }) + if err != nil { + return err + } + + // Sideload built images into the local registry. + tagStr := fmt.Sprintf("%s:v0.0.0-%d", c.proj.Spec.Repository, time.Now().Unix()) + tag, err := name.NewTag(tagStr, name.StrictValidation) + if err != nil { + return errors.Wrap(err, "failed to construct image tag") + } + + logger.Debug("Loading packages into control plane") + if err := sp.WrapWithSuccessSpinner("Loading packages into control plane", func() error { + return devCtp.Sideload(ctx, imgMap, tag) + }); err != nil { + return errors.Wrap(err, "failed to sideload packages") + } + + // Apply init resources. + if len(c.initResources) > 0 { + logger.Debug("Applying init resources") + if err := sp.WrapWithSuccessSpinner("Applying init resources", func() error { + return project.ApplyResources(ctx, devCtp.Client(), c.initResources) + }); err != nil { + return errors.Wrap(err, "failed to apply init resources") + } + } + + // Install the configuration and wait for readiness. + readyCtx := ctx + if c.Timeout != 0 { + timeoutCtx, cancel := context.WithTimeout(ctx, c.Timeout) + defer cancel() + readyCtx = timeoutCtx + } + + logger.Debug("Installing configuration package") + if err := sp.WrapWithSuccessSpinner("Installing configuration", func() error { + return project.InstallConfiguration(readyCtx, devCtp.Client(), c.proj.Name, tag, logger) + }); err != nil { + return errors.Wrap(err, "failed to install configuration") + } + + // Apply extra resources. + if len(c.extraResources) > 0 { + logger.Debug("Applying extra resources") + if err := sp.WrapWithSuccessSpinner("Applying extra resources", func() error { + return project.ApplyResources(ctx, devCtp.Client(), c.extraResources) + }); err != nil { + return errors.Wrap(err, "failed to apply extra resources") + } + } + + // Update kubeconfig. + ctpKubeconfig, err := devCtp.Kubeconfig().RawConfig() + if err != nil { + return errors.Wrap(err, "failed to get kubeconfig") + } + + if err := writeKubeconfig(ctpKubeconfig); err != nil { + return errors.Wrap(err, "failed to update kubeconfig") + } + + fmt.Println(devCtp.Info()) //nolint:forbidigo // CLI output. + fmt.Printf("Kubeconfig updated. Current context is %q.\n", ctpKubeconfig.CurrentContext) //nolint:forbidigo // CLI output. + fmt.Printf("Run `kubectl get configurations` to see the installed project configuration.\n") //nolint:forbidigo // CLI output. + fmt.Printf("Run `kind delete cluster --name %s` to clean up.\n", c.ControlPlaneName) //nolint:forbidigo // CLI output. + + return nil +} + +func writeKubeconfig(rawConfig clientcmdapi.Config) error { + // Merge the control plane's kubeconfig into the user's default kubeconfig + // and set it as the current context. + defaultPath := clientcmd.RecommendedHomeFile + + existing, err := clientcmd.LoadFromFile(defaultPath) + if err != nil { + // If the file doesn't exist, start fresh. + existing = clientcmdapi.NewConfig() + } + + maps.Copy(existing.Clusters, rawConfig.Clusters) + maps.Copy(existing.AuthInfos, rawConfig.AuthInfos) + maps.Copy(existing.Contexts, rawConfig.Contexts) + existing.CurrentContext = rawConfig.CurrentContext + + return clientcmd.WriteToFile(*existing, defaultPath) +} diff --git a/cmd/crossplane/project/stop.go b/cmd/crossplane/project/stop.go new file mode 100644 index 0000000..b5ec19e --- /dev/null +++ b/cmd/crossplane/project/stop.go @@ -0,0 +1,71 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package project + +import ( + "context" + "fmt" + "path/filepath" + + "github.com/spf13/afero" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/logging" + + "github.com/crossplane/cli/v2/internal/project/controlplane" + "github.com/crossplane/cli/v2/internal/project/projectfile" + "github.com/crossplane/cli/v2/internal/terminal" +) + +// stopCmd tears down a local dev control plane. +type stopCmd struct { + ProjectFile string `default:"crossplane-project.yaml" help:"Path to project definition." short:"f"` + ControlPlaneName string `help:"Name of the dev control plane. Defaults to project name."` + RegistryDir string `help:"Directory for local registry images."` +} + +// Run executes the stop command. +func (c *stopCmd) Run(logger logging.Logger, sp terminal.SpinnerPrinter) error { + ctx := context.Background() + + name := c.ControlPlaneName + if name == "" { + projFilePath, err := filepath.Abs(c.ProjectFile) + if err != nil { + return err + } + projDirPath := filepath.Dir(projFilePath) + projFS := afero.NewBasePathFs(afero.NewOsFs(), projDirPath) + + projFileName := filepath.Base(c.ProjectFile) + prj, err := projectfile.Parse(projFS, projFileName) + if err != nil { + return errors.New("this is not a project directory; use --control-plane-name to specify the control plane name") + } + name = "crossplane-" + prj.Name + } + + logger.Debug("Tearing down local dev control plane", "name", name) + if err := sp.WrapWithSuccessSpinner("Tearing down control plane", func() error { + return controlplane.TeardownLocalDevControlPlane(ctx, name, c.RegistryDir) + }); err != nil { + return err + } + + fmt.Printf("Local dev control plane %q has been torn down.\n", name) //nolint:forbidigo // CLI output. + return nil +} diff --git a/cmd/crossplane/xrd/generate.go b/cmd/crossplane/xrd/generate.go new file mode 100644 index 0000000..da95bff --- /dev/null +++ b/cmd/crossplane/xrd/generate.go @@ -0,0 +1,447 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package xrd + +import ( + "encoding/json" + "fmt" + "path/filepath" + "slices" + "strings" + + "github.com/alecthomas/kong" + "github.com/gobuffalo/flect" + "github.com/kubernetes-sigs/kro/pkg/simpleschema" + "github.com/spf13/afero" + extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/yaml" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + + v2 "github.com/crossplane/crossplane/apis/v2/apiextensions/v2" + + "github.com/crossplane/cli/v2/internal/project/projectfile" + "github.com/crossplane/cli/v2/internal/xrd" +) + +type generateCmd struct { + File string `arg:"" help:"Path to the XR or XRC YAML file."` + From string `default:"xr" enum:"xr,simpleschema" help:"Input format: xr or simpleschema."` + Path string `help:"Output path within the APIs directory." optional:""` + Plural string `help:"Custom plural form for the XRD." optional:""` + ProjectFile string `default:"crossplane-project.yaml" help:"Path to project definition." short:"f"` + + projFS afero.Fs + apisFS afero.Fs + relFile string +} + +// AfterApply sets up the project filesystem. +func (c *generateCmd) AfterApply() error { + projFilePath, err := filepath.Abs(c.ProjectFile) + if err != nil { + return err + } + projDirPath := filepath.Dir(projFilePath) + c.projFS = afero.NewBasePathFs(afero.NewOsFs(), projDirPath) + + proj, err := projectfile.Parse(c.projFS, filepath.Base(c.ProjectFile)) + if err != nil { + return err + } + + c.apisFS = afero.NewBasePathFs(c.projFS, proj.Spec.Paths.APIs) + + c.relFile = c.File + if filepath.IsAbs(c.File) { + relPath, err := filepath.Rel(afero.FullBaseFsPath(c.projFS.(*afero.BasePathFs), "."), c.File) //nolint:forcetypeassert // We know the type of projFS from above. + if err != nil { + return errors.Wrap(err, "failed to make file path relative to project filesystem") + } + if strings.HasPrefix(relPath, "..") || filepath.IsAbs(relPath) { + return errors.New("file path is outside the project filesystem") + } + c.relFile = relPath + } + + return nil +} + +func (c *generateCmd) Run(k *kong.Context) error { + yamlData, err := afero.ReadFile(c.projFS, c.relFile) + if err != nil { + return errors.Wrapf(err, "failed to read file %s", c.relFile) + } + + var xrdObj *v2.CompositeResourceDefinition + switch c.From { + case "simpleschema": + xrdObj, err = newXRDFromSimpleSchema(yamlData, c.Plural) + default: + xrdObj, err = newXRDFromExample(yamlData, c.Plural) + } + if err != nil { + return errors.Wrap(err, "failed to create CompositeResourceDefinition (XRD)") + } + + pluralName := xrdObj.Spec.Names.Plural + + xrdYAML, err := marshalXRD(xrdObj) + if err != nil { + return errors.Wrap(err, "failed to marshal XRD to YAML") + } + + filePath := c.Path + if filePath == "" { + filePath = fmt.Sprintf("%s/definition.yaml", pluralName) + } + + exists, err := afero.Exists(c.apisFS, filePath) + if err != nil { + return errors.Wrap(err, "failed to check if file exists") + } + if exists { + return errors.Errorf("file %q already exists, use --path to specify a different output path or delete the existing file", filePath) + } + + if err := c.apisFS.MkdirAll(filepath.Dir(filePath), 0o755); err != nil { + return errors.Wrap(err, "failed to create directories for the specified output path") + } + + if err := afero.WriteFile(c.apisFS, filePath, xrdYAML, 0o644); err != nil { + return errors.Wrap(err, "failed to write CompositeResourceDefinition (XRD) to file") + } + + _, err = fmt.Fprintf(k.Stdout, "Created CompositeResourceDefinition (XRD) at %s\n", filePath) + return err +} + +// marshalXRD marshals an XRD to YAML, removing creationTimestamp and status. +func marshalXRD(obj any) ([]byte, error) { + unst, err := runtime.DefaultUnstructuredConverter.ToUnstructured(obj) + if err != nil { + return nil, err + } + + unstructured.RemoveNestedField(unst, "status") + unstructured.RemoveNestedField(unst, "metadata", "creationTimestamp") + + return yaml.Marshal(unst) +} + +func isCELExpression(value any) bool { + if str, ok := value.(string); ok { + return strings.HasPrefix(str, "${") && strings.HasSuffix(str, "}") + } + return false +} + +// celFieldPath tracks paths to fields containing CEL expressions. +type celFieldPath []string + +// findCELFields recursively finds all field paths that contain CEL expressions. +func findCELFields(data map[string]any, currentPath []string) []celFieldPath { + var paths []celFieldPath + + for key, value := range data { + fieldPath := make([]string, len(currentPath), len(currentPath)+1) + copy(fieldPath, currentPath) + fieldPath = append(fieldPath, key) + + if isCELExpression(value) { + paths = append(paths, celFieldPath(fieldPath)) + } else if nestedMap, ok := value.(map[string]any); ok { + paths = append(paths, findCELFields(nestedMap, fieldPath)...) + } + } + + return paths +} + +// replaceCELWithPlaceholder replaces CEL expressions with "object" placeholder for simpleschema processing. +func replaceCELWithPlaceholder(data map[string]any) map[string]any { + result := make(map[string]any) + + for key, value := range data { + if isCELExpression(value) { + result[key] = "object" + } else if nestedMap, ok := value.(map[string]any); ok { + result[key] = replaceCELWithPlaceholder(nestedMap) + } else { + result[key] = value + } + } + + return result +} + +// markCELFieldsPreserveUnknown marks fields at the given paths with x-kubernetes-preserve-unknown-fields: true. +func markCELFieldsPreserveUnknown(schema *extv1.JSONSchemaProps, paths []celFieldPath) { + if schema == nil || len(paths) == 0 { + return + } + + preserveTrue := true + + for _, path := range paths { + current := schema + for i, key := range path { + if current.Properties == nil { + break + } + + if prop, exists := current.Properties[key]; exists { + if i == len(path)-1 { + prop.XPreserveUnknownFields = &preserveTrue + prop.Type = "" + prop.Properties = nil + current.Properties[key] = prop + } else { + current = &prop + } + } + } + } +} + +// newXRDFromSimpleSchema creates a new CompositeResourceDefinition v2 from a SimpleSchema definition. +func newXRDFromSimpleSchema(yamlData []byte, customPlural string) (*v2.CompositeResourceDefinition, error) { + var simpleInput inputXR + if err := yaml.Unmarshal(yamlData, &simpleInput); err != nil { + return nil, errors.Wrap(err, "failed to unmarshal YAML") + } + + gv, err := schema.ParseGroupVersion(simpleInput.APIVersion) + if err != nil { + return nil, errors.Wrap(err, "failed to parse API version") + } + + kind := simpleInput.Kind + plural := customPlural + if plural == "" { + plural = flect.Pluralize(kind) + } + + specSchema, err := simpleschema.ToOpenAPISpec(simpleInput.Spec, nil) + if err != nil { + return nil, errors.Wrap(err, "failed to convert spec to OpenAPI schema") + } + + statusSchema := &extv1.JSONSchemaProps{Type: "object", Properties: map[string]extv1.JSONSchemaProps{}} + if len(simpleInput.Status) > 0 { + celPaths := findCELFields(simpleInput.Status, nil) + processedStatus := replaceCELWithPlaceholder(simpleInput.Status) + + statusSchema, err = simpleschema.ToOpenAPISpec(processedStatus, nil) + if err != nil { + return nil, errors.Wrap(err, "failed to convert status to OpenAPI schema") + } + + markCELFieldsPreserveUnknown(statusSchema, celPaths) + } + + openAPIV3Schema := &extv1.JSONSchemaProps{ + Description: fmt.Sprintf("%s is the Schema for the %s API.", kind, kind), + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "spec": *specSchema, + "status": *statusSchema, + }, + Required: []string{"spec"}, + } + + schemaBytes, err := json.Marshal(openAPIV3Schema) + if err != nil { + return nil, errors.Wrap(err, "failed to marshal OpenAPI schema") + } + + return &v2.CompositeResourceDefinition{ + TypeMeta: metav1.TypeMeta{ + APIVersion: v2.CompositeResourceDefinitionGroupVersionKind.GroupVersion().String(), + Kind: v2.CompositeResourceDefinitionGroupVersionKind.Kind, + }, + ObjectMeta: metav1.ObjectMeta{ + Name: strings.ToLower(fmt.Sprintf("%s.%s", plural, gv.Group)), + }, + Spec: v2.CompositeResourceDefinitionSpec{ + Group: gv.Group, + Scope: v2.CompositeResourceScopeNamespaced, + Names: extv1.CustomResourceDefinitionNames{ + Categories: []string{"crossplane"}, + Kind: flect.Capitalize(kind), + Plural: strings.ToLower(plural), + }, + Versions: []v2.CompositeResourceDefinitionVersion{ + { + AdditionalPrinterColumns: simpleInput.AdditionalPrinterColumns, + Name: gv.Version, + Referenceable: true, + Served: true, + Schema: &v2.CompositeResourceValidation{ + OpenAPIV3Schema: runtime.RawExtension{Raw: schemaBytes}, + }, + }, + }, + }, + }, nil +} + +type inputXR struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata"` + + Spec map[string]any `json:"spec"` + Status map[string]any `json:"status"` + AdditionalPrinterColumns []extv1.CustomResourceColumnDefinition `json:"additionalPrinterColumns"` +} + +// newXRDFromExample creates an XRD based on an example XR, ineferring property types +// heuristically based on the property values in the example. +func newXRDFromExample(yamlData []byte, customPlural string) (*v2.CompositeResourceDefinition, error) { + var topLevelKeys map[string]any + if err := yaml.Unmarshal(yamlData, &topLevelKeys); err != nil { + return nil, errors.Wrap(err, "failed to unmarshal YAML to check top-level keys") + } + for key := range topLevelKeys { + allowedKeys := []string{"apiVersion", "kind", "metadata", "spec", "status", "additionalPrinterColumns"} + if !slices.Contains(allowedKeys, key) { + return nil, errors.Errorf("invalid manifest: valid top-level keys are: %v", allowedKeys) + } + } + + var input inputXR + if err := yaml.Unmarshal(yamlData, &input); err != nil { + return nil, errors.Wrap(err, "failed to unmarshal YAML") + } + + if input.APIVersion == "" { + return nil, errors.New("invalid manifest: apiVersion is required") + } + if strings.Count(input.APIVersion, "/") != 1 { + return nil, errors.New("invalid manifest: apiVersion must be in the format group/version") + } + if input.Kind == "" { + return nil, errors.New("invalid manifest: kind is required") + } + if input.Name == "" { + return nil, errors.New("invalid manifest: metadata.name is required") + } + if input.Spec == nil { + return nil, errors.New("invalid manifest: spec is required") + } + + fieldsToRemove := []string{ + "resourceRefs", + "writeConnectionSecretToRef", + "publishConnectionDetailsTo", + "environmentConfigRefs", + "compositionUpdatePolicy", + "compositionRevisionRef", + "compositionRevisionSelector", + "compositionRef", + "compositionSelector", + "claimRef", + } + for _, field := range fieldsToRemove { + delete(input.Spec, field) + } + + gv, err := schema.ParseGroupVersion(input.APIVersion) + if err != nil { + return nil, errors.Wrap(err, "failed to parse API version") + } + + kind := input.Kind + + plural := customPlural + if plural == "" { + plural = flect.Pluralize(kind) + } + + description := fmt.Sprintf("%s is the Schema for the %s API.", kind, kind) + + specProps, err := xrd.InferProperties(input.Spec) + if err != nil { + return nil, errors.Wrap(err, "failed to infer properties for spec") + } + + statusProps, err := xrd.InferProperties(input.Status) + if err != nil { + return nil, errors.Wrap(err, "failed to infer properties for status") + } + + openAPIV3Schema := &extv1.JSONSchemaProps{ + Description: description, + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "spec": { + Description: fmt.Sprintf("%sSpec defines the desired state of %s.", kind, kind), + Type: "object", + Properties: specProps, + }, + "status": { + Description: fmt.Sprintf("%sStatus defines the observed state of %s.", kind, kind), + Type: "object", + Properties: statusProps, + }, + }, + Required: []string{"spec"}, + } + + schemaBytes, err := json.Marshal(openAPIV3Schema) + if err != nil { + return nil, errors.Wrap(err, "failed to marshal OpenAPI v3 schema") + } + + scope := v2.CompositeResourceScopeCluster + if input.Namespace != "" { + scope = v2.CompositeResourceScopeNamespaced + } + + return &v2.CompositeResourceDefinition{ + TypeMeta: metav1.TypeMeta{ + APIVersion: v2.CompositeResourceDefinitionGroupVersionKind.GroupVersion().String(), + Kind: v2.CompositeResourceDefinitionGroupVersionKind.Kind, + }, + ObjectMeta: metav1.ObjectMeta{ + Name: strings.ToLower(fmt.Sprintf("%s.%s", plural, gv.Group)), + }, + Spec: v2.CompositeResourceDefinitionSpec{ + Group: gv.Group, + Scope: scope, + Names: extv1.CustomResourceDefinitionNames{ + Categories: []string{"crossplane"}, + Kind: flect.Capitalize(kind), + Plural: strings.ToLower(plural), + }, + Versions: []v2.CompositeResourceDefinitionVersion{ + { + Name: gv.Version, + Referenceable: true, + Served: true, + Schema: &v2.CompositeResourceValidation{ + OpenAPIV3Schema: runtime.RawExtension{Raw: schemaBytes}, + }, + }, + }, + }, + }, nil +} diff --git a/cmd/crossplane/xrd/generate_test.go b/cmd/crossplane/xrd/generate_test.go new file mode 100644 index 0000000..90d95dd --- /dev/null +++ b/cmd/crossplane/xrd/generate_test.go @@ -0,0 +1,759 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package xrd + +import ( + "encoding/json" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/test" + + v2 "github.com/crossplane/crossplane/apis/v2/apiextensions/v2" +) + +func TestNewXRDFromExample(t *testing.T) { + type args struct { + inputYAML string + customPlural string + } + + type want struct { + xrd *v2.CompositeResourceDefinition + err error + } + + cases := map[string]struct { + args args + want want + }{ + "ClusterScopedXR": { + args: args{ + inputYAML: ` +apiVersion: aws.u5d.io/v1 +kind: XEKS +metadata: + name: test +spec: + parameters: + id: test + region: eu-central-1 +`, + customPlural: "xeks", + }, + want: want{ + xrd: &v2.CompositeResourceDefinition{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "apiextensions.crossplane.io/v2", + Kind: "CompositeResourceDefinition", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "xeks.aws.u5d.io", + }, + Spec: v2.CompositeResourceDefinitionSpec{ + Group: "aws.u5d.io", + Scope: v2.CompositeResourceScopeCluster, + Names: extv1.CustomResourceDefinitionNames{ + Categories: []string{"crossplane"}, + Kind: "XEKS", + Plural: "xeks", + }, + Versions: []v2.CompositeResourceDefinitionVersion{ + { + Name: "v1", + Referenceable: true, + Served: true, + Schema: &v2.CompositeResourceValidation{ + OpenAPIV3Schema: jsonSchemaPropsToRawExtension(&extv1.JSONSchemaProps{ + Description: "XEKS is the Schema for the XEKS API.", + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "spec": { + Description: "XEKSSpec defines the desired state of XEKS.", + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "parameters": { + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "id": {Type: "string"}, + "region": {Type: "string"}, + }, + }, + }, + }, + "status": { + Description: "XEKSStatus defines the observed state of XEKS.", + Type: "object", + }, + }, + Required: []string{"spec"}, + }), + }, + }, + }, + }, + }, + }, + }, + "NamespaceScopedXRC": { + args: args{ + inputYAML: ` +apiVersion: aws.u5d.io/v1 +kind: EKS +metadata: + name: test + namespace: test-namespace +spec: + parameters: + id: test + region: eu-central-1 +`, + customPlural: "eks", + }, + want: want{ + xrd: &v2.CompositeResourceDefinition{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "apiextensions.crossplane.io/v2", + Kind: "CompositeResourceDefinition", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "eks.aws.u5d.io", + }, + Spec: v2.CompositeResourceDefinitionSpec{ + Group: "aws.u5d.io", + Scope: v2.CompositeResourceScopeNamespaced, + Names: extv1.CustomResourceDefinitionNames{ + Categories: []string{"crossplane"}, + Kind: "EKS", + Plural: "eks", + }, + Versions: []v2.CompositeResourceDefinitionVersion{ + { + Name: "v1", + Referenceable: true, + Served: true, + Schema: &v2.CompositeResourceValidation{ + OpenAPIV3Schema: jsonSchemaPropsToRawExtension(&extv1.JSONSchemaProps{ + Description: "EKS is the Schema for the EKS API.", + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "spec": { + Description: "EKSSpec defines the desired state of EKS.", + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "parameters": { + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "id": {Type: "string"}, + "region": {Type: "string"}, + }, + }, + }, + }, + "status": { + Description: "EKSStatus defines the observed state of EKS.", + Type: "object", + }, + }, + Required: []string{"spec"}, + }), + }, + }, + }, + }, + }, + }, + }, + "CustomPluralPostgres": { + args: args{ + inputYAML: ` +apiVersion: database.u5d.io/v1 +kind: Postgres +metadata: + name: test +spec: + parameters: + version: "13" +`, + customPlural: "postgreses", + }, + want: want{ + xrd: &v2.CompositeResourceDefinition{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "apiextensions.crossplane.io/v2", + Kind: "CompositeResourceDefinition", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "postgreses.database.u5d.io", + }, + Spec: v2.CompositeResourceDefinitionSpec{ + Group: "database.u5d.io", + Scope: v2.CompositeResourceScopeCluster, + Names: extv1.CustomResourceDefinitionNames{ + Categories: []string{"crossplane"}, + Kind: "Postgres", + Plural: "postgreses", + }, + Versions: []v2.CompositeResourceDefinitionVersion{ + { + Name: "v1", + Referenceable: true, + Served: true, + Schema: &v2.CompositeResourceValidation{ + OpenAPIV3Schema: jsonSchemaPropsToRawExtension(&extv1.JSONSchemaProps{ + Description: "Postgres is the Schema for the Postgres API.", + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "spec": { + Description: "PostgresSpec defines the desired state of Postgres.", + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "parameters": { + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "version": {Type: "string"}, + }, + }, + }, + }, + "status": { + Description: "PostgresStatus defines the observed state of Postgres.", + Type: "object", + }, + }, + Required: []string{"spec"}, + }), + }, + }, + }, + }, + }, + }, + }, + "BucketWithStatus": { + args: args{ + inputYAML: ` +apiVersion: storage.u5d.io/v1 +kind: Bucket +metadata: + name: test +spec: + parameters: + storage: "13" +status: + bucketName: test +`, + }, + want: want{ + xrd: &v2.CompositeResourceDefinition{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "apiextensions.crossplane.io/v2", + Kind: "CompositeResourceDefinition", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "buckets.storage.u5d.io", + }, + Spec: v2.CompositeResourceDefinitionSpec{ + Group: "storage.u5d.io", + Scope: v2.CompositeResourceScopeCluster, + Names: extv1.CustomResourceDefinitionNames{ + Categories: []string{"crossplane"}, + Kind: "Bucket", + Plural: "buckets", + }, + Versions: []v2.CompositeResourceDefinitionVersion{ + { + Name: "v1", + Referenceable: true, + Served: true, + Schema: &v2.CompositeResourceValidation{ + OpenAPIV3Schema: jsonSchemaPropsToRawExtension(&extv1.JSONSchemaProps{ + Description: "Bucket is the Schema for the Bucket API.", + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "spec": { + Description: "BucketSpec defines the desired state of Bucket.", + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "parameters": { + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "storage": {Type: "string"}, + }, + }, + }, + }, + "status": { + Description: "BucketStatus defines the observed state of Bucket.", + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "bucketName": {Type: "string"}, + }, + }, + }, + Required: []string{"spec"}, + }), + }, + }, + }, + }, + }, + }, + }, + "RemoveXPStandardFieldsFromSpec": { + args: args{ + inputYAML: ` +apiVersion: aws.u5d.io/v1 +kind: XEKS +metadata: + name: test +spec: + parameters: + id: test + region: eu-central-1 + resourceRefs: + - name: resource1 + writeConnectionSecretToRef: + name: secret + publishConnectionDetailsTo: + name: details + environmentConfigRefs: + - name: config1 + compositionSelector: + matchLabels: + layer: functions +`, + customPlural: "xeks", + }, + want: want{ + xrd: &v2.CompositeResourceDefinition{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "apiextensions.crossplane.io/v2", + Kind: "CompositeResourceDefinition", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "xeks.aws.u5d.io", + }, + Spec: v2.CompositeResourceDefinitionSpec{ + Group: "aws.u5d.io", + Scope: v2.CompositeResourceScopeCluster, + Names: extv1.CustomResourceDefinitionNames{ + Categories: []string{"crossplane"}, + Kind: "XEKS", + Plural: "xeks", + }, + Versions: []v2.CompositeResourceDefinitionVersion{ + { + Name: "v1", + Referenceable: true, + Served: true, + Schema: &v2.CompositeResourceValidation{ + OpenAPIV3Schema: jsonSchemaPropsToRawExtension(&extv1.JSONSchemaProps{ + Description: "XEKS is the Schema for the XEKS API.", + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "spec": { + Description: "XEKSSpec defines the desired state of XEKS.", + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "parameters": { + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "id": {Type: "string"}, + "region": {Type: "string"}, + }, + }, + }, + }, + "status": { + Description: "XEKSStatus defines the observed state of XEKS.", + Type: "object", + }, + }, + Required: []string{"spec"}, + }), + }, + }, + }, + }, + }, + }, + }, + "MissingAPIVersion": { + args: args{ + inputYAML: ` +kind: Postgres +metadata: + name: test +spec: + parameters: + version: "13" +`, + customPlural: "postgreses", + }, + want: want{ + err: errors.New("invalid manifest: apiVersion is required"), + }, + }, + "MissingKind": { + args: args{ + inputYAML: ` +apiVersion: database.u5d.io/v1 +metadata: + name: test +spec: + parameters: + version: "13" +`, + customPlural: "postgreses", + }, + want: want{ + err: errors.New("invalid manifest: kind is required"), + }, + }, + "MissingMetadataName": { + args: args{ + inputYAML: ` +apiVersion: database.u5d.io/v1 +kind: Postgres +spec: + parameters: + version: "13" +`, + customPlural: "postgreses", + }, + want: want{ + err: errors.New("invalid manifest: metadata.name is required"), + }, + }, + "MissingSpec": { + args: args{ + inputYAML: ` +apiVersion: database.u5d.io/v1 +kind: Postgres +metadata: + name: test +`, + customPlural: "postgreses", + }, + want: want{ + err: errors.New("invalid manifest: spec is required"), + }, + }, + "InvalidTopLevelKey": { + args: args{ + inputYAML: ` +apiVersion: database.u5d.io/v1 +kind: Postgres +metadata: + name: test +spec: + parameters: + version: "13" +invalidKey: shouldNotBeHere +`, + customPlural: "postgreses", + }, + want: want{ + err: errors.New("invalid manifest: valid top-level keys are: [apiVersion kind metadata spec status additionalPrinterColumns]"), + }, + }, + "InvalidAPIVersionMultipleSlashes": { + args: args{ + inputYAML: ` +apiVersion: invalid/group/version/v1 +kind: InvalidResource +metadata: + name: test +spec: + parameters: + key: value +`, + customPlural: "invalidresources", + }, + want: want{ + err: errors.New("invalid manifest: apiVersion must be in the format group/version"), + }, + }, + "MixedTypesInArray": { + args: args{ + inputYAML: ` +apiVersion: aws.u5d.io/v1 +kind: MyClaim +metadata: + name: my-claim +spec: + parameters: + - 1 + - "2" + - true +`, + customPlural: "myclaims", + }, + want: want{ + err: errors.Wrap(errors.New("error inferring property for key 'parameters': mixed types detected in array"), "failed to infer properties for spec"), + }, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + got, err := newXRDFromExample([]byte(tc.args.inputYAML), tc.args.customPlural) + + if diff := cmp.Diff(tc.want.err, err, test.EquateErrors()); diff != "" { + t.Errorf("newXRDFromExample() error -want, +got:\n%s", diff) + } + + if diff := cmp.Diff(got, tc.want.xrd, cmpopts.IgnoreFields(extv1.JSONSchemaProps{}, "Required")); diff != "" { + t.Errorf("newXRDv2() -got, +want:\n%s", diff) + } + }) + } +} + +func TestNewXRDFromSimpleSchema(t *testing.T) { + type args struct { + inputYAML string + customPlural string + } + + type want struct { + xrd *v2.CompositeResourceDefinition + err error + } + + preserveTrue := true + + cases := map[string]struct { + args args + want want + }{ + "BasicSimpleSchema": { + args: args{ + inputYAML: ` +apiVersion: aws.u5d.io/v1 +kind: XEKS +metadata: + name: test +spec: + region: string + count: integer +`, + customPlural: "xeks", + }, + want: want{ + xrd: &v2.CompositeResourceDefinition{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "apiextensions.crossplane.io/v2", + Kind: "CompositeResourceDefinition", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "xeks.aws.u5d.io", + }, + Spec: v2.CompositeResourceDefinitionSpec{ + Group: "aws.u5d.io", + Scope: v2.CompositeResourceScopeNamespaced, + Names: extv1.CustomResourceDefinitionNames{ + Categories: []string{"crossplane"}, + Kind: "XEKS", + Plural: "xeks", + }, + Versions: []v2.CompositeResourceDefinitionVersion{ + { + Name: "v1", + Referenceable: true, + Served: true, + Schema: &v2.CompositeResourceValidation{ + OpenAPIV3Schema: jsonSchemaPropsToRawExtension(&extv1.JSONSchemaProps{ + Description: "XEKS is the Schema for the XEKS API.", + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "spec": { + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "region": {Type: "string"}, + "count": {Type: "integer"}, + }, + }, + "status": { + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{}, + }, + }, + Required: []string{"spec"}, + }), + }, + }, + }, + }, + }, + }, + }, + "SimpleSchemaWithCELStatus": { + args: args{ + inputYAML: ` +apiVersion: aws.u5d.io/v1 +kind: XEKS +metadata: + name: test +spec: + region: string +status: + clusterArn: ${resources.cluster.status.atProvider.arn} + vpcId: ${resources.vpc.status.atProvider.vpcId} +`, + customPlural: "xeks", + }, + want: want{ + xrd: &v2.CompositeResourceDefinition{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "apiextensions.crossplane.io/v2", + Kind: "CompositeResourceDefinition", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "xeks.aws.u5d.io", + }, + Spec: v2.CompositeResourceDefinitionSpec{ + Group: "aws.u5d.io", + Scope: v2.CompositeResourceScopeNamespaced, + Names: extv1.CustomResourceDefinitionNames{ + Categories: []string{"crossplane"}, + Kind: "XEKS", + Plural: "xeks", + }, + Versions: []v2.CompositeResourceDefinitionVersion{ + { + Name: "v1", + Referenceable: true, + Served: true, + Schema: &v2.CompositeResourceValidation{ + OpenAPIV3Schema: jsonSchemaPropsToRawExtension(&extv1.JSONSchemaProps{ + Description: "XEKS is the Schema for the XEKS API.", + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "spec": { + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "region": {Type: "string"}, + }, + }, + "status": { + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "clusterArn": {XPreserveUnknownFields: &preserveTrue}, + "vpcId": {XPreserveUnknownFields: &preserveTrue}, + }, + }, + }, + Required: []string{"spec"}, + }), + }, + }, + }, + }, + }, + }, + }, + "SimpleSchemaWithCustomPlural": { + args: args{ + inputYAML: ` +apiVersion: database.u5d.io/v1 +kind: Postgres +metadata: + name: test +spec: + version: string +`, + customPlural: "postgreses", + }, + want: want{ + xrd: &v2.CompositeResourceDefinition{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "apiextensions.crossplane.io/v2", + Kind: "CompositeResourceDefinition", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "postgreses.database.u5d.io", + }, + Spec: v2.CompositeResourceDefinitionSpec{ + Group: "database.u5d.io", + Scope: v2.CompositeResourceScopeNamespaced, + Names: extv1.CustomResourceDefinitionNames{ + Categories: []string{"crossplane"}, + Kind: "Postgres", + Plural: "postgreses", + }, + Versions: []v2.CompositeResourceDefinitionVersion{ + { + Name: "v1", + Referenceable: true, + Served: true, + Schema: &v2.CompositeResourceValidation{ + OpenAPIV3Schema: jsonSchemaPropsToRawExtension(&extv1.JSONSchemaProps{ + Description: "Postgres is the Schema for the Postgres API.", + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "spec": { + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "version": {Type: "string"}, + }, + }, + "status": { + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{}, + }, + }, + Required: []string{"spec"}, + }), + }, + }, + }, + }, + }, + }, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + got, err := newXRDFromSimpleSchema([]byte(tc.args.inputYAML), tc.args.customPlural) + + if diff := cmp.Diff(tc.want.err, err, test.EquateErrors()); diff != "" { + t.Errorf("newXRDFromSimpleSchema() error -want, +got:\n%s", diff) + } + + if diff := cmp.Diff(got, tc.want.xrd, cmpopts.IgnoreFields(extv1.JSONSchemaProps{}, "Required")); diff != "" { + t.Errorf("newXRDFromSimpleSchema() -got, +want:\n%s", diff) + } + }) + } +} + +func jsonSchemaPropsToRawExtension(schema *extv1.JSONSchemaProps) runtime.RawExtension { + schemaBytes, err := json.Marshal(schema) + if err != nil { + panic(err) + } + return runtime.RawExtension{Raw: schemaBytes} +} diff --git a/cmd/crossplane/xrd/xrd.go b/cmd/crossplane/xrd/xrd.go new file mode 100644 index 0000000..85065ee --- /dev/null +++ b/cmd/crossplane/xrd/xrd.go @@ -0,0 +1,23 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package xrd contains commands for working with CompositeResourceDefinitions. +package xrd + +// Cmd contains XRD subcommands. +type Cmd struct { + Generate generateCmd `cmd:"" help:"Generate an XRD from a Composite Resource (XR) or SimpleSchema definition."` +} diff --git a/go.mod b/go.mod index 4c133a4..9fff595 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,10 @@ require ( dario.cat/mergo v1.0.2 github.com/Masterminds/semver/v3 v3.4.0 github.com/alecthomas/kong v1.14.0 + github.com/charmbracelet/bubbles v1.0.0 github.com/charmbracelet/bubbletea v1.3.10 + github.com/charmbracelet/lipgloss v1.1.0 + github.com/charmbracelet/x/term v0.2.2 github.com/containerd/errdefs v1.0.0 github.com/crossplane/crossplane-runtime/v2 v2.3.0-rc.0.0.20260504135302-a596e1f75635 github.com/crossplane/crossplane/apis/v2 v2.0.0-20260424160951-8f231230ebb6 @@ -15,18 +18,28 @@ require ( github.com/docker/docker v28.5.2+incompatible github.com/docker/go-connections v0.6.0 github.com/emicklei/dot v1.10.0 + github.com/getkin/kin-openapi v0.137.0 github.com/go-git/go-billy/v5 v5.8.0 github.com/go-git/go-git/v5 v5.18.0 + github.com/gobuffalo/flect v1.0.3 github.com/google/go-cmp v0.7.0 github.com/google/go-containerregistry v0.21.2 + github.com/google/ko v0.18.1 + github.com/invopop/jsonschema v0.14.0 + github.com/kubernetes-sigs/kro v0.9.1 + github.com/oapi-codegen/oapi-codegen/v2 v2.7.0 github.com/pkg/errors v0.9.1 github.com/posener/complete v1.2.3 github.com/spf13/afero v1.15.0 github.com/willabides/kongplete v0.4.0 + golang.org/x/mod v0.35.0 golang.org/x/sync v0.20.0 + golang.org/x/text v0.36.0 + golang.org/x/tools v0.44.0 google.golang.org/grpc v1.80.0 google.golang.org/protobuf v1.36.11 gopkg.in/yaml.v3 v3.0.1 + helm.sh/helm/v3 v3.20.2 k8s.io/api v0.35.3 k8s.io/apiextensions-apiserver v0.35.1 k8s.io/apimachinery v0.35.3 @@ -37,10 +50,12 @@ require ( k8s.io/metrics v0.35.1 k8s.io/utils v0.0.0-20260319190234-28399d86e0b5 sigs.k8s.io/controller-runtime v0.23.1 + sigs.k8s.io/kind v0.30.0 sigs.k8s.io/yaml v1.6.0 ) require ( + al.essio.dev/pkg/shellescape v1.6.0 // indirect cel.dev/expr v0.25.1 // indirect cloud.google.com/go/compute/metadata v0.9.0 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect @@ -53,6 +68,11 @@ require ( github.com/Azure/go-autorest/autorest/date v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.2 // indirect github.com/Azure/go-autorest/tracing v0.6.1 // indirect + github.com/BurntSushi/toml v1.6.0 // indirect + github.com/MakeNowJust/heredoc v1.0.0 // indirect + github.com/Masterminds/goutils v1.1.1 // indirect + github.com/Masterminds/sprig/v3 v3.3.0 // indirect + github.com/Masterminds/squirrel v1.5.4 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/ProtonMail/go-crypto v1.1.6 // indirect github.com/antlr4-go/antlr/v4 v4.13.1 // indirect @@ -75,22 +95,26 @@ require ( github.com/aws/smithy-go v1.24.2 // indirect github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.12.0 // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect + github.com/bahlo/generic-list-go v0.2.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/blang/semver/v4 v4.0.0 // indirect + github.com/buger/jsonparser v1.1.2 // indirect github.com/cenkalti/backoff/v5 v5.0.3 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/chai2010/gettext-go v1.0.2 // indirect github.com/charmbracelet/colorprofile v0.4.1 // indirect - github.com/charmbracelet/lipgloss v1.1.0 // indirect github.com/charmbracelet/x/ansi v0.11.6 // indirect github.com/charmbracelet/x/cellbuf v0.0.15 // indirect - github.com/charmbracelet/x/term v0.2.2 // indirect github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect github.com/clipperhouse/displaywidth v0.9.0 // indirect github.com/clipperhouse/stringish v0.1.1 // indirect github.com/clipperhouse/uax29/v2 v2.5.0 // indirect github.com/cloudflare/circl v1.6.3 // indirect + github.com/containerd/containerd v1.7.30 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect + github.com/containerd/log v0.1.0 // indirect + github.com/containerd/platforms v0.2.1 // indirect github.com/containerd/stargz-snapshotter/estargz v0.18.2 // indirect github.com/coreos/go-oidc/v3 v3.17.0 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 // indirect @@ -103,17 +127,22 @@ require ( github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/docker-credential-helpers v0.9.5 // indirect github.com/docker/go-units v0.5.0 // indirect + github.com/dprotaso/go-yit v0.0.0-20250513223454-5ece0c5aa76c // indirect github.com/dustin/go-humanize v1.0.1 // indirect github.com/emicklei/go-restful/v3 v3.13.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect + github.com/evanphx/json-patch v5.9.11+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.11 // indirect + github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect github.com/fatih/color v1.18.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.9.0 // indirect github.com/fxamacker/cbor/v2 v2.9.0 // indirect github.com/go-chi/chi/v5 v5.2.5 // indirect + github.com/go-errors/errors v1.4.2 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect + github.com/go-gorp/gorp/v3 v3.1.0 // indirect github.com/go-jose/go-jose/v4 v4.1.4 // indirect github.com/go-json-experiment/json v0.0.0-20240815175050-ebd3a8989ca1 // indirect github.com/go-logr/logr v1.4.3 // indirect @@ -141,7 +170,7 @@ require ( github.com/go-openapi/swag/yamlutils v0.25.5 // indirect github.com/go-openapi/validate v0.25.2 // indirect github.com/go-viper/mapstructure/v2 v2.5.0 // indirect - github.com/gobuffalo/flect v1.0.3 // indirect + github.com/gobwas/glob v0.2.3 // indirect github.com/golang-jwt/jwt/v4 v4.5.2 // indirect github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/golang/snappy v0.0.4 // indirect @@ -152,42 +181,59 @@ require ( github.com/google/go-containerregistry/pkg/authn/k8schain v0.0.0-20230919002926-dbcd01c402b2 // indirect github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20250225234217-098045d5e61f // indirect github.com/google/uuid v1.6.0 // indirect + github.com/gosuri/uitable v0.0.4 // indirect + github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-retryablehttp v0.7.8 // indirect + github.com/huandu/xstrings v1.5.0 // indirect github.com/in-toto/attestation v1.1.2 // indirect github.com/in-toto/in-toto-golang v0.10.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jedisct1/go-minisign v0.0.0-20241212093149-d2f9f49435c7 // indirect + github.com/jmoiron/sqlx v1.4.0 // indirect + github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/klauspost/compress v1.18.5 // indirect + github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect + github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect github.com/letsencrypt/boulder v0.20260223.0 // indirect + github.com/lib/pq v1.10.9 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/lucasb-eyer/go-colorful v1.3.0 // indirect + github.com/mailru/easyjson v0.9.1 // indirect github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-localereader v0.0.1 // indirect github.com/mattn/go-runewidth v0.0.19 // indirect + github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect + github.com/mitchellh/go-wordwrap v1.0.1 // indirect + github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect - github.com/moby/sys/sequential v0.6.0 // indirect github.com/moby/term v0.5.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect + github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect + github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect github.com/muesli/cancelreader v0.2.2 // indirect github.com/muesli/termenv v0.16.0 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect + github.com/oasdiff/yaml v0.0.9 // indirect + github.com/oasdiff/yaml3 v0.0.12 // indirect github.com/oklog/ulid/v2 v2.1.1 // indirect - github.com/onsi/ginkgo/v2 v2.27.5 // indirect - github.com/onsi/gomega v1.39.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect + github.com/pb33f/ordered-map/v2 v2.3.1 // indirect + github.com/pelletier/go-toml v1.9.5 // indirect + github.com/perimeterx/marshmallow v1.1.5 // indirect + github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pjbgf/sha1cd v0.3.2 // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect @@ -197,10 +243,15 @@ require ( github.com/prometheus/procfs v0.19.2 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/riywo/loginshell v0.0.0-20200815045211-7d26008be1ab // indirect + github.com/rubenv/sql-migrate v1.8.1 // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect + github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect github.com/sassoftware/relic v7.2.1+incompatible // indirect github.com/secure-systems-lab/go-securesystemslib v0.10.0 // indirect github.com/sergi/go-diff v1.4.0 // indirect github.com/shibumi/go-pathspec v1.3.0 // indirect + github.com/shopspring/decimal v1.4.0 // indirect + github.com/sigstore/cosign/v2 v2.6.1 // indirect github.com/sigstore/cosign/v3 v3.0.5 // indirect github.com/sigstore/protobuf-specs v0.5.0 // indirect github.com/sigstore/rekor v1.5.1 // indirect @@ -210,6 +261,9 @@ require ( github.com/sigstore/timestamp-authority/v2 v2.0.6 // indirect github.com/sirupsen/logrus v1.9.4 // indirect github.com/skeema/knownhosts v1.3.1 // indirect + github.com/speakeasy-api/jsonpath v0.6.3 // indirect + github.com/speakeasy-api/openapi v1.19.2 // indirect + github.com/spf13/cast v1.10.0 // indirect github.com/spf13/cobra v1.10.2 // indirect github.com/spf13/pflag v1.0.10 // indirect github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect @@ -219,32 +273,34 @@ require ( github.com/transparency-dev/formats v0.0.0-20251208091212-1378f9e1b1b7 // indirect github.com/transparency-dev/merkle v0.0.2 // indirect github.com/vbatts/tar-split v0.12.2 // indirect + github.com/vmware-labs/yaml-jsonpath v0.3.2 // indirect + github.com/woodsbury/decimal128 v1.4.0 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect + github.com/xlab/treeprint v1.2.0 // indirect github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect go.opentelemetry.io/auto/sdk v1.2.1 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.64.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 // indirect go.opentelemetry.io/otel v1.43.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.39.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0 // indirect go.opentelemetry.io/otel/metric v1.43.0 // indirect go.opentelemetry.io/otel/sdk v1.43.0 // indirect - go.opentelemetry.io/otel/sdk/metric v1.43.0 // indirect go.opentelemetry.io/otel/trace v1.43.0 // indirect + go.opentelemetry.io/proto/otlp v1.10.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.1 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect + go.yaml.in/yaml/v4 v4.0.0-rc.2 // indirect golang.org/x/crypto v0.50.0 // indirect golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa // indirect - golang.org/x/mod v0.35.0 // indirect golang.org/x/net v0.53.0 // indirect golang.org/x/oauth2 v0.36.0 // indirect golang.org/x/sys v0.43.0 // indirect golang.org/x/term v0.42.0 // indirect - golang.org/x/text v0.36.0 // indirect golang.org/x/time v0.15.0 // indirect - golang.org/x/tools v0.44.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 // indirect @@ -256,8 +312,13 @@ require ( k8s.io/component-base v0.35.1 // indirect k8s.io/gengo/v2 v2.0.0-20251215205346-5ee0d033ba5b // indirect k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kubectl v0.35.1 // indirect + oras.land/oras-go/v2 v2.6.0 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 // indirect sigs.k8s.io/controller-tools v0.20.0 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect + sigs.k8s.io/kustomize/api v0.20.1 // indirect + sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect sigs.k8s.io/randfill v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 // indirect ) diff --git a/go.sum b/go.sum index 5c8d72f..e54defd 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +al.essio.dev/pkg/shellescape v1.6.0 h1:NxFcEqzFSEVCGN2yq7Huv/9hyCEGVa/TncnOOBBeXHA= +al.essio.dev/pkg/shellescape v1.6.0/go.mod h1:6sIqp7X2P6mThCQ7twERpZTuigpr6KbZWtls1U8I890= cel.dev/expr v0.25.1 h1:1KrZg61W6TWSxuNZ37Xy49ps13NUovb66QLprthtwi4= cel.dev/expr v0.25.1/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4= cloud.google.com/go v0.123.0 h1:2NAUJwPR47q+E35uaJeYoNhuNEM9kM8SjgRgdeOJUSE= @@ -16,6 +18,7 @@ cloud.google.com/go/longrunning v0.8.0 h1:LiKK77J3bx5gDLi4SMViHixjD2ohlkwBi+mKA7 cloud.google.com/go/longrunning v0.8.0/go.mod h1:UmErU2Onzi+fKDg2gR7dusz11Pe26aknR4kHmJJqIfk= dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= +filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= filippo.io/edwards25519 v1.2.0 h1:crnVqOiS4jqYleHd9vaKZ+HKtHfllngJIiOpNpoJsjo= filippo.io/edwards25519 v1.2.0/go.mod h1:xzAOLCNug/yB62zG1bQ8uziwrIqIuxhctzJT18Q77mc= github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk= @@ -64,11 +67,25 @@ github.com/Azure/go-autorest/tracing v0.6.1 h1:YUMSrC/CeD1ZnnXcNYU4a/fzsO35u2Fsf github.com/Azure/go-autorest/tracing v0.6.1/go.mod h1:/3EgjbsjraOqiicERAeu3m7/z0x1TzjQGAwDrJrXGkc= github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 h1:XRzhVemXdgvJqCH0sFfrBUTnUJSBrBf7++ypk+twtRs= github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk= +github.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk= +github.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= +github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= +github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= +github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= +github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= +github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= +github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= +github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM= +github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= +github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I= +github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/ProtonMail/go-crypto v1.1.6 h1:ZcV+Ropw6Qn0AX9brlQLAUXfqLBc7Bl+f/DmNxpLfdw= github.com/ProtonMail/go-crypto v1.1.6/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0= @@ -127,18 +144,28 @@ github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.12.0 h1:JFWXO6QPihC github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.12.0/go.mod h1:046/oLyFlYdAghYQE2yHXi/E//VM5Cf3/dFmA+3CZ0c= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= +github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk= +github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70= +github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= +github.com/buger/jsonparser v1.1.2 h1:frqHqw7otoVbk5M8LlE/L7HTnIq2v9RX6EJ48i9AxJk= +github.com/buger/jsonparser v1.1.2/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= +github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= +github.com/charmbracelet/bubbles v1.0.0 h1:12J8/ak/uCZEMQ6KU7pcfwceyjLlWsDLAxB5fXonfvc= +github.com/charmbracelet/bubbles v1.0.0/go.mod h1:9d/Zd5GdnauMI5ivUIVisuEm3ave1XwXtD1ckyV6r3E= github.com/charmbracelet/bubbletea v1.3.10 h1:otUDHWMMzQSB0Pkc87rm691KZ3SWa4KUlvF9nRvCICw= github.com/charmbracelet/bubbletea v1.3.10/go.mod h1:ORQfo0fk8U+po9VaNvnV95UPWA1BitP1E0N6xJPlHr4= github.com/charmbracelet/colorprofile v0.4.1 h1:a1lO03qTrSIRaK8c3JRxJDZOvhvIeSco3ej+ngLk1kk= @@ -166,12 +193,16 @@ github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4= +github.com/containerd/containerd v1.7.30 h1:/2vezDpLDVGGmkUXmlNPLCCNKHJ5BbC5tJB5JNzQhqE= +github.com/containerd/containerd v1.7.30/go.mod h1:fek494vwJClULlTpExsmOyKCMUAbuVjlFsJQc4/j44M= github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= +github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= +github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= github.com/containerd/stargz-snapshotter/estargz v0.18.2 h1:yXkZFYIzz3eoLwlTUZKz2iQ4MrckBxJjkmD16ynUTrw= github.com/containerd/stargz-snapshotter/estargz v0.18.2/go.mod h1:XyVU5tcJ3PRpkA9XS2T5us6Eg35yM0214Y+wvrZTBrY= github.com/coreos/go-oidc/v3 v3.17.0 h1:hWBGaQfbi0iVviX4ibC7bk8OKT5qNr4klBaCHVNvehc= @@ -199,6 +230,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/digitorus/pkcs7 v0.0.0-20230713084857-e76b763bdc49/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc= github.com/digitorus/pkcs7 v0.0.0-20250730155240-ffadbf3f398c h1:g349iS+CtAvba7i0Ee9EP1TlTZ9w+UncBY6HSmsFZa0= github.com/digitorus/pkcs7 v0.0.0-20250730155240-ffadbf3f398c/go.mod h1:mCGGmWkOQvEuLdIRfPIpXViBfpWto4AhwtJlAvo62SQ= @@ -206,8 +239,12 @@ github.com/digitorus/timestamp v0.0.0-20250524132541-c45532741eea h1:ALRwvjsSP53 github.com/digitorus/timestamp v0.0.0-20250524132541-c45532741eea/go.mod h1:GvWntX9qiTlOud0WkQ6ewFm0LPy5JUR1Xo0Ngbd1w6Y= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= +github.com/distribution/distribution/v3 v3.0.0 h1:q4R8wemdRQDClzoNNStftB2ZAfqOiN6UX90KJc4HjyM= +github.com/distribution/distribution/v3 v3.0.0/go.mod h1:tRNuFoZsUdyRVegq8xGNeds4KLjwLCRin/tTo6i1DhU= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= +github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI= +github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= github.com/docker/cli v29.4.0+incompatible h1:+IjXULMetlvWJiuSI0Nbor36lcJ5BTcVpUmB21KBoVM= github.com/docker/cli v29.4.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= @@ -218,8 +255,15 @@ github.com/docker/docker-credential-helpers v0.9.5 h1:EFNN8DHvaiK8zVqFA2DT6BjXE0 github.com/docker/docker-credential-helpers v0.9.5/go.mod h1:v1S+hepowrQXITkEfw6o4+BMbGot02wiKpzWhGUZK6c= github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94= github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE= +github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= +github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= +github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= +github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/dprotaso/go-yit v0.0.0-20191028211022-135eb7262960/go.mod h1:9HQzr9D/0PGwMEbC3d5AB7oi67+h4TsQqItC1GVYG58= +github.com/dprotaso/go-yit v0.0.0-20250513223454-5ece0c5aa76c h1:EMwsP/vaHQDLhAX1kNIng5mHEhg+CkS18m0AL825n6U= +github.com/dprotaso/go-yit v0.0.0-20250513223454-5ece0c5aa76c/go.mod h1:lHwJo6jMevQL9tNpW6vLyhkK13bYHBcoh9tUakMhbnE= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o= @@ -236,10 +280,16 @@ github.com/evanphx/json-patch v5.9.11+incompatible h1:ixHHqfcGvxhWkniF1tWxBHA0yb github.com/evanphx/json-patch v5.9.11+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU= github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= +github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4= +github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc= github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/foxcpp/go-mockdns v1.2.0 h1:omK3OrHRD1IWJz1FuFBCFquhXslXoF17OvBS6JPzZF0= +github.com/foxcpp/go-mockdns v1.2.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= +github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= @@ -247,10 +297,14 @@ github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= +github.com/getkin/kin-openapi v0.137.0 h1:Q3HhawNQV0GfvO2mIYMUBUSEFrDsVlzcYz4VydL9YEo= +github.com/getkin/kin-openapi v0.137.0/go.mod h1:vUYWaKyMqj7PfTybelXtLuLN9tReS12vxnzMRK+z2GY= github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c= github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU= github.com/go-chi/chi/v5 v5.2.5 h1:Eg4myHZBjyvJmAFjFvWgrqDTXFyOzjj7YIm3L3mu6Ug= github.com/go-chi/chi/v5 v5.2.5/go.mod h1:X7Gx4mteadT3eDOMTsXzmI4/rwUpOwBHLpAfupzFJP0= +github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= +github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= github.com/go-git/go-billy/v5 v5.8.0 h1:I8hjc3LbBlXTtVuFNJuwYuMiHvQJDq1AT6u4DwDzZG0= @@ -259,6 +313,8 @@ github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMj github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= github.com/go-git/go-git/v5 v5.18.0 h1:O831KI+0PR51hM2kep6T8k+w0/LIAD490gvqMCvL5hM= github.com/go-git/go-git/v5 v5.18.0/go.mod h1:pW/VmeqkanRFqR6AljLcs7EA7FbZaN5MQqO7oZADXpo= +github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs= +github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw= github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA= github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-json-experiment/json v0.0.0-20240815175050-ebd3a8989ca1 h1:xcuWappghOVI8iNWoF2OKahVejd1LSVi/v4JED44Amo= @@ -320,16 +376,21 @@ github.com/go-openapi/validate v0.25.2 h1:12NsfLAwGegqbGWr2CnvT65X/Q2USJipmJ9b7x github.com/go-openapi/validate v0.25.2/go.mod h1:Pgl1LpPPGFnZ+ys4/hTlDiRYQdI1ocKypgE+8Q8BLfY= github.com/go-rod/rod v0.116.2 h1:A5t2Ky2A+5eD/ZJQr1EfsQSe5rms5Xof/qj296e+ZqA= github.com/go-rod/rod v0.116.2/go.mod h1:H+CMO9SCNc2TJ2WfrG+pKhITz57uGNYU43qYHh438Mg= +github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo= github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= +github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/go-viper/mapstructure/v2 v2.5.0 h1:vM5IJoUAy3d7zRSVtIwQgBj7BiWtMPfmPEgAXnvj1Ro= github.com/go-viper/mapstructure/v2 v2.5.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM= github.com/gobuffalo/flect v1.0.3 h1:xeWBM2nui+qnVvNM4S3foBhCAL2XgPU+a7FdpelbTq4= github.com/gobuffalo/flect v1.0.3/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= +github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= +github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= @@ -379,11 +440,15 @@ github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-2025022523421 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/ko v0.18.1 h1:F2WDFIi/eZe5thmFCuk/uH0eVr7ilWCThl+UoTHEKSk= +github.com/google/ko v0.18.1/go.mod h1:YjJWJhmZ7prVtHm/LFfwqeIAIhcyr/gxtztI8+Jrxl4= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20250602020802-c6617b811d0e h1:FJta/0WsADCe1r9vQjdHbd3KuiLPu7Y9WlyLGwMUNyE= github.com/google/pprof v0.0.0-20250602020802-c6617b811d0e/go.mod h1:5hDyRhoBCxViHszMt12TnOpEI4VVi+U8Gm9iphldiMA= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= +github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= +github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/trillian v1.7.2 h1:EPBxc4YWY4Ak8tcuhyFleY+zYlbCDCa4Sn24e1Ka8Js= github.com/google/trillian v1.7.2/go.mod h1:mfQJW4qRH6/ilABtPYNBerVJAJ/upxHLX81zxNQw05s= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -392,6 +457,14 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.14 h1:yh8ncqsbUY4shRD5dA github.com/googleapis/enterprise-certificate-proxy v0.3.14/go.mod h1:vqVt9yG9480NtzREnTlmGSBmFrA+bzb0yl0TxoBQXOg= github.com/googleapis/gax-go/v2 v2.19.0 h1:fYQaUOiGwll0cGj7jmHT/0nPlcrZDFPrZRhTsoCr8hE= github.com/googleapis/gax-go/v2 v2.19.0/go.mod h1:w2ROXVdfGEVFXzmlciUU4EdjHgWvB5h2n6x/8XSTTJA= +github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE= +github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w= +github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= +github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= +github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= +github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= +github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= +github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= @@ -418,6 +491,8 @@ github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= github.com/hashicorp/go-sockaddr v1.0.7 h1:G+pTkSO01HpR5qCxg7lxfsFEZaG+C0VssTy/9dbT+Fw= github.com/hashicorp/go-sockaddr v1.0.7/go.mod h1:FZQbEYa1pxkQ7WLpyXJ6cbjpT8q0YgQaK/JakXqGyWw= +github.com/hashicorp/golang-lru/arc/v2 v2.0.5 h1:l2zaLDubNhW4XO3LnliVj0GXO3+/CGNJAg1dcN2Fpfw= +github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2PXJtirBN7RDhRpxPkxU= github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= github.com/hashicorp/hcl v1.0.1-vault-7 h1:ag5OxFVy3QYTFTJODRzTKVZ6xvdfLLCA1cy/Y6xGI0I= @@ -429,6 +504,8 @@ github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSo github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb28sjiS3i7tcKCkflWFEkHfuAgM= github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= +github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/in-toto/attestation v1.1.2 h1:MBFn6lsMq6dptQZJBhalXTcWMb/aJy3V+GX3VYj/V1E= github.com/in-toto/attestation v1.1.2/go.mod h1:gYFddHMZj3DiQ0b62ltNi1Vj5rC879bTmBbrv9CRHpM= @@ -436,6 +513,8 @@ github.com/in-toto/in-toto-golang v0.10.0 h1:+s2eZQSK3WmWfYV85qXVSBfqgawi/5L02Ma github.com/in-toto/in-toto-golang v0.10.0/go.mod h1:wjT4RiyFlLWCmLUJjwB8oZcjaq7HA390aMJcD3xXgmg= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/invopop/jsonschema v0.14.0 h1:MHQqLhvpNUZfw+hM3AZDYK7jxO8FZoQeQM77g8iyZjg= +github.com/invopop/jsonschema v0.14.0/go.mod h1:ygm6C2EaVNMBDPpaPlnOA2pFAxBnxGjFlMZABxm9n2I= github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo= @@ -454,6 +533,10 @@ github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 h1:liMMTbpW github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI= +github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o= +github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= @@ -467,14 +550,24 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/kubernetes-sigs/kro v0.9.1 h1:xf/jNNgK6ChVk6LXaHhSHycEJnXiwNVUKkScB3tHuio= +github.com/kubernetes-sigs/kro v0.9.1/go.mod h1:s5vJ+L1MLgF5I2xKexuQIa+WubQ1S4mhhbL3xMILKss= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= +github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw= +github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o= +github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk= +github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw= github.com/letsencrypt/boulder v0.20260223.0 h1:xdS2OnJNUasR6TgVIOpqqcvdkOu47+PQQMBk9ThuWBw= github.com/letsencrypt/boulder v0.20260223.0/go.mod h1:r3aTSA7UZ7dbDfiGK+HLHJz0bWNbHk6YSPiXgzl23sA= +github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= +github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/lucasb-eyer/go-colorful v1.3.0 h1:2/yBRLdWBZKrf7gB40FoiKfAWYQ0lqNcbuQwVHXptag= github.com/lucasb-eyer/go-colorful v1.3.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= +github.com/mailru/easyjson v0.9.1 h1:LbtsOm5WAswyWbvTEOqhypdPeZzHavpZx96/n553mR8= +github.com/mailru/easyjson v0.9.1/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= @@ -483,10 +576,21 @@ github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2J github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88= github.com/mattn/go-runewidth v0.0.19 h1:v++JhqYnZuu5jSKrk9RbgF5v4CGUjqRfBm05byFGLdw= github.com/mattn/go-runewidth v0.0.19/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs= +github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= +github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM= +github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= +github.com/miekg/dns v1.1.61 h1:nLxbwF3XxhwVSm8g9Dghm9MHPaUZuqhPiGL+675ZmEs= +github.com/miekg/dns v1.1.61/go.mod h1:mnAarhS3nWaW+NVP2wTkYVIZyHNJ098SJZUki3eykwQ= +github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= +github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= +github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c h1:cqn374mizHuIWj+OSJCajGr/phAmuMug9qIX3l9CflE= github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= +github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw= @@ -501,6 +605,10 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8= github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw= +github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= +github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= +github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= github.com/morikuni/aec v1.1.0 h1:vBBl0pUnvi/Je71dsRrhMBtreIqNMYErSAbEeb8jrXQ= github.com/morikuni/aec v1.1.0/go.mod h1:xDRgiq/iw5l+zkao76YTKzKttOp2cwPEne25HDkJnBw= github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI= @@ -519,9 +627,16 @@ github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY= github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc= +github.com/oapi-codegen/oapi-codegen/v2 v2.7.0 h1:/8daqIYZfwnsHEAZdHUu9m0D5LA+5DoJCP7zLlT5Cs0= +github.com/oapi-codegen/oapi-codegen/v2 v2.7.0/go.mod h1:qzFy6iuobJw/hD1aRILee4G87/ShmhR0xYCwcUtZMCw= +github.com/oasdiff/yaml v0.0.9 h1:zQOvd2UKoozsSsAknnWoDJlSK4lC0mpmjfDsfqNwX48= +github.com/oasdiff/yaml v0.0.9/go.mod h1:8lvhgJG4xiKPj3HN5lDow4jZHPlx1i7dIwzkdAo6oAM= +github.com/oasdiff/yaml3 v0.0.12 h1:75urAtPeDg2/iDEWwzNrLOWxI9N/dCh81nTTJtokt2M= +github.com/oasdiff/yaml3 v0.0.12/go.mod h1:y5+oSEHCPT/DGrS++Wc/479ERge0zTFxaF8PbGKcg2o= github.com/oklog/ulid/v2 v2.1.1 h1:suPZ4ARWLOJLegGFiZZ1dFAkqzhMjL3J1TzI+5wHz8s= github.com/oklog/ulid/v2 v2.1.1/go.mod h1:rcEKHmBBKfef9DhnvX7y1HZBYxjXb0cP5ExxNsTT1QQ= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.10.2/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= @@ -529,6 +644,7 @@ github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042 github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= github.com/onsi/ginkgo/v2 v2.27.5 h1:ZeVgZMx2PDMdJm/+w5fE/OyG6ILo1Y3e+QX4zSR0zTE= github.com/onsi/ginkgo/v2 v2.27.5/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo= +github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= @@ -539,7 +655,17 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= +github.com/pb33f/ordered-map/v2 v2.3.1 h1:5319HDO0aw4DA4gzi+zv4FXU9UlSs3xGZ40wcP1nBjY= +github.com/pb33f/ordered-map/v2 v2.3.1/go.mod h1:qxFQgd0PkVUtOMCkTapqotNgzRhMPL7VvaHKbd1HnmQ= github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o= +github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= +github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= +github.com/perimeterx/marshmallow v1.1.5 h1:a2LALqQ1BlHM8PZblsDdidgv1mWi1DgC2UmX50IvK2s= +github.com/perimeterx/marshmallow v1.1.5/go.mod h1:dsXbUu8CRzfYP5a87xpp0xq9S3u0Vchtcl8we9tYaXw= +github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= +github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI= +github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4= github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= @@ -551,33 +677,53 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= +github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY= +github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg= github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o= github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= github.com/prometheus/common v0.67.5 h1:pIgK94WWlQt1WLwAC5j2ynLaBRDiinoAb86HZHTUGI4= github.com/prometheus/common v0.67.5/go.mod h1:SjE/0MzDEEAyrdr5Gqc6G+sXI67maCxzaT3A2+HqjUw= +github.com/prometheus/otlptranslator v1.0.0 h1:s0LJW/iN9dkIH+EnhiD3BlkkP5QVIUVEoIwkU+A6qos= +github.com/prometheus/otlptranslator v1.0.0/go.mod h1:vRYWnXvI6aWGpsdY/mOT/cbeVRBlPWtBNDb7kGR3uKM= github.com/prometheus/procfs v0.19.2 h1:zUMhqEW66Ex7OXIiDkll3tl9a1ZdilUOd/F6ZXw4Vws= github.com/prometheus/procfs v0.19.2/go.mod h1:M0aotyiemPhBCM0z5w87kL22CxfcH05ZpYlu+b4J7mw= +github.com/redis/go-redis/extra/rediscmd/v9 v9.5.3 h1:1/BDligzCa40GTllkDnY3Y5DTHuKCONbB2JcRyIfl20= +github.com/redis/go-redis/extra/rediscmd/v9 v9.5.3/go.mod h1:3dZmcLn3Qw6FLlWASn1g4y+YO9ycEFUOM+bhBmzLVKQ= +github.com/redis/go-redis/extra/redisotel/v9 v9.5.3 h1:kuvuJL/+MZIEdvtb/kTBRiRgYaOmx1l+lYJyVdrRUOs= +github.com/redis/go-redis/extra/redisotel/v9 v9.5.3/go.mod h1:7f/FMrf5RRRVHXgfk7CzSVzXHiWeuOQUu2bsVqWoa+g= +github.com/redis/go-redis/v9 v9.18.0 h1:pMkxYPkEbMPwRdenAzUNyFNrDgHx9U+DrBabWNfSRQs= +github.com/redis/go-redis/v9 v9.18.0/go.mod h1:k3ufPphLU5YXwNTUcCRXGxUoF1fqxnhFQmscfkCoDA0= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/riywo/loginshell v0.0.0-20200815045211-7d26008be1ab h1:ZjX6I48eZSFetPb41dHudEyVr5v953N15TsNZXlkcWY= github.com/riywo/loginshell v0.0.0-20200815045211-7d26008be1ab/go.mod h1:/PfPXh0EntGc3QAAyUaviy4S9tzy4Zp0e2ilq4voC6E= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= +github.com/rubenv/sql-migrate v1.8.1 h1:EPNwCvjAowHI3TnZ+4fQu3a915OpnQoPAjTXCGOy2U0= +github.com/rubenv/sql-migrate v1.8.1/go.mod h1:BTIKBORjzyxZDS6dzoiw6eAFYJ1iNlGAtjn4LGeVjS8= +github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= +github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEVZGK7IN2kJkjTuQ= +github.com/santhosh-tekuri/jsonschema/v6 v6.0.2/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU= github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A= github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk= github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgmZlUv4= github.com/sassoftware/relic/v7 v7.6.2/go.mod h1:kjmP0IBVkJZ6gXeAu35/KCEfca//+PKM6vTAsyDPY+k= github.com/secure-systems-lab/go-securesystemslib v0.10.0 h1:l+H5ErcW0PAehBNrBxoGv1jjNpGYdZ9RcheFkB2WI14= github.com/secure-systems-lab/go-securesystemslib v0.10.0/go.mod h1:MRKONWmRoFzPNQ9USRF9i1mc7MvAVvF1LlW8X5VWDvk= +github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw= github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/shibumi/go-pathspec v1.3.0 h1:QUyMZhFo0Md5B8zV8x2tesohbb5kfbpTi9rBnKh5dkI= github.com/shibumi/go-pathspec v1.3.0/go.mod h1:Xutfslp817l2I1cZvgcfeMQJG5QnU2lh5tVaaMCl3jE= +github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= +github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= +github.com/sigstore/cosign/v2 v2.6.1 h1:7Wf67ENNCjg+1fLqHRPgKUNaCCnCavnEfCe1LApOoIo= +github.com/sigstore/cosign/v2 v2.6.1/go.mod h1:L37doL+7s6IeCXFODV2J7kds5Po/srlVzA//++YqAJ8= github.com/sigstore/cosign/v3 v3.0.5 h1:c1zPqjU+H4wmirgysC+AkWMg7a7fykyOYF/m+F1150I= github.com/sigstore/cosign/v3 v3.0.5/go.mod h1:ble1vMvJagCFyTIDkibCq6MIHiWDw00JNYl0f9rB4T4= github.com/sigstore/protobuf-specs v0.5.0 h1:F8YTI65xOHw70NrvPwJ5PhAzsvTnuJMGLkA4FIkofAY= @@ -605,8 +751,14 @@ github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g= github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnBY8= github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY= +github.com/speakeasy-api/jsonpath v0.6.3 h1:c+QPwzAOdrWvzycuc9HFsIZcxKIaWcNpC+xhOW9rJxU= +github.com/speakeasy-api/jsonpath v0.6.3/go.mod h1:2cXloNuQ+RSXi5HTRaeBh7JEmjRXTiaKpFTdZiL7URI= +github.com/speakeasy-api/openapi v1.19.2 h1:md90tE71/M8jS3cuRlsuWP5Aed4xoG5PSRvXeZgCv/M= +github.com/speakeasy-api/openapi v1.19.2/go.mod h1:UfKa7FqE4jgexJZuj51MmdHAFGmDv0Zaw3+yOd81YKU= github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I= github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg= +github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY= +github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo= github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4= github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= @@ -621,6 +773,8 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -648,14 +802,22 @@ github.com/transparency-dev/formats v0.0.0-20251208091212-1378f9e1b1b7 h1:PwfIAv github.com/transparency-dev/formats v0.0.0-20251208091212-1378f9e1b1b7/go.mod h1:mQ5ASe7MNPT+yRc47hLguwsNdE2Go0mT6piyzUO+ynw= github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4= github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A= +github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU= +github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg= github.com/vbatts/tar-split v0.12.2 h1:w/Y6tjxpeiFMR47yzZPlPj/FcPLpXbTUi/9H7d3CPa4= github.com/vbatts/tar-split v0.12.2/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA= +github.com/vmware-labs/yaml-jsonpath v0.3.2 h1:/5QKeCBGdsInyDCyVNLbXyilb61MXGi9NP674f9Hobk= +github.com/vmware-labs/yaml-jsonpath v0.3.2/go.mod h1:U6whw1z03QyqgWdgXxvVnQ90zN1BWz5V+51Ewf8k+rQ= github.com/willabides/kongplete v0.4.0 h1:eivXxkp5ud5+4+NVN9e4goxC5mSh3n1RHov+gsblM2g= github.com/willabides/kongplete v0.4.0/go.mod h1:0P0jtWD9aTsqPSUAl4de35DLghrr57XcayPyvqSi2X8= +github.com/woodsbury/decimal128 v1.4.0 h1:xJATj7lLu4f2oObouMt2tgGiElE5gO6mSWUjQsBgUlc= +github.com/woodsbury/decimal128 v1.4.0/go.mod h1:BP46FUrVjVhdTbKT+XuQh2xfQaGki9LMIRJSFuh6THU= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= +github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= +github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= github.com/ysmood/fetchup v0.2.3 h1:ulX+SonA0Vma5zUFXtv52Kzip/xe7aj4vqT5AJwQ+ZQ= @@ -680,22 +842,46 @@ go.etcd.io/etcd/client/v3 v3.6.8 h1:B3G76t1UykqAOrbio7s/EPatixQDkQBevN8/mwiplrY= go.etcd.io/etcd/client/v3 v3.6.8/go.mod h1:MVG4BpSIuumPi+ELF7wYtySETmoTWBHVcDoHdVupwt8= go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= +go.opentelemetry.io/contrib/bridges/prometheus v0.57.0 h1:UW0+QyeyBVhn+COBec3nGhfnFe5lwB0ic1JBVjzhk0w= +go.opentelemetry.io/contrib/bridges/prometheus v0.57.0/go.mod h1:ppciCHRLsyCio54qbzQv0E4Jyth/fLWDTJYfvWpcSVk= +go.opentelemetry.io/contrib/exporters/autoexport v0.57.0 h1:jmTVJ86dP60C01K3slFQa2NQ/Aoi7zA+wy7vMOKD9H4= +go.opentelemetry.io/contrib/exporters/autoexport v0.57.0/go.mod h1:EJBheUMttD/lABFyLXhce47Wr6DPWYReCzaZiXadH7g= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.64.0 h1:RN3ifU8y4prNWeEnQp2kRRHz8UwonAEYZl8tUzHEXAk= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.64.0/go.mod h1:habDz3tEWiFANTo6oUE99EmaFUrCNYAAg3wiVmusm70= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 h1:OyrsyzuttWTSur2qN/Lm0m2a8yqyIjUVBZcxFPuXq2o= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0/go.mod h1:C2NGBr+kAB4bk3xtMXfZ94gqFDtg/GkI7e9zqGh5Beg= go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 h1:WzNab7hOOLzdDF/EoWCt4glhrbMPVMOO5JYTmpz36Ls= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0/go.mod h1:hKvJwTzJdp90Vh7p6q/9PAOd55dI6WA6sWj62a/JvSs= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0 h1:S+LdBGiQXtJdowoJoQPEtI52syEP/JYBUpjO49EQhV8= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0/go.mod h1:5KXybFvPGds3QinJWQT7pmXf+TN5YIa7CNYObWRkj50= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 h1:j7ZSD+5yn+lo3sGV69nW04rRR0jhYnBwjuX3r0HvnK0= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0/go.mod h1:WXbYJTUaZXAbYd8lbgGuvih0yuCfOFC5RJoYnoLcGz8= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 h1:t/Qur3vKSkUCcDVaSumWF2PKHt85pc7fRvFuoVT8qFU= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0/go.mod h1:Rl61tySSdcOJWoEgYZVtmnKdA0GeKrSqkHC1t+91CH8= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 h1:88Y4s2C8oTui1LGM6bTWkw0ICGcOLCAI5l6zsD1j20k= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0/go.mod h1:Vl1/iaggsuRlrHf/hfPJPvVag77kKyvrLeD10kpMl+A= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.39.0 h1:in9O8ESIOlwJAEGTkkf34DesGRAc/Pn8qJ7k3r/42LM= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.39.0/go.mod h1:Rp0EXBm5tfnv0WL+ARyO/PHBEaEAT8UUHQ6AGJcSq6c= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0 h1:3iZJKlCZufyRzPzlQhUIWVmfltrXuGyfjREgGP3UUjc= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0/go.mod h1:/G+nUPfhq2e+qiXMGxMwumDrP5jtzU+mWN7/sjT2rak= +go.opentelemetry.io/otel/exporters/prometheus v0.62.0 h1:krvC4JMfIOVdEuNPTtQ0ZjCiXrybhv+uOHMfHRmnvVo= +go.opentelemetry.io/otel/exporters/prometheus v0.62.0/go.mod h1:fgOE6FM/swEnsVQCqCnbOfRV4tOnWPg7bVeo4izBuhQ= +go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0 h1:CHXNXwfKWfzS65yrlB2PVds1IBZcdsX8Vepy9of0iRU= +go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0/go.mod h1:zKU4zUgKiaRxrdovSS2amdM5gOc59slmo/zJwGX+YBg= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0 h1:SZmDnHcgp3zwlPBS2JX2urGYe/jBKEIT6ZedHRUyCz8= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0/go.mod h1:fdWW0HtZJ7+jNpTKUR0GpMEDP69nR8YBJQxNiVCE3jk= +go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0 h1:cC2yDI3IQd0Udsux7Qmq8ToKAx1XCilTQECZ0KDZyTw= +go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0/go.mod h1:2PD5Ex6z8CFzDbTdOlwyNIUywRr1DN0ospafJM1wJ+s= +go.opentelemetry.io/otel/log v0.8.0 h1:egZ8vV5atrUWUbnSsHn6vB8R21G2wrKqNiDt3iWertk= +go.opentelemetry.io/otel/log v0.8.0/go.mod h1:M9qvDdUTRCopJcGRKg57+JSQ9LgLBrwwfC32epk5NX8= go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM= go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY= go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg= go.opentelemetry.io/otel/sdk v1.43.0/go.mod h1:P+IkVU3iWukmiit/Yf9AWvpyRDlUeBaRg6Y+C58QHzg= +go.opentelemetry.io/otel/sdk/log v0.8.0 h1:zg7GUYXqxk1jnGF/dTdLPrK06xJdrXgqgFLnI4Crxvs= +go.opentelemetry.io/otel/sdk/log v0.8.0/go.mod h1:50iXr0UVwQrYS45KbruFrEt4LvAdCaWWgIrsN3ZQggo= go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfCGLEo89fDkw= go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A= go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A= @@ -704,6 +890,8 @@ go.opentelemetry.io/proto/otlp v1.10.0 h1:IQRWgT5srOCYfiWnpqUYz9CVmbO8bFmKcwYxpu go.opentelemetry.io/proto/otlp v1.10.0/go.mod h1:/CV4QoCR/S9yaPj8utp3lvQPoqMtxXdzn7ozvvozVqk= go.step.sm/crypto v0.77.2 h1:qFjjei+RHc5kP5R7NW9OUWT7SqWIuAOvOkXqg4fNWj8= go.step.sm/crypto v0.77.2/go.mod h1:W0YJb9onM5l78qgkXIJ2Up6grnwW8EtpCKIza/NCg0o= +go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= +go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= @@ -714,6 +902,8 @@ go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= +go.yaml.in/yaml/v4 v4.0.0-rc.2 h1:/FrI8D64VSr4HtGIlUtlFMGsm7H7pWTbj6vOLVZcA6s= +go.yaml.in/yaml/v4 v4.0.0-rc.2/go.mod h1:aZqd9kCMsGL7AuUv/m/PvWLdg5sjJsZ4oHDEnfPPfY0= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -854,16 +1044,20 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkep gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20191026110619-0b21df46bc1d/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.1.0 h1:rVV8Tcg/8jHUkPUorwjaMTtemIMVXfIPKiOqnhEhakk= gotest.tools/v3 v3.1.0/go.mod h1:fHy7eyTmJFO5bQbUsEGQ1v4m2J3Jz9eWL54TP2/ZuYQ= +helm.sh/helm/v3 v3.20.2 h1:binM4rvPx5DcNsa1sIt7UZi55lRbu3pZUFmQkSoRh48= +helm.sh/helm/v3 v3.20.2/go.mod h1:Fl1kBaWCpkUrM6IYXPjQ3bdZQfFrogKArqptvueZ6Ww= k8s.io/api v0.35.3 h1:pA2fiBc6+N9PDf7SAiluKGEBuScsTzd2uYBkA5RzNWQ= k8s.io/api v0.35.3/go.mod h1:9Y9tkBcFwKNq2sxwZTQh1Njh9qHl81D0As56tu42GA4= k8s.io/apiextensions-apiserver v0.35.1 h1:p5vvALkknlOcAqARwjS20kJffgzHqwyQRM8vHLwgU7w= @@ -886,10 +1080,14 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20260127142750-a19766b6e2d4 h1:HhDfevmPS+OalTjQRKbTHppRIz01AWi8s45TMXStgYY= k8s.io/kube-openapi v0.0.0-20260127142750-a19766b6e2d4/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= +k8s.io/kubectl v0.35.1 h1:zP3Er8C5i1dcAFUMh9Eva0kVvZHptXIn/+8NtRWMxwg= +k8s.io/kubectl v0.35.1/go.mod h1:cQ2uAPs5IO/kx8R5s5J3Ihv3VCYwrx0obCXum0CvnXo= k8s.io/metrics v0.35.1 h1:MUcrUcWlq81XiripkydzCGsY9zQawDXfP9IICNNcVVw= k8s.io/metrics v0.35.1/go.mod h1:9x7xWOAOiWzHA0vaqLgSE4PXF3vyT5ts5XIbx8OSjiI= k8s.io/utils v0.0.0-20260319190234-28399d86e0b5 h1:kBawHLSnx/mYHmRnNUf9d4CpjREbeZuxoSGOX/J+aYM= k8s.io/utils v0.0.0-20260319190234-28399d86e0b5/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= +oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= +oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 h1:hSfpvjjTQXQY2Fol2CS0QHMNs/WI1MOSGzCm1KhM5ec= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= @@ -898,6 +1096,12 @@ sigs.k8s.io/controller-tools v0.20.0 h1:VWZF71pwSQ2lZZCt7hFGJsOfDc5dVG28/IysjjMW sigs.k8s.io/controller-tools v0.20.0/go.mod h1:b4qPmjGU3iZwqn34alUU5tILhNa9+VXK+J3QV0fT/uU= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= +sigs.k8s.io/kind v0.30.0 h1:2Xi1KFEfSMm0XDcvKnUt15ZfgRPCT0OnCBbpgh8DztY= +sigs.k8s.io/kind v0.30.0/go.mod h1:FSqriGaoTPruiXWfRnUXNykF8r2t+fHtK0P0m1AbGF8= +sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= +sigs.k8s.io/kustomize/api v0.20.1/go.mod h1:t6hUFxO+Ph0VxIk1sKp1WS0dOjbPCtLJ4p8aADLwqjM= +sigs.k8s.io/kustomize/kyaml v0.20.1 h1:PCMnA2mrVbRP3NIB6v9kYCAc38uvFLVs8j/CD567A78= +sigs.k8s.io/kustomize/kyaml v0.20.1/go.mod h1:0EmkQHRUsJxY8Ug9Niig1pUMSCGHxQ5RklbpV/Ri6po= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 h1:2WOzJpHUBVrrkDjU4KBT8n5LDcj824eX0I5UKcgeRUs= diff --git a/gomod2nix.toml b/gomod2nix.toml index f01ddbf..8df5d42 100644 --- a/gomod2nix.toml +++ b/gomod2nix.toml @@ -1,7 +1,10 @@ schema = 3 -cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario.cat/mergo", "github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/runtime/2019-08-15-preview/containerregistry", "github.com/Azure/azure-sdk-for-go/version", "github.com/Azure/go-autorest/autorest", "github.com/Azure/go-autorest/autorest/adal", "github.com/Azure/go-autorest/autorest/azure", "github.com/Azure/go-autorest/autorest/azure/auth", "github.com/Azure/go-autorest/autorest/azure/cli", "github.com/Azure/go-autorest/autorest/date", "github.com/Azure/go-autorest/logger", "github.com/Azure/go-autorest/tracing", "github.com/Masterminds/semver/v3", "github.com/ProtonMail/go-crypto/bitcurves", "github.com/ProtonMail/go-crypto/brainpool", "github.com/ProtonMail/go-crypto/eax", "github.com/ProtonMail/go-crypto/ocb", "github.com/ProtonMail/go-crypto/openpgp", "github.com/ProtonMail/go-crypto/openpgp/aes/keywrap", "github.com/ProtonMail/go-crypto/openpgp/armor", "github.com/ProtonMail/go-crypto/openpgp/ecdh", "github.com/ProtonMail/go-crypto/openpgp/ecdsa", "github.com/ProtonMail/go-crypto/openpgp/ed25519", "github.com/ProtonMail/go-crypto/openpgp/ed448", "github.com/ProtonMail/go-crypto/openpgp/eddsa", "github.com/ProtonMail/go-crypto/openpgp/elgamal", "github.com/ProtonMail/go-crypto/openpgp/errors", "github.com/ProtonMail/go-crypto/openpgp/packet", "github.com/ProtonMail/go-crypto/openpgp/s2k", "github.com/ProtonMail/go-crypto/openpgp/x25519", "github.com/ProtonMail/go-crypto/openpgp/x448", "github.com/alecthomas/kong", "github.com/antlr4-go/antlr/v4", "github.com/asaskevich/govalidator", "github.com/aws/aws-sdk-go-v2/aws", "github.com/aws/aws-sdk-go-v2/aws/defaults", "github.com/aws/aws-sdk-go-v2/aws/middleware", "github.com/aws/aws-sdk-go-v2/aws/protocol/query", "github.com/aws/aws-sdk-go-v2/aws/protocol/restjson", "github.com/aws/aws-sdk-go-v2/aws/protocol/xml", "github.com/aws/aws-sdk-go-v2/aws/ratelimit", "github.com/aws/aws-sdk-go-v2/aws/retry", "github.com/aws/aws-sdk-go-v2/aws/signer/v4", "github.com/aws/aws-sdk-go-v2/aws/transport/http", "github.com/aws/aws-sdk-go-v2/config", "github.com/aws/aws-sdk-go-v2/credentials", "github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds", "github.com/aws/aws-sdk-go-v2/credentials/endpointcreds", "github.com/aws/aws-sdk-go-v2/credentials/logincreds", "github.com/aws/aws-sdk-go-v2/credentials/processcreds", "github.com/aws/aws-sdk-go-v2/credentials/ssocreds", "github.com/aws/aws-sdk-go-v2/credentials/stscreds", "github.com/aws/aws-sdk-go-v2/feature/ec2/imds", "github.com/aws/aws-sdk-go-v2/service/ecr", "github.com/aws/aws-sdk-go-v2/service/ecr/types", "github.com/aws/aws-sdk-go-v2/service/ecrpublic", "github.com/aws/aws-sdk-go-v2/service/ecrpublic/types", "github.com/aws/aws-sdk-go-v2/service/signin", "github.com/aws/aws-sdk-go-v2/service/signin/types", "github.com/aws/aws-sdk-go-v2/service/sso", "github.com/aws/aws-sdk-go-v2/service/sso/types", "github.com/aws/aws-sdk-go-v2/service/ssooidc", "github.com/aws/aws-sdk-go-v2/service/ssooidc/types", "github.com/aws/aws-sdk-go-v2/service/sts", "github.com/aws/aws-sdk-go-v2/service/sts/types", "github.com/aws/smithy-go", "github.com/aws/smithy-go/auth", "github.com/aws/smithy-go/auth/bearer", "github.com/aws/smithy-go/context", "github.com/aws/smithy-go/document", "github.com/aws/smithy-go/encoding", "github.com/aws/smithy-go/encoding/httpbinding", "github.com/aws/smithy-go/encoding/json", "github.com/aws/smithy-go/encoding/xml", "github.com/aws/smithy-go/endpoints", "github.com/aws/smithy-go/endpoints/private/rulesfn", "github.com/aws/smithy-go/io", "github.com/aws/smithy-go/logging", "github.com/aws/smithy-go/metrics", "github.com/aws/smithy-go/middleware", "github.com/aws/smithy-go/private/requestcompression", "github.com/aws/smithy-go/ptr", "github.com/aws/smithy-go/rand", "github.com/aws/smithy-go/time", "github.com/aws/smithy-go/tracing", "github.com/aws/smithy-go/transport/http", "github.com/aws/smithy-go/waiter", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/config", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/version", "github.com/aymanbagabas/go-osc52/v2", "github.com/beorn7/perks/quantile", "github.com/blang/semver", "github.com/blang/semver/v4", "github.com/cenkalti/backoff/v5", "github.com/cespare/xxhash/v2", "github.com/charmbracelet/bubbletea", "github.com/charmbracelet/colorprofile", "github.com/charmbracelet/lipgloss", "github.com/charmbracelet/x/ansi", "github.com/charmbracelet/x/ansi/parser", "github.com/charmbracelet/x/cellbuf", "github.com/charmbracelet/x/term", "github.com/chrismellard/docker-credential-acr-env/pkg/credhelper", "github.com/chrismellard/docker-credential-acr-env/pkg/registry", "github.com/chrismellard/docker-credential-acr-env/pkg/token", "github.com/clipperhouse/displaywidth", "github.com/clipperhouse/stringish", "github.com/clipperhouse/uax29/v2/graphemes", "github.com/cloudflare/circl/dh/x25519", "github.com/cloudflare/circl/dh/x448", "github.com/cloudflare/circl/ecc/goldilocks", "github.com/cloudflare/circl/math", "github.com/cloudflare/circl/math/fp25519", "github.com/cloudflare/circl/math/fp448", "github.com/cloudflare/circl/math/mlsbset", "github.com/cloudflare/circl/sign", "github.com/cloudflare/circl/sign/ed25519", "github.com/cloudflare/circl/sign/ed448", "github.com/containerd/errdefs", "github.com/containerd/errdefs/pkg/errhttp", "github.com/containerd/stargz-snapshotter/estargz", "github.com/containerd/stargz-snapshotter/estargz/errorutil", "github.com/coreos/go-oidc/v3/oidc", "github.com/crossplane/crossplane-runtime/v2/pkg/errors", "github.com/crossplane/crossplane-runtime/v2/pkg/fieldpath", "github.com/crossplane/crossplane-runtime/v2/pkg/logging", "github.com/crossplane/crossplane-runtime/v2/pkg/meta", "github.com/crossplane/crossplane-runtime/v2/pkg/resource", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured/claim", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured/composed", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured/composite", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured/reference", "github.com/crossplane/crossplane-runtime/v2/pkg/test", "github.com/crossplane/crossplane-runtime/v2/pkg/version", "github.com/crossplane/crossplane-runtime/v2/pkg/xcrd", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser/examples", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser/yaml", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/signature", "github.com/crossplane/crossplane/apis/v2/apiextensions/v1", "github.com/crossplane/crossplane/apis/v2/apiextensions/v1alpha1", "github.com/crossplane/crossplane/apis/v2/apiextensions/v1beta1", "github.com/crossplane/crossplane/apis/v2/apiextensions/v2", "github.com/crossplane/crossplane/apis/v2/core/v2", "github.com/crossplane/crossplane/apis/v2/ops/v1alpha1", "github.com/crossplane/crossplane/apis/v2/pkg", "github.com/crossplane/crossplane/apis/v2/pkg/meta/v1", "github.com/crossplane/crossplane/apis/v2/pkg/meta/v1alpha1", "github.com/crossplane/crossplane/apis/v2/pkg/meta/v1beta1", "github.com/crossplane/crossplane/apis/v2/pkg/v1", "github.com/crossplane/crossplane/apis/v2/pkg/v1beta1", "github.com/crossplane/function-sdk-go/errors", "github.com/crossplane/function-sdk-go/proto/v1", "github.com/crossplane/function-sdk-go/resource", "github.com/crossplane/function-sdk-go/resource/composed", "github.com/crossplane/function-sdk-go/resource/composite", "github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer", "github.com/cyphar/filepath-securejoin", "github.com/davecgh/go-spew/spew", "github.com/digitorus/pkcs7", "github.com/digitorus/timestamp", "github.com/dimchansky/utfbom", "github.com/distribution/reference", "github.com/docker/cli/cli/config", "github.com/docker/cli/cli/config/configfile", "github.com/docker/cli/cli/config/credentials", "github.com/docker/cli/cli/config/memorystore", "github.com/docker/cli/cli/config/types", "github.com/docker/distribution/registry/client/auth/challenge", "github.com/docker/docker-credential-helpers/client", "github.com/docker/docker-credential-helpers/credentials", "github.com/docker/docker/api", "github.com/docker/docker/api/types", "github.com/docker/docker/api/types/blkiodev", "github.com/docker/docker/api/types/build", "github.com/docker/docker/api/types/checkpoint", "github.com/docker/docker/api/types/common", "github.com/docker/docker/api/types/container", "github.com/docker/docker/api/types/events", "github.com/docker/docker/api/types/filters", "github.com/docker/docker/api/types/image", "github.com/docker/docker/api/types/mount", "github.com/docker/docker/api/types/network", "github.com/docker/docker/api/types/registry", "github.com/docker/docker/api/types/storage", "github.com/docker/docker/api/types/strslice", "github.com/docker/docker/api/types/swarm", "github.com/docker/docker/api/types/swarm/runtime", "github.com/docker/docker/api/types/system", "github.com/docker/docker/api/types/time", "github.com/docker/docker/api/types/versions", "github.com/docker/docker/api/types/volume", "github.com/docker/docker/client", "github.com/docker/docker/pkg/stdcopy", "github.com/docker/go-connections/nat", "github.com/docker/go-connections/sockets", "github.com/docker/go-connections/tlsconfig", "github.com/docker/go-units", "github.com/dustin/go-humanize", "github.com/emicklei/dot", "github.com/emicklei/go-restful/v3", "github.com/emicklei/go-restful/v3/log", "github.com/emirpasic/gods/containers", "github.com/emirpasic/gods/lists", "github.com/emirpasic/gods/lists/arraylist", "github.com/emirpasic/gods/trees", "github.com/emirpasic/gods/trees/binaryheap", "github.com/emirpasic/gods/utils", "github.com/evanphx/json-patch/v5", "github.com/felixge/httpsnoop", "github.com/fsnotify/fsnotify", "github.com/fxamacker/cbor/v2", "github.com/go-chi/chi/v5", "github.com/go-chi/chi/v5/middleware", "github.com/go-git/gcfg", "github.com/go-git/gcfg/scanner", "github.com/go-git/gcfg/token", "github.com/go-git/gcfg/types", "github.com/go-git/go-billy/v5", "github.com/go-git/go-billy/v5/helper/chroot", "github.com/go-git/go-billy/v5/helper/polyfill", "github.com/go-git/go-billy/v5/osfs", "github.com/go-git/go-billy/v5/util", "github.com/go-git/go-git/v5", "github.com/go-git/go-git/v5/config", "github.com/go-git/go-git/v5/plumbing", "github.com/go-git/go-git/v5/plumbing/cache", "github.com/go-git/go-git/v5/plumbing/color", "github.com/go-git/go-git/v5/plumbing/filemode", "github.com/go-git/go-git/v5/plumbing/format/config", "github.com/go-git/go-git/v5/plumbing/format/diff", "github.com/go-git/go-git/v5/plumbing/format/gitignore", "github.com/go-git/go-git/v5/plumbing/format/idxfile", "github.com/go-git/go-git/v5/plumbing/format/index", "github.com/go-git/go-git/v5/plumbing/format/objfile", "github.com/go-git/go-git/v5/plumbing/format/packfile", "github.com/go-git/go-git/v5/plumbing/format/pktline", "github.com/go-git/go-git/v5/plumbing/hash", "github.com/go-git/go-git/v5/plumbing/object", "github.com/go-git/go-git/v5/plumbing/protocol/packp", "github.com/go-git/go-git/v5/plumbing/protocol/packp/capability", "github.com/go-git/go-git/v5/plumbing/protocol/packp/sideband", "github.com/go-git/go-git/v5/plumbing/revlist", "github.com/go-git/go-git/v5/plumbing/storer", "github.com/go-git/go-git/v5/plumbing/transport", "github.com/go-git/go-git/v5/plumbing/transport/client", "github.com/go-git/go-git/v5/plumbing/transport/file", "github.com/go-git/go-git/v5/plumbing/transport/git", "github.com/go-git/go-git/v5/plumbing/transport/http", "github.com/go-git/go-git/v5/plumbing/transport/server", "github.com/go-git/go-git/v5/plumbing/transport/ssh", "github.com/go-git/go-git/v5/storage", "github.com/go-git/go-git/v5/storage/filesystem", "github.com/go-git/go-git/v5/storage/filesystem/dotgit", "github.com/go-git/go-git/v5/storage/memory", "github.com/go-git/go-git/v5/utils/binary", "github.com/go-git/go-git/v5/utils/diff", "github.com/go-git/go-git/v5/utils/ioutil", "github.com/go-git/go-git/v5/utils/merkletrie", "github.com/go-git/go-git/v5/utils/merkletrie/filesystem", "github.com/go-git/go-git/v5/utils/merkletrie/index", "github.com/go-git/go-git/v5/utils/merkletrie/noder", "github.com/go-git/go-git/v5/utils/sync", "github.com/go-git/go-git/v5/utils/trace", "github.com/go-jose/go-jose/v4", "github.com/go-jose/go-jose/v4/cipher", "github.com/go-jose/go-jose/v4/json", "github.com/go-json-experiment/json", "github.com/go-json-experiment/json/jsontext", "github.com/go-logr/logr", "github.com/go-logr/logr/funcr", "github.com/go-logr/logr/slogr", "github.com/go-logr/stdr", "github.com/go-logr/zapr", "github.com/go-openapi/analysis", "github.com/go-openapi/errors", "github.com/go-openapi/jsonpointer", "github.com/go-openapi/jsonreference", "github.com/go-openapi/loads", "github.com/go-openapi/runtime", "github.com/go-openapi/runtime/client", "github.com/go-openapi/runtime/logger", "github.com/go-openapi/runtime/middleware", "github.com/go-openapi/runtime/middleware/denco", "github.com/go-openapi/runtime/middleware/header", "github.com/go-openapi/runtime/middleware/untyped", "github.com/go-openapi/runtime/security", "github.com/go-openapi/runtime/yamlpc", "github.com/go-openapi/spec", "github.com/go-openapi/strfmt", "github.com/go-openapi/swag", "github.com/go-openapi/swag/cmdutils", "github.com/go-openapi/swag/conv", "github.com/go-openapi/swag/fileutils", "github.com/go-openapi/swag/jsonname", "github.com/go-openapi/swag/jsonutils", "github.com/go-openapi/swag/jsonutils/adapters", "github.com/go-openapi/swag/jsonutils/adapters/ifaces", "github.com/go-openapi/swag/jsonutils/adapters/stdlib/json", "github.com/go-openapi/swag/loading", "github.com/go-openapi/swag/mangling", "github.com/go-openapi/swag/netutils", "github.com/go-openapi/swag/stringutils", "github.com/go-openapi/swag/typeutils", "github.com/go-openapi/swag/yamlutils", "github.com/go-openapi/validate", "github.com/go-viper/mapstructure/v2", "github.com/golang-jwt/jwt/v4", "github.com/golang/groupcache/lru", "github.com/golang/snappy", "github.com/google/btree", "github.com/google/cel-go/cel", "github.com/google/cel-go/checker", "github.com/google/cel-go/checker/decls", "github.com/google/cel-go/common", "github.com/google/cel-go/common/ast", "github.com/google/cel-go/common/containers", "github.com/google/cel-go/common/debug", "github.com/google/cel-go/common/decls", "github.com/google/cel-go/common/env", "github.com/google/cel-go/common/functions", "github.com/google/cel-go/common/operators", "github.com/google/cel-go/common/overloads", "github.com/google/cel-go/common/runes", "github.com/google/cel-go/common/stdlib", "github.com/google/cel-go/common/types", "github.com/google/cel-go/common/types/pb", "github.com/google/cel-go/common/types/ref", "github.com/google/cel-go/common/types/traits", "github.com/google/cel-go/ext", "github.com/google/cel-go/interpreter", "github.com/google/cel-go/interpreter/functions", "github.com/google/cel-go/parser", "github.com/google/cel-go/parser/gen", "github.com/google/certificate-transparency-go", "github.com/google/certificate-transparency-go/asn1", "github.com/google/certificate-transparency-go/client", "github.com/google/certificate-transparency-go/client/configpb", "github.com/google/certificate-transparency-go/ctutil", "github.com/google/certificate-transparency-go/gossip/minimal/x509ext", "github.com/google/certificate-transparency-go/jsonclient", "github.com/google/certificate-transparency-go/loglist3", "github.com/google/certificate-transparency-go/tls", "github.com/google/certificate-transparency-go/x509", "github.com/google/certificate-transparency-go/x509/pkix", "github.com/google/certificate-transparency-go/x509util", "github.com/google/gnostic-models/compiler", "github.com/google/gnostic-models/extensions", "github.com/google/gnostic-models/jsonschema", "github.com/google/gnostic-models/openapiv2", "github.com/google/gnostic-models/openapiv3", "github.com/google/go-cmp/cmp", "github.com/google/go-cmp/cmp/cmpopts", "github.com/google/go-containerregistry/pkg/authn", "github.com/google/go-containerregistry/pkg/authn/k8schain", "github.com/google/go-containerregistry/pkg/authn/kubernetes", "github.com/google/go-containerregistry/pkg/compression", "github.com/google/go-containerregistry/pkg/crane", "github.com/google/go-containerregistry/pkg/legacy", "github.com/google/go-containerregistry/pkg/legacy/tarball", "github.com/google/go-containerregistry/pkg/logs", "github.com/google/go-containerregistry/pkg/name", "github.com/google/go-containerregistry/pkg/v1", "github.com/google/go-containerregistry/pkg/v1/daemon", "github.com/google/go-containerregistry/pkg/v1/empty", "github.com/google/go-containerregistry/pkg/v1/google", "github.com/google/go-containerregistry/pkg/v1/layout", "github.com/google/go-containerregistry/pkg/v1/match", "github.com/google/go-containerregistry/pkg/v1/mutate", "github.com/google/go-containerregistry/pkg/v1/partial", "github.com/google/go-containerregistry/pkg/v1/random", "github.com/google/go-containerregistry/pkg/v1/remote", "github.com/google/go-containerregistry/pkg/v1/remote/transport", "github.com/google/go-containerregistry/pkg/v1/static", "github.com/google/go-containerregistry/pkg/v1/stream", "github.com/google/go-containerregistry/pkg/v1/tarball", "github.com/google/go-containerregistry/pkg/v1/types", "github.com/google/uuid", "github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options", "github.com/grpc-ecosystem/grpc-gateway/v2/runtime", "github.com/grpc-ecosystem/grpc-gateway/v2/utilities", "github.com/hashicorp/errwrap", "github.com/hashicorp/go-cleanhttp", "github.com/hashicorp/go-multierror", "github.com/hashicorp/go-retryablehttp", "github.com/in-toto/attestation/go/v1", "github.com/in-toto/in-toto-golang/in_toto", "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common", "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.1", "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2", "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v1", "github.com/jbenet/go-context/io", "github.com/jedisct1/go-minisign", "github.com/json-iterator/go", "github.com/kevinburke/ssh_config", "github.com/klauspost/compress", "github.com/klauspost/compress/fse", "github.com/klauspost/compress/huff0", "github.com/klauspost/compress/zstd", "github.com/letsencrypt/boulder/core", "github.com/letsencrypt/boulder/core/proto", "github.com/letsencrypt/boulder/goodkey", "github.com/letsencrypt/boulder/identifier", "github.com/letsencrypt/boulder/probs", "github.com/letsencrypt/boulder/revocation", "github.com/liggitt/tabwriter", "github.com/lucasb-eyer/go-colorful", "github.com/mattn/go-isatty", "github.com/mattn/go-runewidth", "github.com/mitchellh/go-homedir", "github.com/moby/docker-image-spec/specs-go/v1", "github.com/moby/term", "github.com/modern-go/concurrent", "github.com/modern-go/reflect2", "github.com/muesli/ansi", "github.com/muesli/ansi/compressor", "github.com/muesli/cancelreader", "github.com/muesli/termenv", "github.com/munnerz/goautoneg", "github.com/nozzle/throttler", "github.com/oklog/ulid/v2", "github.com/opencontainers/go-digest", "github.com/opencontainers/image-spec/specs-go", "github.com/opencontainers/image-spec/specs-go/v1", "github.com/pjbgf/sha1cd", "github.com/pjbgf/sha1cd/ubc", "github.com/pkg/browser", "github.com/pkg/errors", "github.com/pmezard/go-difflib/difflib", "github.com/posener/complete", "github.com/posener/complete/cmd", "github.com/posener/complete/cmd/install", "github.com/prometheus/client_golang/prometheus", "github.com/prometheus/client_golang/prometheus/collectors", "github.com/prometheus/client_golang/prometheus/promhttp", "github.com/prometheus/client_model/go", "github.com/prometheus/common/expfmt", "github.com/prometheus/common/model", "github.com/prometheus/procfs", "github.com/rivo/uniseg", "github.com/riywo/loginshell", "github.com/sassoftware/relic/lib/pkcs7", "github.com/sassoftware/relic/lib/x509tools", "github.com/secure-systems-lab/go-securesystemslib/cjson", "github.com/secure-systems-lab/go-securesystemslib/dsse", "github.com/secure-systems-lab/go-securesystemslib/encrypted", "github.com/secure-systems-lab/go-securesystemslib/signerverifier", "github.com/sergi/go-diff/diffmatchpatch", "github.com/shibumi/go-pathspec", "github.com/sigstore/cosign/v3/pkg/blob", "github.com/sigstore/cosign/v3/pkg/cosign", "github.com/sigstore/cosign/v3/pkg/cosign/attestation", "github.com/sigstore/cosign/v3/pkg/cosign/bundle", "github.com/sigstore/cosign/v3/pkg/cosign/env", "github.com/sigstore/cosign/v3/pkg/cosign/fulcioverifier/ctutil", "github.com/sigstore/cosign/v3/pkg/oci", "github.com/sigstore/cosign/v3/pkg/oci/empty", "github.com/sigstore/cosign/v3/pkg/oci/layout", "github.com/sigstore/cosign/v3/pkg/oci/remote", "github.com/sigstore/cosign/v3/pkg/oci/signed", "github.com/sigstore/cosign/v3/pkg/oci/static", "github.com/sigstore/cosign/v3/pkg/types", "github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1", "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1", "github.com/sigstore/protobuf-specs/gen/pb-go/dsse", "github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1", "github.com/sigstore/protobuf-specs/gen/pb-go/trustroot/v1", "github.com/sigstore/rekor-tiles/v2/pkg/client", "github.com/sigstore/rekor-tiles/v2/pkg/client/write", "github.com/sigstore/rekor-tiles/v2/pkg/generated/protobuf", "github.com/sigstore/rekor-tiles/v2/pkg/note", "github.com/sigstore/rekor-tiles/v2/pkg/types/verifier", "github.com/sigstore/rekor-tiles/v2/pkg/verify", "github.com/sigstore/rekor/pkg/client", "github.com/sigstore/rekor/pkg/generated/client", "github.com/sigstore/rekor/pkg/generated/client/entries", "github.com/sigstore/rekor/pkg/generated/client/index", "github.com/sigstore/rekor/pkg/generated/client/pubkey", "github.com/sigstore/rekor/pkg/generated/client/tlog", "github.com/sigstore/rekor/pkg/generated/models", "github.com/sigstore/rekor/pkg/log", "github.com/sigstore/rekor/pkg/pki", "github.com/sigstore/rekor/pkg/pki/identity", "github.com/sigstore/rekor/pkg/pki/minisign", "github.com/sigstore/rekor/pkg/pki/pgp", "github.com/sigstore/rekor/pkg/pki/pkcs7", "github.com/sigstore/rekor/pkg/pki/pkitypes", "github.com/sigstore/rekor/pkg/pki/ssh", "github.com/sigstore/rekor/pkg/pki/tuf", "github.com/sigstore/rekor/pkg/pki/x509", "github.com/sigstore/rekor/pkg/tle", "github.com/sigstore/rekor/pkg/types", "github.com/sigstore/rekor/pkg/types/dsse", "github.com/sigstore/rekor/pkg/types/dsse/v0.0.1", "github.com/sigstore/rekor/pkg/types/hashedrekord", "github.com/sigstore/rekor/pkg/types/hashedrekord/v0.0.1", "github.com/sigstore/rekor/pkg/types/intoto", "github.com/sigstore/rekor/pkg/types/intoto/v0.0.1", "github.com/sigstore/rekor/pkg/types/intoto/v0.0.2", "github.com/sigstore/rekor/pkg/types/rekord", "github.com/sigstore/rekor/pkg/types/rekord/v0.0.1", "github.com/sigstore/rekor/pkg/util", "github.com/sigstore/rekor/pkg/verify", "github.com/sigstore/sigstore-go/pkg/bundle", "github.com/sigstore/sigstore-go/pkg/fulcio/certificate", "github.com/sigstore/sigstore-go/pkg/root", "github.com/sigstore/sigstore-go/pkg/sign", "github.com/sigstore/sigstore-go/pkg/tlog", "github.com/sigstore/sigstore-go/pkg/tuf", "github.com/sigstore/sigstore-go/pkg/util", "github.com/sigstore/sigstore-go/pkg/verify", "github.com/sigstore/sigstore/pkg/cryptoutils", "github.com/sigstore/sigstore/pkg/cryptoutils/goodkey", "github.com/sigstore/sigstore/pkg/fulcioroots", "github.com/sigstore/sigstore/pkg/oauth", "github.com/sigstore/sigstore/pkg/oauthflow", "github.com/sigstore/sigstore/pkg/signature", "github.com/sigstore/sigstore/pkg/signature/dsse", "github.com/sigstore/sigstore/pkg/signature/options", "github.com/sigstore/sigstore/pkg/signature/payload", "github.com/sigstore/sigstore/pkg/tuf", "github.com/sigstore/timestamp-authority/v2/pkg/verification", "github.com/sirupsen/logrus", "github.com/skeema/knownhosts", "github.com/spf13/afero", "github.com/spf13/afero/mem", "github.com/spf13/cobra", "github.com/spf13/pflag", "github.com/syndtr/goleveldb/leveldb", "github.com/syndtr/goleveldb/leveldb/cache", "github.com/syndtr/goleveldb/leveldb/comparer", "github.com/syndtr/goleveldb/leveldb/errors", "github.com/syndtr/goleveldb/leveldb/filter", "github.com/syndtr/goleveldb/leveldb/iterator", "github.com/syndtr/goleveldb/leveldb/journal", "github.com/syndtr/goleveldb/leveldb/memdb", "github.com/syndtr/goleveldb/leveldb/opt", "github.com/syndtr/goleveldb/leveldb/storage", "github.com/syndtr/goleveldb/leveldb/table", "github.com/syndtr/goleveldb/leveldb/util", "github.com/theupdateframework/go-tuf", "github.com/theupdateframework/go-tuf/client", "github.com/theupdateframework/go-tuf/client/leveldbstore", "github.com/theupdateframework/go-tuf/data", "github.com/theupdateframework/go-tuf/pkg/keys", "github.com/theupdateframework/go-tuf/pkg/targets", "github.com/theupdateframework/go-tuf/sign", "github.com/theupdateframework/go-tuf/util", "github.com/theupdateframework/go-tuf/v2/metadata", "github.com/theupdateframework/go-tuf/v2/metadata/config", "github.com/theupdateframework/go-tuf/v2/metadata/fetcher", "github.com/theupdateframework/go-tuf/v2/metadata/trustedmetadata", "github.com/theupdateframework/go-tuf/v2/metadata/updater", "github.com/theupdateframework/go-tuf/verify", "github.com/titanous/rocacheck", "github.com/transparency-dev/formats/log", "github.com/transparency-dev/merkle", "github.com/transparency-dev/merkle/compact", "github.com/transparency-dev/merkle/proof", "github.com/transparency-dev/merkle/rfc6962", "github.com/vbatts/tar-split/archive/tar", "github.com/willabides/kongplete", "github.com/x448/float16", "github.com/xanzy/ssh-agent", "github.com/xo/terminfo", "go.opentelemetry.io/auto/sdk", "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "go.opentelemetry.io/otel", "go.opentelemetry.io/otel/attribute", "go.opentelemetry.io/otel/baggage", "go.opentelemetry.io/otel/codes", "go.opentelemetry.io/otel/metric", "go.opentelemetry.io/otel/metric/embedded", "go.opentelemetry.io/otel/metric/noop", "go.opentelemetry.io/otel/propagation", "go.opentelemetry.io/otel/semconv/v1.37.0", "go.opentelemetry.io/otel/semconv/v1.40.0", "go.opentelemetry.io/otel/semconv/v1.40.0/httpconv", "go.opentelemetry.io/otel/trace", "go.opentelemetry.io/otel/trace/embedded", "go.opentelemetry.io/otel/trace/noop", "go.uber.org/multierr", "go.uber.org/zap", "go.uber.org/zap/buffer", "go.uber.org/zap/zapcore", "go.yaml.in/yaml/v2", "go.yaml.in/yaml/v3", "golang.org/x/crypto/argon2", "golang.org/x/crypto/blake2b", "golang.org/x/crypto/blowfish", "golang.org/x/crypto/cast5", "golang.org/x/crypto/chacha20", "golang.org/x/crypto/cryptobyte", "golang.org/x/crypto/cryptobyte/asn1", "golang.org/x/crypto/curve25519", "golang.org/x/crypto/ed25519", "golang.org/x/crypto/hkdf", "golang.org/x/crypto/nacl/secretbox", "golang.org/x/crypto/ocsp", "golang.org/x/crypto/openpgp", "golang.org/x/crypto/openpgp/armor", "golang.org/x/crypto/openpgp/elgamal", "golang.org/x/crypto/openpgp/errors", "golang.org/x/crypto/openpgp/packet", "golang.org/x/crypto/openpgp/s2k", "golang.org/x/crypto/pbkdf2", "golang.org/x/crypto/pkcs12", "golang.org/x/crypto/salsa20/salsa", "golang.org/x/crypto/scrypt", "golang.org/x/crypto/sha3", "golang.org/x/crypto/ssh", "golang.org/x/crypto/ssh/agent", "golang.org/x/crypto/ssh/knownhosts", "golang.org/x/crypto/ssh/terminal", "golang.org/x/exp/slices", "golang.org/x/mod/semver", "golang.org/x/mod/sumdb/note", "golang.org/x/net/context", "golang.org/x/net/http/httpguts", "golang.org/x/net/http2", "golang.org/x/net/http2/hpack", "golang.org/x/net/idna", "golang.org/x/net/proxy", "golang.org/x/net/trace", "golang.org/x/oauth2", "golang.org/x/oauth2/authhandler", "golang.org/x/oauth2/google", "golang.org/x/oauth2/google/externalaccount", "golang.org/x/oauth2/jws", "golang.org/x/oauth2/jwt", "golang.org/x/sync/errgroup", "golang.org/x/sync/singleflight", "golang.org/x/sys/cpu", "golang.org/x/sys/execabs", "golang.org/x/sys/unix", "golang.org/x/term", "golang.org/x/text/feature/plural", "golang.org/x/text/language", "golang.org/x/text/message", "golang.org/x/text/message/catalog", "golang.org/x/text/runes", "golang.org/x/text/secure/bidirule", "golang.org/x/text/transform", "golang.org/x/text/unicode/bidi", "golang.org/x/text/unicode/norm", "golang.org/x/time/rate", "gomodules.xyz/jsonpatch/v2", "google.golang.org/genproto/googleapis/api", "google.golang.org/genproto/googleapis/api/annotations", "google.golang.org/genproto/googleapis/api/expr/v1alpha1", "google.golang.org/genproto/googleapis/api/httpbody", "google.golang.org/genproto/googleapis/rpc/status", "google.golang.org/grpc", "google.golang.org/grpc/attributes", "google.golang.org/grpc/backoff", "google.golang.org/grpc/balancer", "google.golang.org/grpc/balancer/base", "google.golang.org/grpc/balancer/endpointsharding", "google.golang.org/grpc/balancer/grpclb/state", "google.golang.org/grpc/balancer/pickfirst", "google.golang.org/grpc/balancer/roundrobin", "google.golang.org/grpc/binarylog/grpc_binarylog_v1", "google.golang.org/grpc/channelz", "google.golang.org/grpc/codes", "google.golang.org/grpc/connectivity", "google.golang.org/grpc/credentials", "google.golang.org/grpc/credentials/insecure", "google.golang.org/grpc/encoding", "google.golang.org/grpc/encoding/proto", "google.golang.org/grpc/experimental/stats", "google.golang.org/grpc/grpclog", "google.golang.org/grpc/health/grpc_health_v1", "google.golang.org/grpc/keepalive", "google.golang.org/grpc/mem", "google.golang.org/grpc/metadata", "google.golang.org/grpc/peer", "google.golang.org/grpc/resolver", "google.golang.org/grpc/resolver/dns", "google.golang.org/grpc/serviceconfig", "google.golang.org/grpc/stats", "google.golang.org/grpc/status", "google.golang.org/grpc/tap", "google.golang.org/protobuf/encoding/protodelim", "google.golang.org/protobuf/encoding/protojson", "google.golang.org/protobuf/encoding/prototext", "google.golang.org/protobuf/encoding/protowire", "google.golang.org/protobuf/proto", "google.golang.org/protobuf/protoadapt", "google.golang.org/protobuf/reflect/protodesc", "google.golang.org/protobuf/reflect/protoreflect", "google.golang.org/protobuf/reflect/protoregistry", "google.golang.org/protobuf/runtime/protoiface", "google.golang.org/protobuf/runtime/protoimpl", "google.golang.org/protobuf/testing/protocmp", "google.golang.org/protobuf/types/descriptorpb", "google.golang.org/protobuf/types/dynamicpb", "google.golang.org/protobuf/types/gofeaturespb", "google.golang.org/protobuf/types/known/anypb", "google.golang.org/protobuf/types/known/durationpb", "google.golang.org/protobuf/types/known/emptypb", "google.golang.org/protobuf/types/known/fieldmaskpb", "google.golang.org/protobuf/types/known/structpb", "google.golang.org/protobuf/types/known/timestamppb", "google.golang.org/protobuf/types/known/wrapperspb", "gopkg.in/evanphx/json-patch.v4", "gopkg.in/inf.v0", "gopkg.in/warnings.v0", "gopkg.in/yaml.v3", "k8s.io/api/admission/v1", "k8s.io/api/admission/v1beta1", "k8s.io/api/admissionregistration/v1", "k8s.io/api/admissionregistration/v1alpha1", "k8s.io/api/admissionregistration/v1beta1", "k8s.io/api/apidiscovery/v2", "k8s.io/api/apidiscovery/v2beta1", "k8s.io/api/apiserverinternal/v1alpha1", "k8s.io/api/apps/v1", "k8s.io/api/apps/v1beta1", "k8s.io/api/apps/v1beta2", "k8s.io/api/authentication/v1", "k8s.io/api/authentication/v1alpha1", "k8s.io/api/authentication/v1beta1", "k8s.io/api/authorization/v1", "k8s.io/api/authorization/v1beta1", "k8s.io/api/autoscaling/v1", "k8s.io/api/autoscaling/v2", "k8s.io/api/autoscaling/v2beta1", "k8s.io/api/autoscaling/v2beta2", "k8s.io/api/batch/v1", "k8s.io/api/batch/v1beta1", "k8s.io/api/certificates/v1", "k8s.io/api/certificates/v1alpha1", "k8s.io/api/certificates/v1beta1", "k8s.io/api/coordination/v1", "k8s.io/api/coordination/v1alpha2", "k8s.io/api/coordination/v1beta1", "k8s.io/api/core/v1", "k8s.io/api/discovery/v1", "k8s.io/api/discovery/v1beta1", "k8s.io/api/events/v1", "k8s.io/api/events/v1beta1", "k8s.io/api/extensions/v1beta1", "k8s.io/api/flowcontrol/v1", "k8s.io/api/flowcontrol/v1beta1", "k8s.io/api/flowcontrol/v1beta2", "k8s.io/api/flowcontrol/v1beta3", "k8s.io/api/networking/v1", "k8s.io/api/networking/v1beta1", "k8s.io/api/node/v1", "k8s.io/api/node/v1alpha1", "k8s.io/api/node/v1beta1", "k8s.io/api/policy/v1", "k8s.io/api/policy/v1beta1", "k8s.io/api/rbac/v1", "k8s.io/api/rbac/v1alpha1", "k8s.io/api/rbac/v1beta1", "k8s.io/api/resource/v1", "k8s.io/api/resource/v1alpha3", "k8s.io/api/resource/v1beta1", "k8s.io/api/resource/v1beta2", "k8s.io/api/scheduling/v1", "k8s.io/api/scheduling/v1alpha1", "k8s.io/api/scheduling/v1beta1", "k8s.io/api/storage/v1", "k8s.io/api/storage/v1alpha1", "k8s.io/api/storage/v1beta1", "k8s.io/api/storagemigration/v1beta1", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/model", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/objectmeta", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/pruning", "k8s.io/apiextensions-apiserver/pkg/apiserver/validation", "k8s.io/apiextensions-apiserver/pkg/features", "k8s.io/apimachinery/pkg/api/equality", "k8s.io/apimachinery/pkg/api/errors", "k8s.io/apimachinery/pkg/api/meta", "k8s.io/apimachinery/pkg/api/meta/testrestmapper", "k8s.io/apimachinery/pkg/api/operation", "k8s.io/apimachinery/pkg/api/resource", "k8s.io/apimachinery/pkg/api/safe", "k8s.io/apimachinery/pkg/api/validate", "k8s.io/apimachinery/pkg/api/validate/constraints", "k8s.io/apimachinery/pkg/api/validate/content", "k8s.io/apimachinery/pkg/api/validation", "k8s.io/apimachinery/pkg/api/validation/path", "k8s.io/apimachinery/pkg/apis/meta/v1", "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured", "k8s.io/apimachinery/pkg/apis/meta/v1/validation", "k8s.io/apimachinery/pkg/apis/meta/v1beta1", "k8s.io/apimachinery/pkg/conversion", "k8s.io/apimachinery/pkg/conversion/queryparams", "k8s.io/apimachinery/pkg/fields", "k8s.io/apimachinery/pkg/labels", "k8s.io/apimachinery/pkg/runtime", "k8s.io/apimachinery/pkg/runtime/schema", "k8s.io/apimachinery/pkg/runtime/serializer", "k8s.io/apimachinery/pkg/runtime/serializer/cbor", "k8s.io/apimachinery/pkg/runtime/serializer/cbor/direct", "k8s.io/apimachinery/pkg/runtime/serializer/json", "k8s.io/apimachinery/pkg/runtime/serializer/protobuf", "k8s.io/apimachinery/pkg/runtime/serializer/recognizer", "k8s.io/apimachinery/pkg/runtime/serializer/streaming", "k8s.io/apimachinery/pkg/runtime/serializer/versioning", "k8s.io/apimachinery/pkg/selection", "k8s.io/apimachinery/pkg/types", "k8s.io/apimachinery/pkg/util/cache", "k8s.io/apimachinery/pkg/util/diff", "k8s.io/apimachinery/pkg/util/dump", "k8s.io/apimachinery/pkg/util/duration", "k8s.io/apimachinery/pkg/util/errors", "k8s.io/apimachinery/pkg/util/framer", "k8s.io/apimachinery/pkg/util/intstr", "k8s.io/apimachinery/pkg/util/json", "k8s.io/apimachinery/pkg/util/managedfields", "k8s.io/apimachinery/pkg/util/mergepatch", "k8s.io/apimachinery/pkg/util/naming", "k8s.io/apimachinery/pkg/util/net", "k8s.io/apimachinery/pkg/util/rand", "k8s.io/apimachinery/pkg/util/runtime", "k8s.io/apimachinery/pkg/util/sets", "k8s.io/apimachinery/pkg/util/strategicpatch", "k8s.io/apimachinery/pkg/util/uuid", "k8s.io/apimachinery/pkg/util/validation", "k8s.io/apimachinery/pkg/util/validation/field", "k8s.io/apimachinery/pkg/util/version", "k8s.io/apimachinery/pkg/util/wait", "k8s.io/apimachinery/pkg/util/yaml", "k8s.io/apimachinery/pkg/version", "k8s.io/apimachinery/pkg/watch", "k8s.io/apimachinery/third_party/forked/golang/json", "k8s.io/apimachinery/third_party/forked/golang/reflect", "k8s.io/apiserver/pkg/apis/cel", "k8s.io/apiserver/pkg/authentication/serviceaccount", "k8s.io/apiserver/pkg/authentication/user", "k8s.io/apiserver/pkg/authorization/authorizer", "k8s.io/apiserver/pkg/cel", "k8s.io/apiserver/pkg/cel/common", "k8s.io/apiserver/pkg/cel/environment", "k8s.io/apiserver/pkg/cel/library", "k8s.io/apiserver/pkg/cel/metrics", "k8s.io/apiserver/pkg/cel/openapi", "k8s.io/apiserver/pkg/features", "k8s.io/apiserver/pkg/util/compatibility", "k8s.io/apiserver/pkg/util/feature", "k8s.io/apiserver/pkg/warning", "k8s.io/cli-runtime/pkg/printers", "k8s.io/client-go/applyconfigurations/admissionregistration/v1", "k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1", "k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1", "k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1", "k8s.io/client-go/applyconfigurations/apps/v1", "k8s.io/client-go/applyconfigurations/apps/v1beta1", "k8s.io/client-go/applyconfigurations/apps/v1beta2", "k8s.io/client-go/applyconfigurations/autoscaling/v1", "k8s.io/client-go/applyconfigurations/autoscaling/v2", "k8s.io/client-go/applyconfigurations/autoscaling/v2beta1", "k8s.io/client-go/applyconfigurations/autoscaling/v2beta2", "k8s.io/client-go/applyconfigurations/batch/v1", "k8s.io/client-go/applyconfigurations/batch/v1beta1", "k8s.io/client-go/applyconfigurations/certificates/v1", "k8s.io/client-go/applyconfigurations/certificates/v1alpha1", "k8s.io/client-go/applyconfigurations/certificates/v1beta1", "k8s.io/client-go/applyconfigurations/coordination/v1", "k8s.io/client-go/applyconfigurations/coordination/v1alpha2", "k8s.io/client-go/applyconfigurations/coordination/v1beta1", "k8s.io/client-go/applyconfigurations/core/v1", "k8s.io/client-go/applyconfigurations/discovery/v1", "k8s.io/client-go/applyconfigurations/discovery/v1beta1", "k8s.io/client-go/applyconfigurations/events/v1", "k8s.io/client-go/applyconfigurations/events/v1beta1", "k8s.io/client-go/applyconfigurations/extensions/v1beta1", "k8s.io/client-go/applyconfigurations/flowcontrol/v1", "k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1", "k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2", "k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3", "k8s.io/client-go/applyconfigurations/meta/v1", "k8s.io/client-go/applyconfigurations/networking/v1", "k8s.io/client-go/applyconfigurations/networking/v1beta1", "k8s.io/client-go/applyconfigurations/node/v1", "k8s.io/client-go/applyconfigurations/node/v1alpha1", "k8s.io/client-go/applyconfigurations/node/v1beta1", "k8s.io/client-go/applyconfigurations/policy/v1", "k8s.io/client-go/applyconfigurations/policy/v1beta1", "k8s.io/client-go/applyconfigurations/rbac/v1", "k8s.io/client-go/applyconfigurations/rbac/v1alpha1", "k8s.io/client-go/applyconfigurations/rbac/v1beta1", "k8s.io/client-go/applyconfigurations/resource/v1", "k8s.io/client-go/applyconfigurations/resource/v1alpha3", "k8s.io/client-go/applyconfigurations/resource/v1beta1", "k8s.io/client-go/applyconfigurations/resource/v1beta2", "k8s.io/client-go/applyconfigurations/scheduling/v1", "k8s.io/client-go/applyconfigurations/scheduling/v1alpha1", "k8s.io/client-go/applyconfigurations/scheduling/v1beta1", "k8s.io/client-go/applyconfigurations/storage/v1", "k8s.io/client-go/applyconfigurations/storage/v1alpha1", "k8s.io/client-go/applyconfigurations/storage/v1beta1", "k8s.io/client-go/applyconfigurations/storagemigration/v1beta1", "k8s.io/client-go/discovery", "k8s.io/client-go/discovery/cached/memory", "k8s.io/client-go/dynamic", "k8s.io/client-go/features", "k8s.io/client-go/gentype", "k8s.io/client-go/informers", "k8s.io/client-go/informers/admissionregistration", "k8s.io/client-go/informers/admissionregistration/v1", "k8s.io/client-go/informers/admissionregistration/v1alpha1", "k8s.io/client-go/informers/admissionregistration/v1beta1", "k8s.io/client-go/informers/apiserverinternal", "k8s.io/client-go/informers/apiserverinternal/v1alpha1", "k8s.io/client-go/informers/apps", "k8s.io/client-go/informers/apps/v1", "k8s.io/client-go/informers/apps/v1beta1", "k8s.io/client-go/informers/apps/v1beta2", "k8s.io/client-go/informers/autoscaling", "k8s.io/client-go/informers/autoscaling/v1", "k8s.io/client-go/informers/autoscaling/v2", "k8s.io/client-go/informers/autoscaling/v2beta1", "k8s.io/client-go/informers/autoscaling/v2beta2", "k8s.io/client-go/informers/batch", "k8s.io/client-go/informers/batch/v1", "k8s.io/client-go/informers/batch/v1beta1", "k8s.io/client-go/informers/certificates", "k8s.io/client-go/informers/certificates/v1", "k8s.io/client-go/informers/certificates/v1alpha1", "k8s.io/client-go/informers/certificates/v1beta1", "k8s.io/client-go/informers/coordination", "k8s.io/client-go/informers/coordination/v1", "k8s.io/client-go/informers/coordination/v1alpha2", "k8s.io/client-go/informers/coordination/v1beta1", "k8s.io/client-go/informers/core", "k8s.io/client-go/informers/core/v1", "k8s.io/client-go/informers/discovery", "k8s.io/client-go/informers/discovery/v1", "k8s.io/client-go/informers/discovery/v1beta1", "k8s.io/client-go/informers/events", "k8s.io/client-go/informers/events/v1", "k8s.io/client-go/informers/events/v1beta1", "k8s.io/client-go/informers/extensions", "k8s.io/client-go/informers/extensions/v1beta1", "k8s.io/client-go/informers/flowcontrol", "k8s.io/client-go/informers/flowcontrol/v1", "k8s.io/client-go/informers/flowcontrol/v1beta1", "k8s.io/client-go/informers/flowcontrol/v1beta2", "k8s.io/client-go/informers/flowcontrol/v1beta3", "k8s.io/client-go/informers/networking", "k8s.io/client-go/informers/networking/v1", "k8s.io/client-go/informers/networking/v1beta1", "k8s.io/client-go/informers/node", "k8s.io/client-go/informers/node/v1", "k8s.io/client-go/informers/node/v1alpha1", "k8s.io/client-go/informers/node/v1beta1", "k8s.io/client-go/informers/policy", "k8s.io/client-go/informers/policy/v1", "k8s.io/client-go/informers/policy/v1beta1", "k8s.io/client-go/informers/rbac", "k8s.io/client-go/informers/rbac/v1", "k8s.io/client-go/informers/rbac/v1alpha1", "k8s.io/client-go/informers/rbac/v1beta1", "k8s.io/client-go/informers/resource", "k8s.io/client-go/informers/resource/v1", "k8s.io/client-go/informers/resource/v1alpha3", "k8s.io/client-go/informers/resource/v1beta1", "k8s.io/client-go/informers/resource/v1beta2", "k8s.io/client-go/informers/scheduling", "k8s.io/client-go/informers/scheduling/v1", "k8s.io/client-go/informers/scheduling/v1alpha1", "k8s.io/client-go/informers/scheduling/v1beta1", "k8s.io/client-go/informers/storage", "k8s.io/client-go/informers/storage/v1", "k8s.io/client-go/informers/storage/v1alpha1", "k8s.io/client-go/informers/storage/v1beta1", "k8s.io/client-go/informers/storagemigration", "k8s.io/client-go/informers/storagemigration/v1beta1", "k8s.io/client-go/kubernetes", "k8s.io/client-go/kubernetes/scheme", "k8s.io/client-go/kubernetes/typed/admissionregistration/v1", "k8s.io/client-go/kubernetes/typed/admissionregistration/v1alpha1", "k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1", "k8s.io/client-go/kubernetes/typed/apiserverinternal/v1alpha1", "k8s.io/client-go/kubernetes/typed/apps/v1", "k8s.io/client-go/kubernetes/typed/apps/v1beta1", "k8s.io/client-go/kubernetes/typed/apps/v1beta2", "k8s.io/client-go/kubernetes/typed/authentication/v1", "k8s.io/client-go/kubernetes/typed/authentication/v1alpha1", "k8s.io/client-go/kubernetes/typed/authentication/v1beta1", "k8s.io/client-go/kubernetes/typed/authorization/v1", "k8s.io/client-go/kubernetes/typed/authorization/v1beta1", "k8s.io/client-go/kubernetes/typed/autoscaling/v1", "k8s.io/client-go/kubernetes/typed/autoscaling/v2", "k8s.io/client-go/kubernetes/typed/autoscaling/v2beta1", "k8s.io/client-go/kubernetes/typed/autoscaling/v2beta2", "k8s.io/client-go/kubernetes/typed/batch/v1", "k8s.io/client-go/kubernetes/typed/batch/v1beta1", "k8s.io/client-go/kubernetes/typed/certificates/v1", "k8s.io/client-go/kubernetes/typed/certificates/v1alpha1", "k8s.io/client-go/kubernetes/typed/certificates/v1beta1", "k8s.io/client-go/kubernetes/typed/coordination/v1", "k8s.io/client-go/kubernetes/typed/coordination/v1alpha2", "k8s.io/client-go/kubernetes/typed/coordination/v1beta1", "k8s.io/client-go/kubernetes/typed/core/v1", "k8s.io/client-go/kubernetes/typed/discovery/v1", "k8s.io/client-go/kubernetes/typed/discovery/v1beta1", "k8s.io/client-go/kubernetes/typed/events/v1", "k8s.io/client-go/kubernetes/typed/events/v1beta1", "k8s.io/client-go/kubernetes/typed/extensions/v1beta1", "k8s.io/client-go/kubernetes/typed/flowcontrol/v1", "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta1", "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta2", "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta3", "k8s.io/client-go/kubernetes/typed/networking/v1", "k8s.io/client-go/kubernetes/typed/networking/v1beta1", "k8s.io/client-go/kubernetes/typed/node/v1", "k8s.io/client-go/kubernetes/typed/node/v1alpha1", "k8s.io/client-go/kubernetes/typed/node/v1beta1", "k8s.io/client-go/kubernetes/typed/policy/v1", "k8s.io/client-go/kubernetes/typed/policy/v1beta1", "k8s.io/client-go/kubernetes/typed/rbac/v1", "k8s.io/client-go/kubernetes/typed/rbac/v1alpha1", "k8s.io/client-go/kubernetes/typed/rbac/v1beta1", "k8s.io/client-go/kubernetes/typed/resource/v1", "k8s.io/client-go/kubernetes/typed/resource/v1alpha3", "k8s.io/client-go/kubernetes/typed/resource/v1beta1", "k8s.io/client-go/kubernetes/typed/resource/v1beta2", "k8s.io/client-go/kubernetes/typed/scheduling/v1", "k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1", "k8s.io/client-go/kubernetes/typed/scheduling/v1beta1", "k8s.io/client-go/kubernetes/typed/storage/v1", "k8s.io/client-go/kubernetes/typed/storage/v1alpha1", "k8s.io/client-go/kubernetes/typed/storage/v1beta1", "k8s.io/client-go/kubernetes/typed/storagemigration/v1beta1", "k8s.io/client-go/listers", "k8s.io/client-go/listers/admissionregistration/v1", "k8s.io/client-go/listers/admissionregistration/v1alpha1", "k8s.io/client-go/listers/admissionregistration/v1beta1", "k8s.io/client-go/listers/apiserverinternal/v1alpha1", "k8s.io/client-go/listers/apps/v1", "k8s.io/client-go/listers/apps/v1beta1", "k8s.io/client-go/listers/apps/v1beta2", "k8s.io/client-go/listers/autoscaling/v1", "k8s.io/client-go/listers/autoscaling/v2", "k8s.io/client-go/listers/autoscaling/v2beta1", "k8s.io/client-go/listers/autoscaling/v2beta2", "k8s.io/client-go/listers/batch/v1", "k8s.io/client-go/listers/batch/v1beta1", "k8s.io/client-go/listers/certificates/v1", "k8s.io/client-go/listers/certificates/v1alpha1", "k8s.io/client-go/listers/certificates/v1beta1", "k8s.io/client-go/listers/coordination/v1", "k8s.io/client-go/listers/coordination/v1alpha2", "k8s.io/client-go/listers/coordination/v1beta1", "k8s.io/client-go/listers/core/v1", "k8s.io/client-go/listers/discovery/v1", "k8s.io/client-go/listers/discovery/v1beta1", "k8s.io/client-go/listers/events/v1", "k8s.io/client-go/listers/events/v1beta1", "k8s.io/client-go/listers/extensions/v1beta1", "k8s.io/client-go/listers/flowcontrol/v1", "k8s.io/client-go/listers/flowcontrol/v1beta1", "k8s.io/client-go/listers/flowcontrol/v1beta2", "k8s.io/client-go/listers/flowcontrol/v1beta3", "k8s.io/client-go/listers/networking/v1", "k8s.io/client-go/listers/networking/v1beta1", "k8s.io/client-go/listers/node/v1", "k8s.io/client-go/listers/node/v1alpha1", "k8s.io/client-go/listers/node/v1beta1", "k8s.io/client-go/listers/policy/v1", "k8s.io/client-go/listers/policy/v1beta1", "k8s.io/client-go/listers/rbac/v1", "k8s.io/client-go/listers/rbac/v1alpha1", "k8s.io/client-go/listers/rbac/v1beta1", "k8s.io/client-go/listers/resource/v1", "k8s.io/client-go/listers/resource/v1alpha3", "k8s.io/client-go/listers/resource/v1beta1", "k8s.io/client-go/listers/resource/v1beta2", "k8s.io/client-go/listers/scheduling/v1", "k8s.io/client-go/listers/scheduling/v1alpha1", "k8s.io/client-go/listers/scheduling/v1beta1", "k8s.io/client-go/listers/storage/v1", "k8s.io/client-go/listers/storage/v1alpha1", "k8s.io/client-go/listers/storage/v1beta1", "k8s.io/client-go/listers/storagemigration/v1beta1", "k8s.io/client-go/metadata", "k8s.io/client-go/openapi", "k8s.io/client-go/openapi/cached", "k8s.io/client-go/pkg/apis/clientauthentication", "k8s.io/client-go/pkg/apis/clientauthentication/install", "k8s.io/client-go/pkg/apis/clientauthentication/v1", "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1", "k8s.io/client-go/pkg/version", "k8s.io/client-go/plugin/pkg/client/auth", "k8s.io/client-go/plugin/pkg/client/auth/azure", "k8s.io/client-go/plugin/pkg/client/auth/exec", "k8s.io/client-go/plugin/pkg/client/auth/gcp", "k8s.io/client-go/plugin/pkg/client/auth/oidc", "k8s.io/client-go/rest", "k8s.io/client-go/rest/watch", "k8s.io/client-go/restmapper", "k8s.io/client-go/testing", "k8s.io/client-go/third_party/forked/golang/template", "k8s.io/client-go/tools/auth", "k8s.io/client-go/tools/cache", "k8s.io/client-go/tools/cache/synctrack", "k8s.io/client-go/tools/clientcmd", "k8s.io/client-go/tools/clientcmd/api", "k8s.io/client-go/tools/clientcmd/api/latest", "k8s.io/client-go/tools/clientcmd/api/v1", "k8s.io/client-go/tools/events", "k8s.io/client-go/tools/leaderelection", "k8s.io/client-go/tools/leaderelection/resourcelock", "k8s.io/client-go/tools/metrics", "k8s.io/client-go/tools/pager", "k8s.io/client-go/tools/record", "k8s.io/client-go/tools/record/util", "k8s.io/client-go/tools/reference", "k8s.io/client-go/transport", "k8s.io/client-go/util/apply", "k8s.io/client-go/util/cert", "k8s.io/client-go/util/connrotation", "k8s.io/client-go/util/consistencydetector", "k8s.io/client-go/util/flowcontrol", "k8s.io/client-go/util/homedir", "k8s.io/client-go/util/jsonpath", "k8s.io/client-go/util/keyutil", "k8s.io/client-go/util/retry", "k8s.io/client-go/util/watchlist", "k8s.io/client-go/util/workqueue", "k8s.io/component-base/cli/flag", "k8s.io/component-base/compatibility", "k8s.io/component-base/featuregate", "k8s.io/component-base/metrics", "k8s.io/component-base/metrics/legacyregistry", "k8s.io/component-base/metrics/prometheus/compatversion", "k8s.io/component-base/metrics/prometheus/feature", "k8s.io/component-base/metrics/prometheusextension", "k8s.io/component-base/version", "k8s.io/component-base/zpages/features", "k8s.io/klog/v2", "k8s.io/kube-openapi/pkg/cached", "k8s.io/kube-openapi/pkg/common", "k8s.io/kube-openapi/pkg/handler3", "k8s.io/kube-openapi/pkg/schemaconv", "k8s.io/kube-openapi/pkg/spec3", "k8s.io/kube-openapi/pkg/util", "k8s.io/kube-openapi/pkg/util/proto", "k8s.io/kube-openapi/pkg/validation/errors", "k8s.io/kube-openapi/pkg/validation/spec", "k8s.io/kube-openapi/pkg/validation/strfmt", "k8s.io/kube-openapi/pkg/validation/strfmt/bson", "k8s.io/kube-openapi/pkg/validation/validate", "k8s.io/metrics/pkg/apis/metrics", "k8s.io/metrics/pkg/apis/metrics/v1alpha1", "k8s.io/metrics/pkg/apis/metrics/v1beta1", "k8s.io/metrics/pkg/client/clientset/versioned", "k8s.io/metrics/pkg/client/clientset/versioned/scheme", "k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1alpha1", "k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1", "k8s.io/utils/buffer", "k8s.io/utils/clock", "k8s.io/utils/lru", "k8s.io/utils/net", "k8s.io/utils/ptr", "k8s.io/utils/trace", "sigs.k8s.io/controller-runtime", "sigs.k8s.io/controller-runtime/pkg/builder", "sigs.k8s.io/controller-runtime/pkg/cache", "sigs.k8s.io/controller-runtime/pkg/certwatcher", "sigs.k8s.io/controller-runtime/pkg/certwatcher/metrics", "sigs.k8s.io/controller-runtime/pkg/client", "sigs.k8s.io/controller-runtime/pkg/client/apiutil", "sigs.k8s.io/controller-runtime/pkg/client/config", "sigs.k8s.io/controller-runtime/pkg/cluster", "sigs.k8s.io/controller-runtime/pkg/config", "sigs.k8s.io/controller-runtime/pkg/controller", "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil", "sigs.k8s.io/controller-runtime/pkg/controller/priorityqueue", "sigs.k8s.io/controller-runtime/pkg/conversion", "sigs.k8s.io/controller-runtime/pkg/event", "sigs.k8s.io/controller-runtime/pkg/handler", "sigs.k8s.io/controller-runtime/pkg/healthz", "sigs.k8s.io/controller-runtime/pkg/leaderelection", "sigs.k8s.io/controller-runtime/pkg/log", "sigs.k8s.io/controller-runtime/pkg/log/zap", "sigs.k8s.io/controller-runtime/pkg/manager", "sigs.k8s.io/controller-runtime/pkg/manager/signals", "sigs.k8s.io/controller-runtime/pkg/metrics", "sigs.k8s.io/controller-runtime/pkg/metrics/server", "sigs.k8s.io/controller-runtime/pkg/predicate", "sigs.k8s.io/controller-runtime/pkg/reconcile", "sigs.k8s.io/controller-runtime/pkg/recorder", "sigs.k8s.io/controller-runtime/pkg/scheme", "sigs.k8s.io/controller-runtime/pkg/source", "sigs.k8s.io/controller-runtime/pkg/webhook", "sigs.k8s.io/controller-runtime/pkg/webhook/admission", "sigs.k8s.io/controller-runtime/pkg/webhook/admission/metrics", "sigs.k8s.io/controller-runtime/pkg/webhook/conversion", "sigs.k8s.io/controller-runtime/pkg/webhook/conversion/metrics", "sigs.k8s.io/json", "sigs.k8s.io/randfill", "sigs.k8s.io/randfill/bytesource", "sigs.k8s.io/structured-merge-diff/v6/fieldpath", "sigs.k8s.io/structured-merge-diff/v6/merge", "sigs.k8s.io/structured-merge-diff/v6/schema", "sigs.k8s.io/structured-merge-diff/v6/typed", "sigs.k8s.io/structured-merge-diff/v6/value", "sigs.k8s.io/yaml", "sigs.k8s.io/yaml/kyaml"] +cachePackages = ["al.essio.dev/pkg/shellescape", "cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario.cat/mergo", "github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/runtime/2019-08-15-preview/containerregistry", "github.com/Azure/azure-sdk-for-go/version", "github.com/Azure/go-autorest/autorest", "github.com/Azure/go-autorest/autorest/adal", "github.com/Azure/go-autorest/autorest/azure", "github.com/Azure/go-autorest/autorest/azure/auth", "github.com/Azure/go-autorest/autorest/azure/cli", "github.com/Azure/go-autorest/autorest/date", "github.com/Azure/go-autorest/logger", "github.com/Azure/go-autorest/tracing", "github.com/BurntSushi/toml", "github.com/MakeNowJust/heredoc", "github.com/Masterminds/goutils", "github.com/Masterminds/semver/v3", "github.com/Masterminds/sprig/v3", "github.com/Masterminds/squirrel", "github.com/ProtonMail/go-crypto/bitcurves", "github.com/ProtonMail/go-crypto/brainpool", "github.com/ProtonMail/go-crypto/eax", "github.com/ProtonMail/go-crypto/ocb", "github.com/ProtonMail/go-crypto/openpgp", "github.com/ProtonMail/go-crypto/openpgp/aes/keywrap", "github.com/ProtonMail/go-crypto/openpgp/armor", "github.com/ProtonMail/go-crypto/openpgp/ecdh", "github.com/ProtonMail/go-crypto/openpgp/ecdsa", "github.com/ProtonMail/go-crypto/openpgp/ed25519", "github.com/ProtonMail/go-crypto/openpgp/ed448", "github.com/ProtonMail/go-crypto/openpgp/eddsa", "github.com/ProtonMail/go-crypto/openpgp/elgamal", "github.com/ProtonMail/go-crypto/openpgp/errors", "github.com/ProtonMail/go-crypto/openpgp/packet", "github.com/ProtonMail/go-crypto/openpgp/s2k", "github.com/ProtonMail/go-crypto/openpgp/x25519", "github.com/ProtonMail/go-crypto/openpgp/x448", "github.com/alecthomas/kong", "github.com/antlr4-go/antlr/v4", "github.com/asaskevich/govalidator", "github.com/aws/aws-sdk-go-v2/aws", "github.com/aws/aws-sdk-go-v2/aws/defaults", "github.com/aws/aws-sdk-go-v2/aws/middleware", "github.com/aws/aws-sdk-go-v2/aws/protocol/query", "github.com/aws/aws-sdk-go-v2/aws/protocol/restjson", "github.com/aws/aws-sdk-go-v2/aws/protocol/xml", "github.com/aws/aws-sdk-go-v2/aws/ratelimit", "github.com/aws/aws-sdk-go-v2/aws/retry", "github.com/aws/aws-sdk-go-v2/aws/signer/v4", "github.com/aws/aws-sdk-go-v2/aws/transport/http", "github.com/aws/aws-sdk-go-v2/config", "github.com/aws/aws-sdk-go-v2/credentials", "github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds", "github.com/aws/aws-sdk-go-v2/credentials/endpointcreds", "github.com/aws/aws-sdk-go-v2/credentials/logincreds", "github.com/aws/aws-sdk-go-v2/credentials/processcreds", "github.com/aws/aws-sdk-go-v2/credentials/ssocreds", "github.com/aws/aws-sdk-go-v2/credentials/stscreds", "github.com/aws/aws-sdk-go-v2/feature/ec2/imds", "github.com/aws/aws-sdk-go-v2/service/ecr", "github.com/aws/aws-sdk-go-v2/service/ecr/types", "github.com/aws/aws-sdk-go-v2/service/ecrpublic", "github.com/aws/aws-sdk-go-v2/service/ecrpublic/types", "github.com/aws/aws-sdk-go-v2/service/signin", "github.com/aws/aws-sdk-go-v2/service/signin/types", "github.com/aws/aws-sdk-go-v2/service/sso", "github.com/aws/aws-sdk-go-v2/service/sso/types", "github.com/aws/aws-sdk-go-v2/service/ssooidc", "github.com/aws/aws-sdk-go-v2/service/ssooidc/types", "github.com/aws/aws-sdk-go-v2/service/sts", "github.com/aws/aws-sdk-go-v2/service/sts/types", "github.com/aws/smithy-go", "github.com/aws/smithy-go/auth", "github.com/aws/smithy-go/auth/bearer", "github.com/aws/smithy-go/context", "github.com/aws/smithy-go/document", "github.com/aws/smithy-go/encoding", "github.com/aws/smithy-go/encoding/httpbinding", "github.com/aws/smithy-go/encoding/json", "github.com/aws/smithy-go/encoding/xml", "github.com/aws/smithy-go/endpoints", "github.com/aws/smithy-go/endpoints/private/rulesfn", "github.com/aws/smithy-go/io", "github.com/aws/smithy-go/logging", "github.com/aws/smithy-go/metrics", "github.com/aws/smithy-go/middleware", "github.com/aws/smithy-go/private/requestcompression", "github.com/aws/smithy-go/ptr", "github.com/aws/smithy-go/rand", "github.com/aws/smithy-go/time", "github.com/aws/smithy-go/tracing", "github.com/aws/smithy-go/transport/http", "github.com/aws/smithy-go/waiter", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/config", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/version", "github.com/aymanbagabas/go-osc52/v2", "github.com/bahlo/generic-list-go", "github.com/beorn7/perks/quantile", "github.com/blang/semver", "github.com/blang/semver/v4", "github.com/buger/jsonparser", "github.com/cenkalti/backoff/v5", "github.com/cespare/xxhash/v2", "github.com/chai2010/gettext-go", "github.com/chai2010/gettext-go/mo", "github.com/chai2010/gettext-go/plural", "github.com/chai2010/gettext-go/po", "github.com/charmbracelet/bubbles/spinner", "github.com/charmbracelet/bubbletea", "github.com/charmbracelet/colorprofile", "github.com/charmbracelet/lipgloss", "github.com/charmbracelet/x/ansi", "github.com/charmbracelet/x/ansi/parser", "github.com/charmbracelet/x/cellbuf", "github.com/charmbracelet/x/term", "github.com/chrismellard/docker-credential-acr-env/pkg/credhelper", "github.com/chrismellard/docker-credential-acr-env/pkg/registry", "github.com/chrismellard/docker-credential-acr-env/pkg/token", "github.com/clipperhouse/displaywidth", "github.com/clipperhouse/stringish", "github.com/clipperhouse/uax29/v2/graphemes", "github.com/cloudflare/circl/dh/x25519", "github.com/cloudflare/circl/dh/x448", "github.com/cloudflare/circl/ecc/goldilocks", "github.com/cloudflare/circl/math", "github.com/cloudflare/circl/math/fp25519", "github.com/cloudflare/circl/math/fp448", "github.com/cloudflare/circl/math/mlsbset", "github.com/cloudflare/circl/sign", "github.com/cloudflare/circl/sign/ed25519", "github.com/cloudflare/circl/sign/ed448", "github.com/containerd/containerd/archive/compression", "github.com/containerd/containerd/content", "github.com/containerd/containerd/errdefs", "github.com/containerd/containerd/filters", "github.com/containerd/containerd/images", "github.com/containerd/containerd/labels", "github.com/containerd/containerd/pkg/randutil", "github.com/containerd/containerd/remotes", "github.com/containerd/errdefs", "github.com/containerd/errdefs/pkg/errhttp", "github.com/containerd/log", "github.com/containerd/platforms", "github.com/containerd/stargz-snapshotter/estargz", "github.com/containerd/stargz-snapshotter/estargz/errorutil", "github.com/coreos/go-oidc/v3/oidc", "github.com/crossplane/crossplane-runtime/v2/pkg/errors", "github.com/crossplane/crossplane-runtime/v2/pkg/fieldpath", "github.com/crossplane/crossplane-runtime/v2/pkg/logging", "github.com/crossplane/crossplane-runtime/v2/pkg/meta", "github.com/crossplane/crossplane-runtime/v2/pkg/resource", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured/claim", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured/composed", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured/composite", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured/reference", "github.com/crossplane/crossplane-runtime/v2/pkg/test", "github.com/crossplane/crossplane-runtime/v2/pkg/version", "github.com/crossplane/crossplane-runtime/v2/pkg/xcrd", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser/examples", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser/yaml", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/signature", "github.com/crossplane/crossplane/apis/v2/apiextensions/v1", "github.com/crossplane/crossplane/apis/v2/apiextensions/v1alpha1", "github.com/crossplane/crossplane/apis/v2/apiextensions/v1beta1", "github.com/crossplane/crossplane/apis/v2/apiextensions/v2", "github.com/crossplane/crossplane/apis/v2/core/v2", "github.com/crossplane/crossplane/apis/v2/ops/v1alpha1", "github.com/crossplane/crossplane/apis/v2/pkg", "github.com/crossplane/crossplane/apis/v2/pkg/meta/v1", "github.com/crossplane/crossplane/apis/v2/pkg/meta/v1alpha1", "github.com/crossplane/crossplane/apis/v2/pkg/meta/v1beta1", "github.com/crossplane/crossplane/apis/v2/pkg/v1", "github.com/crossplane/crossplane/apis/v2/pkg/v1beta1", "github.com/crossplane/function-sdk-go/errors", "github.com/crossplane/function-sdk-go/proto/v1", "github.com/crossplane/function-sdk-go/resource", "github.com/crossplane/function-sdk-go/resource/composed", "github.com/crossplane/function-sdk-go/resource/composite", "github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer", "github.com/cyphar/filepath-securejoin", "github.com/davecgh/go-spew/spew", "github.com/digitorus/pkcs7", "github.com/digitorus/timestamp", "github.com/dimchansky/utfbom", "github.com/distribution/reference", "github.com/docker/cli/cli/config", "github.com/docker/cli/cli/config/configfile", "github.com/docker/cli/cli/config/credentials", "github.com/docker/cli/cli/config/memorystore", "github.com/docker/cli/cli/config/types", "github.com/docker/distribution/registry/client/auth/challenge", "github.com/docker/docker-credential-helpers/client", "github.com/docker/docker-credential-helpers/credentials", "github.com/docker/docker/api", "github.com/docker/docker/api/types", "github.com/docker/docker/api/types/blkiodev", "github.com/docker/docker/api/types/build", "github.com/docker/docker/api/types/checkpoint", "github.com/docker/docker/api/types/common", "github.com/docker/docker/api/types/container", "github.com/docker/docker/api/types/events", "github.com/docker/docker/api/types/filters", "github.com/docker/docker/api/types/image", "github.com/docker/docker/api/types/mount", "github.com/docker/docker/api/types/network", "github.com/docker/docker/api/types/registry", "github.com/docker/docker/api/types/storage", "github.com/docker/docker/api/types/strslice", "github.com/docker/docker/api/types/swarm", "github.com/docker/docker/api/types/swarm/runtime", "github.com/docker/docker/api/types/system", "github.com/docker/docker/api/types/time", "github.com/docker/docker/api/types/versions", "github.com/docker/docker/api/types/volume", "github.com/docker/docker/client", "github.com/docker/docker/pkg/stdcopy", "github.com/docker/go-connections/nat", "github.com/docker/go-connections/sockets", "github.com/docker/go-connections/tlsconfig", "github.com/docker/go-units", "github.com/dprotaso/go-yit", "github.com/dustin/go-humanize", "github.com/emicklei/dot", "github.com/emicklei/go-restful/v3", "github.com/emicklei/go-restful/v3/log", "github.com/emirpasic/gods/containers", "github.com/emirpasic/gods/lists", "github.com/emirpasic/gods/lists/arraylist", "github.com/emirpasic/gods/trees", "github.com/emirpasic/gods/trees/binaryheap", "github.com/emirpasic/gods/utils", "github.com/evanphx/json-patch", "github.com/evanphx/json-patch/v5", "github.com/exponent-io/jsonpath", "github.com/fatih/color", "github.com/felixge/httpsnoop", "github.com/fsnotify/fsnotify", "github.com/fxamacker/cbor/v2", "github.com/getkin/kin-openapi/openapi3", "github.com/go-chi/chi/v5", "github.com/go-chi/chi/v5/middleware", "github.com/go-errors/errors", "github.com/go-git/gcfg", "github.com/go-git/gcfg/scanner", "github.com/go-git/gcfg/token", "github.com/go-git/gcfg/types", "github.com/go-git/go-billy/v5", "github.com/go-git/go-billy/v5/helper/chroot", "github.com/go-git/go-billy/v5/helper/iofs", "github.com/go-git/go-billy/v5/helper/polyfill", "github.com/go-git/go-billy/v5/memfs", "github.com/go-git/go-billy/v5/osfs", "github.com/go-git/go-billy/v5/util", "github.com/go-git/go-git/v5", "github.com/go-git/go-git/v5/config", "github.com/go-git/go-git/v5/plumbing", "github.com/go-git/go-git/v5/plumbing/cache", "github.com/go-git/go-git/v5/plumbing/color", "github.com/go-git/go-git/v5/plumbing/filemode", "github.com/go-git/go-git/v5/plumbing/format/config", "github.com/go-git/go-git/v5/plumbing/format/diff", "github.com/go-git/go-git/v5/plumbing/format/gitignore", "github.com/go-git/go-git/v5/plumbing/format/idxfile", "github.com/go-git/go-git/v5/plumbing/format/index", "github.com/go-git/go-git/v5/plumbing/format/objfile", "github.com/go-git/go-git/v5/plumbing/format/packfile", "github.com/go-git/go-git/v5/plumbing/format/pktline", "github.com/go-git/go-git/v5/plumbing/hash", "github.com/go-git/go-git/v5/plumbing/object", "github.com/go-git/go-git/v5/plumbing/protocol/packp", "github.com/go-git/go-git/v5/plumbing/protocol/packp/capability", "github.com/go-git/go-git/v5/plumbing/protocol/packp/sideband", "github.com/go-git/go-git/v5/plumbing/revlist", "github.com/go-git/go-git/v5/plumbing/storer", "github.com/go-git/go-git/v5/plumbing/transport", "github.com/go-git/go-git/v5/plumbing/transport/client", "github.com/go-git/go-git/v5/plumbing/transport/file", "github.com/go-git/go-git/v5/plumbing/transport/git", "github.com/go-git/go-git/v5/plumbing/transport/http", "github.com/go-git/go-git/v5/plumbing/transport/server", "github.com/go-git/go-git/v5/plumbing/transport/ssh", "github.com/go-git/go-git/v5/storage", "github.com/go-git/go-git/v5/storage/filesystem", "github.com/go-git/go-git/v5/storage/filesystem/dotgit", "github.com/go-git/go-git/v5/storage/memory", "github.com/go-git/go-git/v5/utils/binary", "github.com/go-git/go-git/v5/utils/diff", "github.com/go-git/go-git/v5/utils/ioutil", "github.com/go-git/go-git/v5/utils/merkletrie", "github.com/go-git/go-git/v5/utils/merkletrie/filesystem", "github.com/go-git/go-git/v5/utils/merkletrie/index", "github.com/go-git/go-git/v5/utils/merkletrie/noder", "github.com/go-git/go-git/v5/utils/sync", "github.com/go-git/go-git/v5/utils/trace", "github.com/go-gorp/gorp/v3", "github.com/go-jose/go-jose/v4", "github.com/go-jose/go-jose/v4/cipher", "github.com/go-jose/go-jose/v4/json", "github.com/go-json-experiment/json", "github.com/go-json-experiment/json/jsontext", "github.com/go-logr/logr", "github.com/go-logr/logr/funcr", "github.com/go-logr/logr/slogr", "github.com/go-logr/stdr", "github.com/go-logr/zapr", "github.com/go-openapi/analysis", "github.com/go-openapi/errors", "github.com/go-openapi/jsonpointer", "github.com/go-openapi/jsonreference", "github.com/go-openapi/loads", "github.com/go-openapi/runtime", "github.com/go-openapi/runtime/client", "github.com/go-openapi/runtime/logger", "github.com/go-openapi/runtime/middleware", "github.com/go-openapi/runtime/middleware/denco", "github.com/go-openapi/runtime/middleware/header", "github.com/go-openapi/runtime/middleware/untyped", "github.com/go-openapi/runtime/security", "github.com/go-openapi/runtime/yamlpc", "github.com/go-openapi/spec", "github.com/go-openapi/strfmt", "github.com/go-openapi/swag", "github.com/go-openapi/swag/cmdutils", "github.com/go-openapi/swag/conv", "github.com/go-openapi/swag/fileutils", "github.com/go-openapi/swag/jsonname", "github.com/go-openapi/swag/jsonutils", "github.com/go-openapi/swag/jsonutils/adapters", "github.com/go-openapi/swag/jsonutils/adapters/ifaces", "github.com/go-openapi/swag/jsonutils/adapters/stdlib/json", "github.com/go-openapi/swag/loading", "github.com/go-openapi/swag/mangling", "github.com/go-openapi/swag/netutils", "github.com/go-openapi/swag/stringutils", "github.com/go-openapi/swag/typeutils", "github.com/go-openapi/swag/yamlutils", "github.com/go-openapi/validate", "github.com/go-viper/mapstructure/v2", "github.com/gobuffalo/flect", "github.com/gobwas/glob", "github.com/gobwas/glob/compiler", "github.com/gobwas/glob/match", "github.com/gobwas/glob/syntax", "github.com/gobwas/glob/syntax/ast", "github.com/gobwas/glob/syntax/lexer", "github.com/gobwas/glob/util/runes", "github.com/gobwas/glob/util/strings", "github.com/golang-jwt/jwt/v4", "github.com/golang/groupcache/lru", "github.com/golang/snappy", "github.com/google/btree", "github.com/google/cel-go/cel", "github.com/google/cel-go/checker", "github.com/google/cel-go/checker/decls", "github.com/google/cel-go/common", "github.com/google/cel-go/common/ast", "github.com/google/cel-go/common/containers", "github.com/google/cel-go/common/debug", "github.com/google/cel-go/common/decls", "github.com/google/cel-go/common/env", "github.com/google/cel-go/common/functions", "github.com/google/cel-go/common/operators", "github.com/google/cel-go/common/overloads", "github.com/google/cel-go/common/runes", "github.com/google/cel-go/common/stdlib", "github.com/google/cel-go/common/types", "github.com/google/cel-go/common/types/pb", "github.com/google/cel-go/common/types/ref", "github.com/google/cel-go/common/types/traits", "github.com/google/cel-go/ext", "github.com/google/cel-go/interpreter", "github.com/google/cel-go/interpreter/functions", "github.com/google/cel-go/parser", "github.com/google/cel-go/parser/gen", "github.com/google/certificate-transparency-go", "github.com/google/certificate-transparency-go/asn1", "github.com/google/certificate-transparency-go/client", "github.com/google/certificate-transparency-go/client/configpb", "github.com/google/certificate-transparency-go/ctutil", "github.com/google/certificate-transparency-go/gossip/minimal/x509ext", "github.com/google/certificate-transparency-go/jsonclient", "github.com/google/certificate-transparency-go/loglist3", "github.com/google/certificate-transparency-go/tls", "github.com/google/certificate-transparency-go/x509", "github.com/google/certificate-transparency-go/x509/pkix", "github.com/google/certificate-transparency-go/x509util", "github.com/google/gnostic-models/compiler", "github.com/google/gnostic-models/extensions", "github.com/google/gnostic-models/jsonschema", "github.com/google/gnostic-models/openapiv2", "github.com/google/gnostic-models/openapiv3", "github.com/google/go-cmp/cmp", "github.com/google/go-cmp/cmp/cmpopts", "github.com/google/go-containerregistry/pkg/authn", "github.com/google/go-containerregistry/pkg/authn/k8schain", "github.com/google/go-containerregistry/pkg/authn/kubernetes", "github.com/google/go-containerregistry/pkg/compression", "github.com/google/go-containerregistry/pkg/crane", "github.com/google/go-containerregistry/pkg/legacy", "github.com/google/go-containerregistry/pkg/legacy/tarball", "github.com/google/go-containerregistry/pkg/logs", "github.com/google/go-containerregistry/pkg/name", "github.com/google/go-containerregistry/pkg/v1", "github.com/google/go-containerregistry/pkg/v1/daemon", "github.com/google/go-containerregistry/pkg/v1/empty", "github.com/google/go-containerregistry/pkg/v1/google", "github.com/google/go-containerregistry/pkg/v1/layout", "github.com/google/go-containerregistry/pkg/v1/match", "github.com/google/go-containerregistry/pkg/v1/mutate", "github.com/google/go-containerregistry/pkg/v1/partial", "github.com/google/go-containerregistry/pkg/v1/random", "github.com/google/go-containerregistry/pkg/v1/remote", "github.com/google/go-containerregistry/pkg/v1/remote/transport", "github.com/google/go-containerregistry/pkg/v1/static", "github.com/google/go-containerregistry/pkg/v1/stream", "github.com/google/go-containerregistry/pkg/v1/tarball", "github.com/google/go-containerregistry/pkg/v1/types", "github.com/google/ko/pkg/build", "github.com/google/ko/pkg/caps", "github.com/google/uuid", "github.com/gosuri/uitable", "github.com/gosuri/uitable/util/strutil", "github.com/gosuri/uitable/util/wordwrap", "github.com/gregjones/httpcache", "github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options", "github.com/grpc-ecosystem/grpc-gateway/v2/runtime", "github.com/grpc-ecosystem/grpc-gateway/v2/utilities", "github.com/hashicorp/errwrap", "github.com/hashicorp/go-cleanhttp", "github.com/hashicorp/go-multierror", "github.com/hashicorp/go-retryablehttp", "github.com/huandu/xstrings", "github.com/in-toto/attestation/go/v1", "github.com/in-toto/in-toto-golang/in_toto", "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common", "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.1", "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2", "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v1", "github.com/invopop/jsonschema", "github.com/jbenet/go-context/io", "github.com/jedisct1/go-minisign", "github.com/jmoiron/sqlx", "github.com/jmoiron/sqlx/reflectx", "github.com/josharian/intern", "github.com/json-iterator/go", "github.com/kevinburke/ssh_config", "github.com/klauspost/compress", "github.com/klauspost/compress/fse", "github.com/klauspost/compress/huff0", "github.com/klauspost/compress/zstd", "github.com/kubernetes-sigs/kro/pkg/graph/dag", "github.com/kubernetes-sigs/kro/pkg/simpleschema", "github.com/kubernetes-sigs/kro/pkg/simpleschema/types", "github.com/lann/builder", "github.com/lann/ps", "github.com/letsencrypt/boulder/core", "github.com/letsencrypt/boulder/core/proto", "github.com/letsencrypt/boulder/goodkey", "github.com/letsencrypt/boulder/identifier", "github.com/letsencrypt/boulder/probs", "github.com/letsencrypt/boulder/revocation", "github.com/lib/pq", "github.com/lib/pq/oid", "github.com/lib/pq/scram", "github.com/liggitt/tabwriter", "github.com/lucasb-eyer/go-colorful", "github.com/mailru/easyjson/jlexer", "github.com/mattn/go-colorable", "github.com/mattn/go-isatty", "github.com/mattn/go-runewidth", "github.com/mitchellh/copystructure", "github.com/mitchellh/go-homedir", "github.com/mitchellh/go-wordwrap", "github.com/mitchellh/reflectwalk", "github.com/moby/docker-image-spec/specs-go/v1", "github.com/moby/term", "github.com/modern-go/concurrent", "github.com/modern-go/reflect2", "github.com/mohae/deepcopy", "github.com/monochromegane/go-gitignore", "github.com/muesli/ansi", "github.com/muesli/ansi/compressor", "github.com/muesli/cancelreader", "github.com/muesli/termenv", "github.com/munnerz/goautoneg", "github.com/nozzle/throttler", "github.com/oapi-codegen/oapi-codegen/v2/pkg/codegen", "github.com/oapi-codegen/oapi-codegen/v2/pkg/util", "github.com/oasdiff/yaml", "github.com/oasdiff/yaml3", "github.com/oklog/ulid/v2", "github.com/opencontainers/go-digest", "github.com/opencontainers/image-spec/specs-go", "github.com/opencontainers/image-spec/specs-go/v1", "github.com/pb33f/ordered-map/v2", "github.com/pelletier/go-toml", "github.com/perimeterx/marshmallow", "github.com/peterbourgon/diskv", "github.com/pjbgf/sha1cd", "github.com/pjbgf/sha1cd/ubc", "github.com/pkg/browser", "github.com/pkg/errors", "github.com/pmezard/go-difflib/difflib", "github.com/posener/complete", "github.com/posener/complete/cmd", "github.com/posener/complete/cmd/install", "github.com/prometheus/client_golang/prometheus", "github.com/prometheus/client_golang/prometheus/collectors", "github.com/prometheus/client_golang/prometheus/promhttp", "github.com/prometheus/client_model/go", "github.com/prometheus/common/expfmt", "github.com/prometheus/common/model", "github.com/prometheus/procfs", "github.com/rivo/uniseg", "github.com/riywo/loginshell", "github.com/rubenv/sql-migrate", "github.com/rubenv/sql-migrate/sqlparse", "github.com/russross/blackfriday/v2", "github.com/santhosh-tekuri/jsonschema/v6", "github.com/santhosh-tekuri/jsonschema/v6/kind", "github.com/sassoftware/relic/lib/pkcs7", "github.com/sassoftware/relic/lib/x509tools", "github.com/secure-systems-lab/go-securesystemslib/cjson", "github.com/secure-systems-lab/go-securesystemslib/dsse", "github.com/secure-systems-lab/go-securesystemslib/encrypted", "github.com/secure-systems-lab/go-securesystemslib/signerverifier", "github.com/sergi/go-diff/diffmatchpatch", "github.com/shibumi/go-pathspec", "github.com/shopspring/decimal", "github.com/sigstore/cosign/v2/pkg/cosign/bundle", "github.com/sigstore/cosign/v2/pkg/cosign/env", "github.com/sigstore/cosign/v2/pkg/oci", "github.com/sigstore/cosign/v2/pkg/oci/empty", "github.com/sigstore/cosign/v2/pkg/oci/mutate", "github.com/sigstore/cosign/v2/pkg/oci/signed", "github.com/sigstore/cosign/v2/pkg/oci/static", "github.com/sigstore/cosign/v2/pkg/types", "github.com/sigstore/cosign/v3/pkg/blob", "github.com/sigstore/cosign/v3/pkg/cosign", "github.com/sigstore/cosign/v3/pkg/cosign/attestation", "github.com/sigstore/cosign/v3/pkg/cosign/bundle", "github.com/sigstore/cosign/v3/pkg/cosign/env", "github.com/sigstore/cosign/v3/pkg/cosign/fulcioverifier/ctutil", "github.com/sigstore/cosign/v3/pkg/oci", "github.com/sigstore/cosign/v3/pkg/oci/empty", "github.com/sigstore/cosign/v3/pkg/oci/layout", "github.com/sigstore/cosign/v3/pkg/oci/remote", "github.com/sigstore/cosign/v3/pkg/oci/signed", "github.com/sigstore/cosign/v3/pkg/oci/static", "github.com/sigstore/cosign/v3/pkg/types", "github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1", "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1", "github.com/sigstore/protobuf-specs/gen/pb-go/dsse", "github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1", "github.com/sigstore/protobuf-specs/gen/pb-go/trustroot/v1", "github.com/sigstore/rekor-tiles/v2/pkg/client", "github.com/sigstore/rekor-tiles/v2/pkg/client/write", "github.com/sigstore/rekor-tiles/v2/pkg/generated/protobuf", "github.com/sigstore/rekor-tiles/v2/pkg/note", "github.com/sigstore/rekor-tiles/v2/pkg/types/verifier", "github.com/sigstore/rekor-tiles/v2/pkg/verify", "github.com/sigstore/rekor/pkg/client", "github.com/sigstore/rekor/pkg/generated/client", "github.com/sigstore/rekor/pkg/generated/client/entries", "github.com/sigstore/rekor/pkg/generated/client/index", "github.com/sigstore/rekor/pkg/generated/client/pubkey", "github.com/sigstore/rekor/pkg/generated/client/tlog", "github.com/sigstore/rekor/pkg/generated/models", "github.com/sigstore/rekor/pkg/log", "github.com/sigstore/rekor/pkg/pki", "github.com/sigstore/rekor/pkg/pki/identity", "github.com/sigstore/rekor/pkg/pki/minisign", "github.com/sigstore/rekor/pkg/pki/pgp", "github.com/sigstore/rekor/pkg/pki/pkcs7", "github.com/sigstore/rekor/pkg/pki/pkitypes", "github.com/sigstore/rekor/pkg/pki/ssh", "github.com/sigstore/rekor/pkg/pki/tuf", "github.com/sigstore/rekor/pkg/pki/x509", "github.com/sigstore/rekor/pkg/tle", "github.com/sigstore/rekor/pkg/types", "github.com/sigstore/rekor/pkg/types/dsse", "github.com/sigstore/rekor/pkg/types/dsse/v0.0.1", "github.com/sigstore/rekor/pkg/types/hashedrekord", "github.com/sigstore/rekor/pkg/types/hashedrekord/v0.0.1", "github.com/sigstore/rekor/pkg/types/intoto", "github.com/sigstore/rekor/pkg/types/intoto/v0.0.1", "github.com/sigstore/rekor/pkg/types/intoto/v0.0.2", "github.com/sigstore/rekor/pkg/types/rekord", "github.com/sigstore/rekor/pkg/types/rekord/v0.0.1", "github.com/sigstore/rekor/pkg/util", "github.com/sigstore/rekor/pkg/verify", "github.com/sigstore/sigstore-go/pkg/bundle", "github.com/sigstore/sigstore-go/pkg/fulcio/certificate", "github.com/sigstore/sigstore-go/pkg/root", "github.com/sigstore/sigstore-go/pkg/sign", "github.com/sigstore/sigstore-go/pkg/tlog", "github.com/sigstore/sigstore-go/pkg/tuf", "github.com/sigstore/sigstore-go/pkg/util", "github.com/sigstore/sigstore-go/pkg/verify", "github.com/sigstore/sigstore/pkg/cryptoutils", "github.com/sigstore/sigstore/pkg/cryptoutils/goodkey", "github.com/sigstore/sigstore/pkg/fulcioroots", "github.com/sigstore/sigstore/pkg/oauth", "github.com/sigstore/sigstore/pkg/oauthflow", "github.com/sigstore/sigstore/pkg/signature", "github.com/sigstore/sigstore/pkg/signature/dsse", "github.com/sigstore/sigstore/pkg/signature/options", "github.com/sigstore/sigstore/pkg/signature/payload", "github.com/sigstore/sigstore/pkg/tuf", "github.com/sigstore/timestamp-authority/v2/pkg/verification", "github.com/sirupsen/logrus", "github.com/skeema/knownhosts", "github.com/speakeasy-api/jsonpath/pkg/jsonpath", "github.com/speakeasy-api/jsonpath/pkg/jsonpath/config", "github.com/speakeasy-api/jsonpath/pkg/jsonpath/token", "github.com/speakeasy-api/openapi/overlay", "github.com/speakeasy-api/openapi/overlay/loader", "github.com/spf13/afero", "github.com/spf13/afero/mem", "github.com/spf13/afero/tarfs", "github.com/spf13/cast", "github.com/spf13/cobra", "github.com/spf13/pflag", "github.com/syndtr/goleveldb/leveldb", "github.com/syndtr/goleveldb/leveldb/cache", "github.com/syndtr/goleveldb/leveldb/comparer", "github.com/syndtr/goleveldb/leveldb/errors", "github.com/syndtr/goleveldb/leveldb/filter", "github.com/syndtr/goleveldb/leveldb/iterator", "github.com/syndtr/goleveldb/leveldb/journal", "github.com/syndtr/goleveldb/leveldb/memdb", "github.com/syndtr/goleveldb/leveldb/opt", "github.com/syndtr/goleveldb/leveldb/storage", "github.com/syndtr/goleveldb/leveldb/table", "github.com/syndtr/goleveldb/leveldb/util", "github.com/theupdateframework/go-tuf", "github.com/theupdateframework/go-tuf/client", "github.com/theupdateframework/go-tuf/client/leveldbstore", "github.com/theupdateframework/go-tuf/data", "github.com/theupdateframework/go-tuf/pkg/keys", "github.com/theupdateframework/go-tuf/pkg/targets", "github.com/theupdateframework/go-tuf/sign", "github.com/theupdateframework/go-tuf/util", "github.com/theupdateframework/go-tuf/v2/metadata", "github.com/theupdateframework/go-tuf/v2/metadata/config", "github.com/theupdateframework/go-tuf/v2/metadata/fetcher", "github.com/theupdateframework/go-tuf/v2/metadata/trustedmetadata", "github.com/theupdateframework/go-tuf/v2/metadata/updater", "github.com/theupdateframework/go-tuf/verify", "github.com/titanous/rocacheck", "github.com/transparency-dev/formats/log", "github.com/transparency-dev/merkle", "github.com/transparency-dev/merkle/compact", "github.com/transparency-dev/merkle/proof", "github.com/transparency-dev/merkle/rfc6962", "github.com/vbatts/tar-split/archive/tar", "github.com/vmware-labs/yaml-jsonpath/pkg/yamlpath", "github.com/willabides/kongplete", "github.com/woodsbury/decimal128", "github.com/x448/float16", "github.com/xanzy/ssh-agent", "github.com/xlab/treeprint", "github.com/xo/terminfo", "go.opentelemetry.io/auto/sdk", "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "go.opentelemetry.io/otel", "go.opentelemetry.io/otel/attribute", "go.opentelemetry.io/otel/baggage", "go.opentelemetry.io/otel/codes", "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "go.opentelemetry.io/otel/metric", "go.opentelemetry.io/otel/metric/embedded", "go.opentelemetry.io/otel/metric/noop", "go.opentelemetry.io/otel/propagation", "go.opentelemetry.io/otel/sdk", "go.opentelemetry.io/otel/sdk/instrumentation", "go.opentelemetry.io/otel/sdk/resource", "go.opentelemetry.io/otel/sdk/trace", "go.opentelemetry.io/otel/semconv/v1.17.0", "go.opentelemetry.io/otel/semconv/v1.37.0", "go.opentelemetry.io/otel/semconv/v1.37.0/otelconv", "go.opentelemetry.io/otel/semconv/v1.40.0", "go.opentelemetry.io/otel/semconv/v1.40.0/httpconv", "go.opentelemetry.io/otel/semconv/v1.40.0/otelconv", "go.opentelemetry.io/otel/trace", "go.opentelemetry.io/otel/trace/embedded", "go.opentelemetry.io/otel/trace/noop", "go.opentelemetry.io/proto/otlp/collector/trace/v1", "go.opentelemetry.io/proto/otlp/common/v1", "go.opentelemetry.io/proto/otlp/resource/v1", "go.opentelemetry.io/proto/otlp/trace/v1", "go.uber.org/multierr", "go.uber.org/zap", "go.uber.org/zap/buffer", "go.uber.org/zap/zapcore", "go.yaml.in/yaml/v2", "go.yaml.in/yaml/v3", "go.yaml.in/yaml/v4", "golang.org/x/crypto/argon2", "golang.org/x/crypto/bcrypt", "golang.org/x/crypto/blake2b", "golang.org/x/crypto/blowfish", "golang.org/x/crypto/cast5", "golang.org/x/crypto/chacha20", "golang.org/x/crypto/cryptobyte", "golang.org/x/crypto/cryptobyte/asn1", "golang.org/x/crypto/curve25519", "golang.org/x/crypto/ed25519", "golang.org/x/crypto/hkdf", "golang.org/x/crypto/nacl/secretbox", "golang.org/x/crypto/ocsp", "golang.org/x/crypto/openpgp", "golang.org/x/crypto/openpgp/armor", "golang.org/x/crypto/openpgp/clearsign", "golang.org/x/crypto/openpgp/elgamal", "golang.org/x/crypto/openpgp/errors", "golang.org/x/crypto/openpgp/packet", "golang.org/x/crypto/openpgp/s2k", "golang.org/x/crypto/pbkdf2", "golang.org/x/crypto/pkcs12", "golang.org/x/crypto/salsa20/salsa", "golang.org/x/crypto/scrypt", "golang.org/x/crypto/sha3", "golang.org/x/crypto/ssh", "golang.org/x/crypto/ssh/agent", "golang.org/x/crypto/ssh/knownhosts", "golang.org/x/crypto/ssh/terminal", "golang.org/x/exp/slices", "golang.org/x/mod/modfile", "golang.org/x/mod/module", "golang.org/x/mod/semver", "golang.org/x/mod/sumdb/note", "golang.org/x/net/context", "golang.org/x/net/http/httpguts", "golang.org/x/net/http2", "golang.org/x/net/http2/hpack", "golang.org/x/net/idna", "golang.org/x/net/proxy", "golang.org/x/net/trace", "golang.org/x/net/websocket", "golang.org/x/oauth2", "golang.org/x/oauth2/authhandler", "golang.org/x/oauth2/google", "golang.org/x/oauth2/google/externalaccount", "golang.org/x/oauth2/jws", "golang.org/x/oauth2/jwt", "golang.org/x/sync/errgroup", "golang.org/x/sync/semaphore", "golang.org/x/sync/singleflight", "golang.org/x/sys/cpu", "golang.org/x/sys/execabs", "golang.org/x/sys/unix", "golang.org/x/term", "golang.org/x/text/cases", "golang.org/x/text/encoding", "golang.org/x/text/encoding/unicode", "golang.org/x/text/feature/plural", "golang.org/x/text/language", "golang.org/x/text/message", "golang.org/x/text/message/catalog", "golang.org/x/text/runes", "golang.org/x/text/secure/bidirule", "golang.org/x/text/transform", "golang.org/x/text/unicode/bidi", "golang.org/x/text/unicode/norm", "golang.org/x/time/rate", "golang.org/x/tools/go/ast/astutil", "golang.org/x/tools/go/ast/edge", "golang.org/x/tools/go/ast/inspector", "golang.org/x/tools/go/gcexportdata", "golang.org/x/tools/go/packages", "golang.org/x/tools/go/types/objectpath", "golang.org/x/tools/go/types/typeutil", "golang.org/x/tools/imports", "gomodules.xyz/jsonpatch/v2", "google.golang.org/genproto/googleapis/api", "google.golang.org/genproto/googleapis/api/annotations", "google.golang.org/genproto/googleapis/api/expr/v1alpha1", "google.golang.org/genproto/googleapis/api/httpbody", "google.golang.org/genproto/googleapis/rpc/errdetails", "google.golang.org/genproto/googleapis/rpc/status", "google.golang.org/grpc", "google.golang.org/grpc/attributes", "google.golang.org/grpc/backoff", "google.golang.org/grpc/balancer", "google.golang.org/grpc/balancer/base", "google.golang.org/grpc/balancer/endpointsharding", "google.golang.org/grpc/balancer/grpclb/state", "google.golang.org/grpc/balancer/pickfirst", "google.golang.org/grpc/balancer/roundrobin", "google.golang.org/grpc/binarylog/grpc_binarylog_v1", "google.golang.org/grpc/channelz", "google.golang.org/grpc/codes", "google.golang.org/grpc/connectivity", "google.golang.org/grpc/credentials", "google.golang.org/grpc/credentials/insecure", "google.golang.org/grpc/encoding", "google.golang.org/grpc/encoding/gzip", "google.golang.org/grpc/encoding/proto", "google.golang.org/grpc/experimental/stats", "google.golang.org/grpc/grpclog", "google.golang.org/grpc/health/grpc_health_v1", "google.golang.org/grpc/keepalive", "google.golang.org/grpc/mem", "google.golang.org/grpc/metadata", "google.golang.org/grpc/peer", "google.golang.org/grpc/resolver", "google.golang.org/grpc/resolver/dns", "google.golang.org/grpc/serviceconfig", "google.golang.org/grpc/stats", "google.golang.org/grpc/status", "google.golang.org/grpc/tap", "google.golang.org/protobuf/encoding/protodelim", "google.golang.org/protobuf/encoding/protojson", "google.golang.org/protobuf/encoding/prototext", "google.golang.org/protobuf/encoding/protowire", "google.golang.org/protobuf/proto", "google.golang.org/protobuf/protoadapt", "google.golang.org/protobuf/reflect/protodesc", "google.golang.org/protobuf/reflect/protoreflect", "google.golang.org/protobuf/reflect/protoregistry", "google.golang.org/protobuf/runtime/protoiface", "google.golang.org/protobuf/runtime/protoimpl", "google.golang.org/protobuf/testing/protocmp", "google.golang.org/protobuf/types/descriptorpb", "google.golang.org/protobuf/types/dynamicpb", "google.golang.org/protobuf/types/gofeaturespb", "google.golang.org/protobuf/types/known/anypb", "google.golang.org/protobuf/types/known/durationpb", "google.golang.org/protobuf/types/known/emptypb", "google.golang.org/protobuf/types/known/fieldmaskpb", "google.golang.org/protobuf/types/known/structpb", "google.golang.org/protobuf/types/known/timestamppb", "google.golang.org/protobuf/types/known/wrapperspb", "gopkg.in/evanphx/json-patch.v4", "gopkg.in/inf.v0", "gopkg.in/warnings.v0", "gopkg.in/yaml.v3", "helm.sh/helm/v3/pkg/action", "helm.sh/helm/v3/pkg/chart", "helm.sh/helm/v3/pkg/chart/loader", "helm.sh/helm/v3/pkg/chartutil", "helm.sh/helm/v3/pkg/cli", "helm.sh/helm/v3/pkg/downloader", "helm.sh/helm/v3/pkg/engine", "helm.sh/helm/v3/pkg/getter", "helm.sh/helm/v3/pkg/helmpath", "helm.sh/helm/v3/pkg/helmpath/xdg", "helm.sh/helm/v3/pkg/ignore", "helm.sh/helm/v3/pkg/kube", "helm.sh/helm/v3/pkg/kube/fake", "helm.sh/helm/v3/pkg/lint", "helm.sh/helm/v3/pkg/lint/rules", "helm.sh/helm/v3/pkg/lint/support", "helm.sh/helm/v3/pkg/plugin", "helm.sh/helm/v3/pkg/postrender", "helm.sh/helm/v3/pkg/provenance", "helm.sh/helm/v3/pkg/pusher", "helm.sh/helm/v3/pkg/registry", "helm.sh/helm/v3/pkg/release", "helm.sh/helm/v3/pkg/releaseutil", "helm.sh/helm/v3/pkg/repo", "helm.sh/helm/v3/pkg/storage", "helm.sh/helm/v3/pkg/storage/driver", "helm.sh/helm/v3/pkg/time", "helm.sh/helm/v3/pkg/time/ctime", "helm.sh/helm/v3/pkg/uploader", "k8s.io/api/admission/v1", "k8s.io/api/admission/v1beta1", "k8s.io/api/admissionregistration/v1", "k8s.io/api/admissionregistration/v1alpha1", "k8s.io/api/admissionregistration/v1beta1", "k8s.io/api/apidiscovery/v2", "k8s.io/api/apidiscovery/v2beta1", "k8s.io/api/apiserverinternal/v1alpha1", "k8s.io/api/apps/v1", "k8s.io/api/apps/v1beta1", "k8s.io/api/apps/v1beta2", "k8s.io/api/authentication/v1", "k8s.io/api/authentication/v1alpha1", "k8s.io/api/authentication/v1beta1", "k8s.io/api/authorization/v1", "k8s.io/api/authorization/v1beta1", "k8s.io/api/autoscaling/v1", "k8s.io/api/autoscaling/v2", "k8s.io/api/autoscaling/v2beta1", "k8s.io/api/autoscaling/v2beta2", "k8s.io/api/batch/v1", "k8s.io/api/batch/v1beta1", "k8s.io/api/certificates/v1", "k8s.io/api/certificates/v1alpha1", "k8s.io/api/certificates/v1beta1", "k8s.io/api/coordination/v1", "k8s.io/api/coordination/v1alpha2", "k8s.io/api/coordination/v1beta1", "k8s.io/api/core/v1", "k8s.io/api/discovery/v1", "k8s.io/api/discovery/v1beta1", "k8s.io/api/events/v1", "k8s.io/api/events/v1beta1", "k8s.io/api/extensions/v1beta1", "k8s.io/api/flowcontrol/v1", "k8s.io/api/flowcontrol/v1beta1", "k8s.io/api/flowcontrol/v1beta2", "k8s.io/api/flowcontrol/v1beta3", "k8s.io/api/imagepolicy/v1alpha1", "k8s.io/api/networking/v1", "k8s.io/api/networking/v1beta1", "k8s.io/api/node/v1", "k8s.io/api/node/v1alpha1", "k8s.io/api/node/v1beta1", "k8s.io/api/policy/v1", "k8s.io/api/policy/v1beta1", "k8s.io/api/rbac/v1", "k8s.io/api/rbac/v1alpha1", "k8s.io/api/rbac/v1beta1", "k8s.io/api/resource/v1", "k8s.io/api/resource/v1alpha3", "k8s.io/api/resource/v1beta1", "k8s.io/api/resource/v1beta2", "k8s.io/api/scheduling/v1", "k8s.io/api/scheduling/v1alpha1", "k8s.io/api/scheduling/v1beta1", "k8s.io/api/storage/v1", "k8s.io/api/storage/v1alpha1", "k8s.io/api/storage/v1beta1", "k8s.io/api/storagemigration/v1beta1", "k8s.io/apiextensions-apiserver/pkg/apihelpers", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/validation", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/model", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/objectmeta", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/pruning", "k8s.io/apiextensions-apiserver/pkg/apiserver/validation", "k8s.io/apiextensions-apiserver/pkg/controller/openapi/builder", "k8s.io/apiextensions-apiserver/pkg/controller/openapi/v2", "k8s.io/apiextensions-apiserver/pkg/features", "k8s.io/apiextensions-apiserver/pkg/generated/openapi", "k8s.io/apimachinery/pkg/api/equality", "k8s.io/apimachinery/pkg/api/errors", "k8s.io/apimachinery/pkg/api/meta", "k8s.io/apimachinery/pkg/api/meta/testrestmapper", "k8s.io/apimachinery/pkg/api/operation", "k8s.io/apimachinery/pkg/api/resource", "k8s.io/apimachinery/pkg/api/safe", "k8s.io/apimachinery/pkg/api/validate", "k8s.io/apimachinery/pkg/api/validate/constraints", "k8s.io/apimachinery/pkg/api/validate/content", "k8s.io/apimachinery/pkg/api/validation", "k8s.io/apimachinery/pkg/api/validation/path", "k8s.io/apimachinery/pkg/apis/meta/v1", "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured", "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructuredscheme", "k8s.io/apimachinery/pkg/apis/meta/v1/validation", "k8s.io/apimachinery/pkg/apis/meta/v1beta1", "k8s.io/apimachinery/pkg/apis/meta/v1beta1/validation", "k8s.io/apimachinery/pkg/conversion", "k8s.io/apimachinery/pkg/conversion/queryparams", "k8s.io/apimachinery/pkg/fields", "k8s.io/apimachinery/pkg/labels", "k8s.io/apimachinery/pkg/runtime", "k8s.io/apimachinery/pkg/runtime/schema", "k8s.io/apimachinery/pkg/runtime/serializer", "k8s.io/apimachinery/pkg/runtime/serializer/cbor", "k8s.io/apimachinery/pkg/runtime/serializer/cbor/direct", "k8s.io/apimachinery/pkg/runtime/serializer/json", "k8s.io/apimachinery/pkg/runtime/serializer/protobuf", "k8s.io/apimachinery/pkg/runtime/serializer/recognizer", "k8s.io/apimachinery/pkg/runtime/serializer/streaming", "k8s.io/apimachinery/pkg/runtime/serializer/versioning", "k8s.io/apimachinery/pkg/selection", "k8s.io/apimachinery/pkg/types", "k8s.io/apimachinery/pkg/util/cache", "k8s.io/apimachinery/pkg/util/diff", "k8s.io/apimachinery/pkg/util/dump", "k8s.io/apimachinery/pkg/util/duration", "k8s.io/apimachinery/pkg/util/errors", "k8s.io/apimachinery/pkg/util/framer", "k8s.io/apimachinery/pkg/util/httpstream", "k8s.io/apimachinery/pkg/util/httpstream/wsstream", "k8s.io/apimachinery/pkg/util/intstr", "k8s.io/apimachinery/pkg/util/json", "k8s.io/apimachinery/pkg/util/jsonmergepatch", "k8s.io/apimachinery/pkg/util/managedfields", "k8s.io/apimachinery/pkg/util/mergepatch", "k8s.io/apimachinery/pkg/util/naming", "k8s.io/apimachinery/pkg/util/net", "k8s.io/apimachinery/pkg/util/portforward", "k8s.io/apimachinery/pkg/util/rand", "k8s.io/apimachinery/pkg/util/remotecommand", "k8s.io/apimachinery/pkg/util/runtime", "k8s.io/apimachinery/pkg/util/sets", "k8s.io/apimachinery/pkg/util/strategicpatch", "k8s.io/apimachinery/pkg/util/uuid", "k8s.io/apimachinery/pkg/util/validation", "k8s.io/apimachinery/pkg/util/validation/field", "k8s.io/apimachinery/pkg/util/version", "k8s.io/apimachinery/pkg/util/wait", "k8s.io/apimachinery/pkg/util/yaml", "k8s.io/apimachinery/pkg/version", "k8s.io/apimachinery/pkg/watch", "k8s.io/apimachinery/third_party/forked/golang/json", "k8s.io/apimachinery/third_party/forked/golang/reflect", "k8s.io/apiserver/pkg/admission", "k8s.io/apiserver/pkg/apis/apiserver", "k8s.io/apiserver/pkg/apis/apiserver/install", "k8s.io/apiserver/pkg/apis/apiserver/v1", "k8s.io/apiserver/pkg/apis/apiserver/v1alpha1", "k8s.io/apiserver/pkg/apis/apiserver/v1beta1", "k8s.io/apiserver/pkg/apis/audit", "k8s.io/apiserver/pkg/apis/audit/v1", "k8s.io/apiserver/pkg/apis/cel", "k8s.io/apiserver/pkg/audit", "k8s.io/apiserver/pkg/authentication/serviceaccount", "k8s.io/apiserver/pkg/authentication/user", "k8s.io/apiserver/pkg/authorization/authorizer", "k8s.io/apiserver/pkg/cel", "k8s.io/apiserver/pkg/cel/common", "k8s.io/apiserver/pkg/cel/environment", "k8s.io/apiserver/pkg/cel/library", "k8s.io/apiserver/pkg/cel/metrics", "k8s.io/apiserver/pkg/cel/openapi", "k8s.io/apiserver/pkg/endpoints", "k8s.io/apiserver/pkg/endpoints/deprecation", "k8s.io/apiserver/pkg/endpoints/discovery", "k8s.io/apiserver/pkg/endpoints/handlers", "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager", "k8s.io/apiserver/pkg/endpoints/handlers/finisher", "k8s.io/apiserver/pkg/endpoints/handlers/metrics", "k8s.io/apiserver/pkg/endpoints/handlers/negotiation", "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters", "k8s.io/apiserver/pkg/endpoints/metrics", "k8s.io/apiserver/pkg/endpoints/openapi", "k8s.io/apiserver/pkg/endpoints/request", "k8s.io/apiserver/pkg/endpoints/responsewriter", "k8s.io/apiserver/pkg/endpoints/warning", "k8s.io/apiserver/pkg/features", "k8s.io/apiserver/pkg/registry/rest", "k8s.io/apiserver/pkg/server/egressselector", "k8s.io/apiserver/pkg/server/egressselector/metrics", "k8s.io/apiserver/pkg/server/routine", "k8s.io/apiserver/pkg/storage", "k8s.io/apiserver/pkg/storage/names", "k8s.io/apiserver/pkg/storageversion", "k8s.io/apiserver/pkg/util/apihelpers", "k8s.io/apiserver/pkg/util/compatibility", "k8s.io/apiserver/pkg/util/dryrun", "k8s.io/apiserver/pkg/util/feature", "k8s.io/apiserver/pkg/util/flushwriter", "k8s.io/apiserver/pkg/util/openapi", "k8s.io/apiserver/pkg/util/webhook", "k8s.io/apiserver/pkg/util/x509metrics", "k8s.io/apiserver/pkg/validation", "k8s.io/apiserver/pkg/warning", "k8s.io/cli-runtime/pkg/genericclioptions", "k8s.io/cli-runtime/pkg/genericiooptions", "k8s.io/cli-runtime/pkg/printers", "k8s.io/cli-runtime/pkg/resource", "k8s.io/client-go/applyconfigurations", "k8s.io/client-go/applyconfigurations/admissionregistration/v1", "k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1", "k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1", "k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1", "k8s.io/client-go/applyconfigurations/apps/v1", "k8s.io/client-go/applyconfigurations/apps/v1beta1", "k8s.io/client-go/applyconfigurations/apps/v1beta2", "k8s.io/client-go/applyconfigurations/autoscaling/v1", "k8s.io/client-go/applyconfigurations/autoscaling/v2", "k8s.io/client-go/applyconfigurations/autoscaling/v2beta1", "k8s.io/client-go/applyconfigurations/autoscaling/v2beta2", "k8s.io/client-go/applyconfigurations/batch/v1", "k8s.io/client-go/applyconfigurations/batch/v1beta1", "k8s.io/client-go/applyconfigurations/certificates/v1", "k8s.io/client-go/applyconfigurations/certificates/v1alpha1", "k8s.io/client-go/applyconfigurations/certificates/v1beta1", "k8s.io/client-go/applyconfigurations/coordination/v1", "k8s.io/client-go/applyconfigurations/coordination/v1alpha2", "k8s.io/client-go/applyconfigurations/coordination/v1beta1", "k8s.io/client-go/applyconfigurations/core/v1", "k8s.io/client-go/applyconfigurations/discovery/v1", "k8s.io/client-go/applyconfigurations/discovery/v1beta1", "k8s.io/client-go/applyconfigurations/events/v1", "k8s.io/client-go/applyconfigurations/events/v1beta1", "k8s.io/client-go/applyconfigurations/extensions/v1beta1", "k8s.io/client-go/applyconfigurations/flowcontrol/v1", "k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1", "k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2", "k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3", "k8s.io/client-go/applyconfigurations/imagepolicy/v1alpha1", "k8s.io/client-go/applyconfigurations/meta/v1", "k8s.io/client-go/applyconfigurations/networking/v1", "k8s.io/client-go/applyconfigurations/networking/v1beta1", "k8s.io/client-go/applyconfigurations/node/v1", "k8s.io/client-go/applyconfigurations/node/v1alpha1", "k8s.io/client-go/applyconfigurations/node/v1beta1", "k8s.io/client-go/applyconfigurations/policy/v1", "k8s.io/client-go/applyconfigurations/policy/v1beta1", "k8s.io/client-go/applyconfigurations/rbac/v1", "k8s.io/client-go/applyconfigurations/rbac/v1alpha1", "k8s.io/client-go/applyconfigurations/rbac/v1beta1", "k8s.io/client-go/applyconfigurations/resource/v1", "k8s.io/client-go/applyconfigurations/resource/v1alpha3", "k8s.io/client-go/applyconfigurations/resource/v1beta1", "k8s.io/client-go/applyconfigurations/resource/v1beta2", "k8s.io/client-go/applyconfigurations/scheduling/v1", "k8s.io/client-go/applyconfigurations/scheduling/v1alpha1", "k8s.io/client-go/applyconfigurations/scheduling/v1beta1", "k8s.io/client-go/applyconfigurations/storage/v1", "k8s.io/client-go/applyconfigurations/storage/v1alpha1", "k8s.io/client-go/applyconfigurations/storage/v1beta1", "k8s.io/client-go/applyconfigurations/storagemigration/v1beta1", "k8s.io/client-go/discovery", "k8s.io/client-go/discovery/cached/disk", "k8s.io/client-go/discovery/cached/memory", "k8s.io/client-go/dynamic", "k8s.io/client-go/features", "k8s.io/client-go/gentype", "k8s.io/client-go/informers", "k8s.io/client-go/informers/admissionregistration", "k8s.io/client-go/informers/admissionregistration/v1", "k8s.io/client-go/informers/admissionregistration/v1alpha1", "k8s.io/client-go/informers/admissionregistration/v1beta1", "k8s.io/client-go/informers/apiserverinternal", "k8s.io/client-go/informers/apiserverinternal/v1alpha1", "k8s.io/client-go/informers/apps", "k8s.io/client-go/informers/apps/v1", "k8s.io/client-go/informers/apps/v1beta1", "k8s.io/client-go/informers/apps/v1beta2", "k8s.io/client-go/informers/autoscaling", "k8s.io/client-go/informers/autoscaling/v1", "k8s.io/client-go/informers/autoscaling/v2", "k8s.io/client-go/informers/autoscaling/v2beta1", "k8s.io/client-go/informers/autoscaling/v2beta2", "k8s.io/client-go/informers/batch", "k8s.io/client-go/informers/batch/v1", "k8s.io/client-go/informers/batch/v1beta1", "k8s.io/client-go/informers/certificates", "k8s.io/client-go/informers/certificates/v1", "k8s.io/client-go/informers/certificates/v1alpha1", "k8s.io/client-go/informers/certificates/v1beta1", "k8s.io/client-go/informers/coordination", "k8s.io/client-go/informers/coordination/v1", "k8s.io/client-go/informers/coordination/v1alpha2", "k8s.io/client-go/informers/coordination/v1beta1", "k8s.io/client-go/informers/core", "k8s.io/client-go/informers/core/v1", "k8s.io/client-go/informers/discovery", "k8s.io/client-go/informers/discovery/v1", "k8s.io/client-go/informers/discovery/v1beta1", "k8s.io/client-go/informers/events", "k8s.io/client-go/informers/events/v1", "k8s.io/client-go/informers/events/v1beta1", "k8s.io/client-go/informers/extensions", "k8s.io/client-go/informers/extensions/v1beta1", "k8s.io/client-go/informers/flowcontrol", "k8s.io/client-go/informers/flowcontrol/v1", "k8s.io/client-go/informers/flowcontrol/v1beta1", "k8s.io/client-go/informers/flowcontrol/v1beta2", "k8s.io/client-go/informers/flowcontrol/v1beta3", "k8s.io/client-go/informers/networking", "k8s.io/client-go/informers/networking/v1", "k8s.io/client-go/informers/networking/v1beta1", "k8s.io/client-go/informers/node", "k8s.io/client-go/informers/node/v1", "k8s.io/client-go/informers/node/v1alpha1", "k8s.io/client-go/informers/node/v1beta1", "k8s.io/client-go/informers/policy", "k8s.io/client-go/informers/policy/v1", "k8s.io/client-go/informers/policy/v1beta1", "k8s.io/client-go/informers/rbac", "k8s.io/client-go/informers/rbac/v1", "k8s.io/client-go/informers/rbac/v1alpha1", "k8s.io/client-go/informers/rbac/v1beta1", "k8s.io/client-go/informers/resource", "k8s.io/client-go/informers/resource/v1", "k8s.io/client-go/informers/resource/v1alpha3", "k8s.io/client-go/informers/resource/v1beta1", "k8s.io/client-go/informers/resource/v1beta2", "k8s.io/client-go/informers/scheduling", "k8s.io/client-go/informers/scheduling/v1", "k8s.io/client-go/informers/scheduling/v1alpha1", "k8s.io/client-go/informers/scheduling/v1beta1", "k8s.io/client-go/informers/storage", "k8s.io/client-go/informers/storage/v1", "k8s.io/client-go/informers/storage/v1alpha1", "k8s.io/client-go/informers/storage/v1beta1", "k8s.io/client-go/informers/storagemigration", "k8s.io/client-go/informers/storagemigration/v1beta1", "k8s.io/client-go/kubernetes", "k8s.io/client-go/kubernetes/scheme", "k8s.io/client-go/kubernetes/typed/admissionregistration/v1", "k8s.io/client-go/kubernetes/typed/admissionregistration/v1alpha1", "k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1", "k8s.io/client-go/kubernetes/typed/apiserverinternal/v1alpha1", "k8s.io/client-go/kubernetes/typed/apps/v1", "k8s.io/client-go/kubernetes/typed/apps/v1beta1", "k8s.io/client-go/kubernetes/typed/apps/v1beta2", "k8s.io/client-go/kubernetes/typed/authentication/v1", "k8s.io/client-go/kubernetes/typed/authentication/v1alpha1", "k8s.io/client-go/kubernetes/typed/authentication/v1beta1", "k8s.io/client-go/kubernetes/typed/authorization/v1", "k8s.io/client-go/kubernetes/typed/authorization/v1beta1", "k8s.io/client-go/kubernetes/typed/autoscaling/v1", "k8s.io/client-go/kubernetes/typed/autoscaling/v2", "k8s.io/client-go/kubernetes/typed/autoscaling/v2beta1", "k8s.io/client-go/kubernetes/typed/autoscaling/v2beta2", "k8s.io/client-go/kubernetes/typed/batch/v1", "k8s.io/client-go/kubernetes/typed/batch/v1beta1", "k8s.io/client-go/kubernetes/typed/certificates/v1", "k8s.io/client-go/kubernetes/typed/certificates/v1alpha1", "k8s.io/client-go/kubernetes/typed/certificates/v1beta1", "k8s.io/client-go/kubernetes/typed/coordination/v1", "k8s.io/client-go/kubernetes/typed/coordination/v1alpha2", "k8s.io/client-go/kubernetes/typed/coordination/v1beta1", "k8s.io/client-go/kubernetes/typed/core/v1", "k8s.io/client-go/kubernetes/typed/discovery/v1", "k8s.io/client-go/kubernetes/typed/discovery/v1beta1", "k8s.io/client-go/kubernetes/typed/events/v1", "k8s.io/client-go/kubernetes/typed/events/v1beta1", "k8s.io/client-go/kubernetes/typed/extensions/v1beta1", "k8s.io/client-go/kubernetes/typed/flowcontrol/v1", "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta1", "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta2", "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta3", "k8s.io/client-go/kubernetes/typed/networking/v1", "k8s.io/client-go/kubernetes/typed/networking/v1beta1", "k8s.io/client-go/kubernetes/typed/node/v1", "k8s.io/client-go/kubernetes/typed/node/v1alpha1", "k8s.io/client-go/kubernetes/typed/node/v1beta1", "k8s.io/client-go/kubernetes/typed/policy/v1", "k8s.io/client-go/kubernetes/typed/policy/v1beta1", "k8s.io/client-go/kubernetes/typed/rbac/v1", "k8s.io/client-go/kubernetes/typed/rbac/v1alpha1", "k8s.io/client-go/kubernetes/typed/rbac/v1beta1", "k8s.io/client-go/kubernetes/typed/resource/v1", "k8s.io/client-go/kubernetes/typed/resource/v1alpha3", "k8s.io/client-go/kubernetes/typed/resource/v1beta1", "k8s.io/client-go/kubernetes/typed/resource/v1beta2", "k8s.io/client-go/kubernetes/typed/scheduling/v1", "k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1", "k8s.io/client-go/kubernetes/typed/scheduling/v1beta1", "k8s.io/client-go/kubernetes/typed/storage/v1", "k8s.io/client-go/kubernetes/typed/storage/v1alpha1", "k8s.io/client-go/kubernetes/typed/storage/v1beta1", "k8s.io/client-go/kubernetes/typed/storagemigration/v1beta1", "k8s.io/client-go/listers", "k8s.io/client-go/listers/admissionregistration/v1", "k8s.io/client-go/listers/admissionregistration/v1alpha1", "k8s.io/client-go/listers/admissionregistration/v1beta1", "k8s.io/client-go/listers/apiserverinternal/v1alpha1", "k8s.io/client-go/listers/apps/v1", "k8s.io/client-go/listers/apps/v1beta1", "k8s.io/client-go/listers/apps/v1beta2", "k8s.io/client-go/listers/autoscaling/v1", "k8s.io/client-go/listers/autoscaling/v2", "k8s.io/client-go/listers/autoscaling/v2beta1", "k8s.io/client-go/listers/autoscaling/v2beta2", "k8s.io/client-go/listers/batch/v1", "k8s.io/client-go/listers/batch/v1beta1", "k8s.io/client-go/listers/certificates/v1", "k8s.io/client-go/listers/certificates/v1alpha1", "k8s.io/client-go/listers/certificates/v1beta1", "k8s.io/client-go/listers/coordination/v1", "k8s.io/client-go/listers/coordination/v1alpha2", "k8s.io/client-go/listers/coordination/v1beta1", "k8s.io/client-go/listers/core/v1", "k8s.io/client-go/listers/discovery/v1", "k8s.io/client-go/listers/discovery/v1beta1", "k8s.io/client-go/listers/events/v1", "k8s.io/client-go/listers/events/v1beta1", "k8s.io/client-go/listers/extensions/v1beta1", "k8s.io/client-go/listers/flowcontrol/v1", "k8s.io/client-go/listers/flowcontrol/v1beta1", "k8s.io/client-go/listers/flowcontrol/v1beta2", "k8s.io/client-go/listers/flowcontrol/v1beta3", "k8s.io/client-go/listers/networking/v1", "k8s.io/client-go/listers/networking/v1beta1", "k8s.io/client-go/listers/node/v1", "k8s.io/client-go/listers/node/v1alpha1", "k8s.io/client-go/listers/node/v1beta1", "k8s.io/client-go/listers/policy/v1", "k8s.io/client-go/listers/policy/v1beta1", "k8s.io/client-go/listers/rbac/v1", "k8s.io/client-go/listers/rbac/v1alpha1", "k8s.io/client-go/listers/rbac/v1beta1", "k8s.io/client-go/listers/resource/v1", "k8s.io/client-go/listers/resource/v1alpha3", "k8s.io/client-go/listers/resource/v1beta1", "k8s.io/client-go/listers/resource/v1beta2", "k8s.io/client-go/listers/scheduling/v1", "k8s.io/client-go/listers/scheduling/v1alpha1", "k8s.io/client-go/listers/scheduling/v1beta1", "k8s.io/client-go/listers/storage/v1", "k8s.io/client-go/listers/storage/v1alpha1", "k8s.io/client-go/listers/storage/v1beta1", "k8s.io/client-go/listers/storagemigration/v1beta1", "k8s.io/client-go/metadata", "k8s.io/client-go/openapi", "k8s.io/client-go/openapi/cached", "k8s.io/client-go/openapi3", "k8s.io/client-go/pkg/apis/clientauthentication", "k8s.io/client-go/pkg/apis/clientauthentication/install", "k8s.io/client-go/pkg/apis/clientauthentication/v1", "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1", "k8s.io/client-go/pkg/version", "k8s.io/client-go/plugin/pkg/client/auth", "k8s.io/client-go/plugin/pkg/client/auth/azure", "k8s.io/client-go/plugin/pkg/client/auth/exec", "k8s.io/client-go/plugin/pkg/client/auth/gcp", "k8s.io/client-go/plugin/pkg/client/auth/oidc", "k8s.io/client-go/rest", "k8s.io/client-go/rest/watch", "k8s.io/client-go/restmapper", "k8s.io/client-go/scale", "k8s.io/client-go/scale/scheme", "k8s.io/client-go/scale/scheme/appsint", "k8s.io/client-go/scale/scheme/appsv1beta1", "k8s.io/client-go/scale/scheme/appsv1beta2", "k8s.io/client-go/scale/scheme/autoscalingv1", "k8s.io/client-go/scale/scheme/extensionsint", "k8s.io/client-go/scale/scheme/extensionsv1beta1", "k8s.io/client-go/testing", "k8s.io/client-go/third_party/forked/golang/template", "k8s.io/client-go/tools/auth", "k8s.io/client-go/tools/cache", "k8s.io/client-go/tools/cache/synctrack", "k8s.io/client-go/tools/clientcmd", "k8s.io/client-go/tools/clientcmd/api", "k8s.io/client-go/tools/clientcmd/api/latest", "k8s.io/client-go/tools/clientcmd/api/v1", "k8s.io/client-go/tools/events", "k8s.io/client-go/tools/leaderelection", "k8s.io/client-go/tools/leaderelection/resourcelock", "k8s.io/client-go/tools/metrics", "k8s.io/client-go/tools/pager", "k8s.io/client-go/tools/record", "k8s.io/client-go/tools/record/util", "k8s.io/client-go/tools/reference", "k8s.io/client-go/tools/watch", "k8s.io/client-go/transport", "k8s.io/client-go/util/apply", "k8s.io/client-go/util/cert", "k8s.io/client-go/util/connrotation", "k8s.io/client-go/util/consistencydetector", "k8s.io/client-go/util/flowcontrol", "k8s.io/client-go/util/homedir", "k8s.io/client-go/util/jsonpath", "k8s.io/client-go/util/keyutil", "k8s.io/client-go/util/retry", "k8s.io/client-go/util/watchlist", "k8s.io/client-go/util/workqueue", "k8s.io/component-base/cli/flag", "k8s.io/component-base/compatibility", "k8s.io/component-base/featuregate", "k8s.io/component-base/metrics", "k8s.io/component-base/metrics/legacyregistry", "k8s.io/component-base/metrics/prometheus/compatversion", "k8s.io/component-base/metrics/prometheus/feature", "k8s.io/component-base/metrics/prometheus/workqueue", "k8s.io/component-base/metrics/prometheusextension", "k8s.io/component-base/tracing", "k8s.io/component-base/tracing/api/v1", "k8s.io/component-base/version", "k8s.io/component-base/zpages/features", "k8s.io/klog/v2", "k8s.io/kube-openapi/pkg/aggregator", "k8s.io/kube-openapi/pkg/builder", "k8s.io/kube-openapi/pkg/builder3", "k8s.io/kube-openapi/pkg/builder3/util", "k8s.io/kube-openapi/pkg/cached", "k8s.io/kube-openapi/pkg/common", "k8s.io/kube-openapi/pkg/common/restfuladapter", "k8s.io/kube-openapi/pkg/handler3", "k8s.io/kube-openapi/pkg/schemaconv", "k8s.io/kube-openapi/pkg/schemamutation", "k8s.io/kube-openapi/pkg/spec3", "k8s.io/kube-openapi/pkg/util", "k8s.io/kube-openapi/pkg/util/proto", "k8s.io/kube-openapi/pkg/util/proto/validation", "k8s.io/kube-openapi/pkg/validation/errors", "k8s.io/kube-openapi/pkg/validation/spec", "k8s.io/kube-openapi/pkg/validation/strfmt", "k8s.io/kube-openapi/pkg/validation/strfmt/bson", "k8s.io/kube-openapi/pkg/validation/validate", "k8s.io/kubectl/pkg/cmd/util", "k8s.io/kubectl/pkg/scheme", "k8s.io/kubectl/pkg/util/i18n", "k8s.io/kubectl/pkg/util/interrupt", "k8s.io/kubectl/pkg/util/openapi", "k8s.io/kubectl/pkg/util/templates", "k8s.io/kubectl/pkg/util/term", "k8s.io/kubectl/pkg/validation", "k8s.io/metrics/pkg/apis/metrics", "k8s.io/metrics/pkg/apis/metrics/v1alpha1", "k8s.io/metrics/pkg/apis/metrics/v1beta1", "k8s.io/metrics/pkg/client/clientset/versioned", "k8s.io/metrics/pkg/client/clientset/versioned/scheme", "k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1alpha1", "k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1", "k8s.io/utils/buffer", "k8s.io/utils/clock", "k8s.io/utils/exec", "k8s.io/utils/lru", "k8s.io/utils/net", "k8s.io/utils/path", "k8s.io/utils/ptr", "k8s.io/utils/trace", "oras.land/oras-go/v2", "oras.land/oras-go/v2/content", "oras.land/oras-go/v2/content/memory", "oras.land/oras-go/v2/errdef", "oras.land/oras-go/v2/registry", "oras.land/oras-go/v2/registry/remote", "oras.land/oras-go/v2/registry/remote/auth", "oras.land/oras-go/v2/registry/remote/credentials", "oras.land/oras-go/v2/registry/remote/credentials/trace", "oras.land/oras-go/v2/registry/remote/errcode", "oras.land/oras-go/v2/registry/remote/retry", "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client", "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics", "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics", "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client", "sigs.k8s.io/controller-runtime", "sigs.k8s.io/controller-runtime/pkg/builder", "sigs.k8s.io/controller-runtime/pkg/cache", "sigs.k8s.io/controller-runtime/pkg/certwatcher", "sigs.k8s.io/controller-runtime/pkg/certwatcher/metrics", "sigs.k8s.io/controller-runtime/pkg/client", "sigs.k8s.io/controller-runtime/pkg/client/apiutil", "sigs.k8s.io/controller-runtime/pkg/client/config", "sigs.k8s.io/controller-runtime/pkg/client/fake", "sigs.k8s.io/controller-runtime/pkg/client/interceptor", "sigs.k8s.io/controller-runtime/pkg/cluster", "sigs.k8s.io/controller-runtime/pkg/config", "sigs.k8s.io/controller-runtime/pkg/controller", "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil", "sigs.k8s.io/controller-runtime/pkg/controller/priorityqueue", "sigs.k8s.io/controller-runtime/pkg/conversion", "sigs.k8s.io/controller-runtime/pkg/event", "sigs.k8s.io/controller-runtime/pkg/handler", "sigs.k8s.io/controller-runtime/pkg/healthz", "sigs.k8s.io/controller-runtime/pkg/leaderelection", "sigs.k8s.io/controller-runtime/pkg/log", "sigs.k8s.io/controller-runtime/pkg/log/zap", "sigs.k8s.io/controller-runtime/pkg/manager", "sigs.k8s.io/controller-runtime/pkg/manager/signals", "sigs.k8s.io/controller-runtime/pkg/metrics", "sigs.k8s.io/controller-runtime/pkg/metrics/server", "sigs.k8s.io/controller-runtime/pkg/predicate", "sigs.k8s.io/controller-runtime/pkg/reconcile", "sigs.k8s.io/controller-runtime/pkg/recorder", "sigs.k8s.io/controller-runtime/pkg/scheme", "sigs.k8s.io/controller-runtime/pkg/source", "sigs.k8s.io/controller-runtime/pkg/webhook", "sigs.k8s.io/controller-runtime/pkg/webhook/admission", "sigs.k8s.io/controller-runtime/pkg/webhook/admission/metrics", "sigs.k8s.io/controller-runtime/pkg/webhook/conversion", "sigs.k8s.io/controller-runtime/pkg/webhook/conversion/metrics", "sigs.k8s.io/json", "sigs.k8s.io/kind/pkg/apis/config/defaults", "sigs.k8s.io/kind/pkg/apis/config/v1alpha4", "sigs.k8s.io/kind/pkg/cluster", "sigs.k8s.io/kind/pkg/cluster/constants", "sigs.k8s.io/kind/pkg/cluster/nodes", "sigs.k8s.io/kind/pkg/cluster/nodeutils", "sigs.k8s.io/kind/pkg/cmd", "sigs.k8s.io/kind/pkg/cmd/kind/version", "sigs.k8s.io/kind/pkg/errors", "sigs.k8s.io/kind/pkg/exec", "sigs.k8s.io/kind/pkg/fs", "sigs.k8s.io/kind/pkg/log", "sigs.k8s.io/kustomize/api/filters/annotations", "sigs.k8s.io/kustomize/api/filters/fieldspec", "sigs.k8s.io/kustomize/api/filters/filtersutil", "sigs.k8s.io/kustomize/api/filters/fsslice", "sigs.k8s.io/kustomize/api/filters/iampolicygenerator", "sigs.k8s.io/kustomize/api/filters/imagetag", "sigs.k8s.io/kustomize/api/filters/labels", "sigs.k8s.io/kustomize/api/filters/nameref", "sigs.k8s.io/kustomize/api/filters/namespace", "sigs.k8s.io/kustomize/api/filters/patchjson6902", "sigs.k8s.io/kustomize/api/filters/patchstrategicmerge", "sigs.k8s.io/kustomize/api/filters/prefix", "sigs.k8s.io/kustomize/api/filters/refvar", "sigs.k8s.io/kustomize/api/filters/replacement", "sigs.k8s.io/kustomize/api/filters/replicacount", "sigs.k8s.io/kustomize/api/filters/suffix", "sigs.k8s.io/kustomize/api/filters/valueadd", "sigs.k8s.io/kustomize/api/hasher", "sigs.k8s.io/kustomize/api/ifc", "sigs.k8s.io/kustomize/api/konfig", "sigs.k8s.io/kustomize/api/krusty", "sigs.k8s.io/kustomize/api/kv", "sigs.k8s.io/kustomize/api/provenance", "sigs.k8s.io/kustomize/api/provider", "sigs.k8s.io/kustomize/api/resmap", "sigs.k8s.io/kustomize/api/resource", "sigs.k8s.io/kustomize/api/types", "sigs.k8s.io/kustomize/kyaml/comments", "sigs.k8s.io/kustomize/kyaml/errors", "sigs.k8s.io/kustomize/kyaml/ext", "sigs.k8s.io/kustomize/kyaml/fieldmeta", "sigs.k8s.io/kustomize/kyaml/filesys", "sigs.k8s.io/kustomize/kyaml/fn/runtime/container", "sigs.k8s.io/kustomize/kyaml/fn/runtime/exec", "sigs.k8s.io/kustomize/kyaml/fn/runtime/runtimeutil", "sigs.k8s.io/kustomize/kyaml/kio", "sigs.k8s.io/kustomize/kyaml/kio/kioutil", "sigs.k8s.io/kustomize/kyaml/openapi", "sigs.k8s.io/kustomize/kyaml/openapi/kubernetesapi", "sigs.k8s.io/kustomize/kyaml/openapi/kubernetesapi/v1_21_2", "sigs.k8s.io/kustomize/kyaml/openapi/kustomizationapi", "sigs.k8s.io/kustomize/kyaml/order", "sigs.k8s.io/kustomize/kyaml/resid", "sigs.k8s.io/kustomize/kyaml/runfn", "sigs.k8s.io/kustomize/kyaml/sets", "sigs.k8s.io/kustomize/kyaml/sliceutil", "sigs.k8s.io/kustomize/kyaml/utils", "sigs.k8s.io/kustomize/kyaml/yaml", "sigs.k8s.io/kustomize/kyaml/yaml/merge2", "sigs.k8s.io/kustomize/kyaml/yaml/schema", "sigs.k8s.io/kustomize/kyaml/yaml/walk", "sigs.k8s.io/randfill", "sigs.k8s.io/randfill/bytesource", "sigs.k8s.io/structured-merge-diff/v6/fieldpath", "sigs.k8s.io/structured-merge-diff/v6/merge", "sigs.k8s.io/structured-merge-diff/v6/schema", "sigs.k8s.io/structured-merge-diff/v6/typed", "sigs.k8s.io/structured-merge-diff/v6/value", "sigs.k8s.io/yaml", "sigs.k8s.io/yaml/goyaml.v3", "sigs.k8s.io/yaml/kyaml"] [mod] + [mod."al.essio.dev/pkg/shellescape"] + version = "v1.6.0" + hash = "sha256-dra32NY6DuVXLr7SblL0kF0S6e/Tea5jayWEMaj7K3E=" [mod."cel.dev/expr"] version = "v0.25.1" hash = "sha256-TEdMxFUPK7IZuCXMufwCkbN+ZZIXSQclljIybFZcByo=" @@ -41,9 +44,24 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/Azure/go-autorest/tracing"] version = "v0.6.1" hash = "sha256-nstDZC8Btx78yzqIR4clfu+R93rebUOZalEW1ZaQfIY=" + [mod."github.com/BurntSushi/toml"] + version = "v1.6.0" + hash = "sha256-ptdUJvuc21ixeLt+M5way/na3aCnCO4MYHWulWp8NEY=" + [mod."github.com/MakeNowJust/heredoc"] + version = "v1.0.0" + hash = "sha256-8hKERAVV1Pew84kc9GkW23dcO8uIUx/+tJQLi+oPwqE=" + [mod."github.com/Masterminds/goutils"] + version = "v1.1.1" + hash = "sha256-MEvA5e099GUllILa5EXxa6toQexU1sz6eDZt2tiqpCY=" [mod."github.com/Masterminds/semver/v3"] version = "v3.4.0" hash = "sha256-75kRraVwYVjYLWZvuSlts4Iu28Eh3SpiF0GHc7vCYHI=" + [mod."github.com/Masterminds/sprig/v3"] + version = "v3.3.0" + hash = "sha256-NvFX1xRO5t/u8OI063SDPfqYcZ43AuLI6klA6daPV9I=" + [mod."github.com/Masterminds/squirrel"] + version = "v1.5.4" + hash = "sha256-7UGz8TLcBI9HjU7zPqj9Gjp9Av+43mu0YCBV1mRy34o=" [mod."github.com/Microsoft/go-winio"] version = "v0.6.2" hash = "sha256-tVNWDUMILZbJvarcl/E7tpSnkn7urqgSHa2Eaka5vSU=" @@ -113,6 +131,9 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/aymanbagabas/go-osc52/v2"] version = "v2.0.1" hash = "sha256-6Bp0jBZ6npvsYcKZGHHIUSVSTAMEyieweAX2YAKDjjg=" + [mod."github.com/bahlo/generic-list-go"] + version = "v0.2.0" + hash = "sha256-BIzqwG61hnMDknZOn/5+VX09yemzFzMjhPF48XoALto=" [mod."github.com/beorn7/perks"] version = "v1.0.1" hash = "sha256-h75GUqfwJKngCJQVE5Ao5wnO3cfKD9lSIteoLp/3xJ4=" @@ -122,12 +143,21 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/blang/semver/v4"] version = "v4.0.0" hash = "sha256-dJC22MjnfT5WqJ7x7Tc3Bvpw9tFnBn9HqfWFiM57JVc=" + [mod."github.com/buger/jsonparser"] + version = "v1.1.2" + hash = "sha256-zyB2AEJX1ZuXyZ6vh45KOe9NSyPNQBrqVs45e3mYjo4=" [mod."github.com/cenkalti/backoff/v5"] version = "v5.0.3" hash = "sha256-bKq43PPD8RM6e7HePxHaO27traqm76bkvHcTVTQ+jeY=" [mod."github.com/cespare/xxhash/v2"] version = "v2.3.0" hash = "sha256-7hRlwSR+fos1kx4VZmJ/7snR7zHh8ZFKX+qqqqGcQpY=" + [mod."github.com/chai2010/gettext-go"] + version = "v1.0.2" + hash = "sha256-dwbhL7uAsAWGfX7Qmfa2hm0YClkbbB7ZHqOiPGP/L18=" + [mod."github.com/charmbracelet/bubbles"] + version = "v1.0.0" + hash = "sha256-Vz9QgctlzJqggPwfi48Lbn38ZJXu3Y71byp5uuuzUvU=" [mod."github.com/charmbracelet/bubbletea"] version = "v1.3.10" hash = "sha256-7wr85TLszu1CHNEMv+o4w+r24Z0xdzCgecPv+ZtRX/A=" @@ -161,12 +191,21 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/cloudflare/circl"] version = "v1.6.3" hash = "sha256-XZm4EastgX67Dgm5BpOEW/PY4aLcHM/O8+Xbz26PuTY=" + [mod."github.com/containerd/containerd"] + version = "v1.7.30" + hash = "sha256-JZqT04mKf2AZmNIH8UkAQsFMUnMh9CvbNc6I8KSaRiI=" [mod."github.com/containerd/errdefs"] version = "v1.0.0" hash = "sha256-wMZGoeqvRhuovYCJx0Js4P3qFCNTZ/6Atea/kNYoPMI=" [mod."github.com/containerd/errdefs/pkg"] version = "v0.3.0" hash = "sha256-BILJ0Be4cc8xfvLPylc/Pvwwa+w88+Hd0njzetUCeTg=" + [mod."github.com/containerd/log"] + version = "v0.1.0" + hash = "sha256-vuE6Mie2gSxiN3jTKTZovjcbdBd1YEExb7IBe3GM+9s=" + [mod."github.com/containerd/platforms"] + version = "v0.2.1" + hash = "sha256-XQdg/tnn5uKNzUc/dMmoIS9wgarx7SxaqZ5uJ9ZglA0=" [mod."github.com/containerd/stargz-snapshotter/estargz"] version = "v0.18.2" hash = "sha256-6KS9ObQ1tKXkvvKQy1BmxJ59aisDGvEtqhj1Oo54IRY=" @@ -221,6 +260,9 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/docker/go-units"] version = "v0.5.0" hash = "sha256-iK/V/jJc+borzqMeqLY+38Qcts2KhywpsTk95++hImE=" + [mod."github.com/dprotaso/go-yit"] + version = "v0.0.0-20250513223454-5ece0c5aa76c" + hash = "sha256-gfGSv6gAAPys2V0vOuXa69QcMTecvuCNRM4DM8qrxDk=" [mod."github.com/dustin/go-humanize"] version = "v1.0.1" hash = "sha256-yuvxYYngpfVkUg9yAmG99IUVmADTQA0tMbBXe0Fq0Mc=" @@ -236,9 +278,15 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/erikgeiser/coninput"] version = "v0.0.0-20211004153227-1c3628e74d0f" hash = "sha256-OWSqN1+IoL73rWXWdbbcahZu8n2al90Y3eT5Z0vgHvU=" + [mod."github.com/evanphx/json-patch"] + version = "v5.9.11+incompatible" + hash = "sha256-1iyZpBaeBLmNkJ3T4A9fAEXEYB9nk9V02ug4pwl5dy0=" [mod."github.com/evanphx/json-patch/v5"] version = "v5.9.11" hash = "sha256-DaWzRi5dIr3U7kJlV3Qm1DWoKh5W+FI2BW/ATXT40J4=" + [mod."github.com/exponent-io/jsonpath"] + version = "v0.0.0-20210407135951-1de76d718b3f" + hash = "sha256-2wgJI2pvkaq2MoeUmLRaTBA8dIoEcwzKvw4qKJlhIec=" [mod."github.com/fatih/color"] version = "v1.18.0" hash = "sha256-pP5y72FSbi4j/BjyVq/XbAOFjzNjMxZt2R/lFFxGWvY=" @@ -251,9 +299,15 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/fxamacker/cbor/v2"] version = "v2.9.0" hash = "sha256-/IZK76MRCrz9XCiilieH5tKaLnIWyPJhwxDoVKB8dFc=" + [mod."github.com/getkin/kin-openapi"] + version = "v0.137.0" + hash = "sha256-9EG4IoEHGBWsZslgNMxupyZOBPMASklE/IbFUWXQGgs=" [mod."github.com/go-chi/chi/v5"] version = "v5.2.5" hash = "sha256-Y1+17ky94849aqk3iKf30F1u+G6K3nzZzLOBSeqIUow=" + [mod."github.com/go-errors/errors"] + version = "v1.4.2" + hash = "sha256-TkRLJlgaVlNxRD9c0ky+CN99tKL4Gx9W06H5a273gPM=" [mod."github.com/go-git/gcfg"] version = "v1.5.1-0.20230307220236-3a3c6141e376" hash = "sha256-f4k0gSYuo0/q3WOoTxl2eFaj7WZpdz29ih6CKc8Ude8=" @@ -263,6 +317,9 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/go-git/go-git/v5"] version = "v5.18.0" hash = "sha256-9n2mTwPvx9d90ZEmezIq6SY7UET/32WNw2xYAp8mQ5Y=" + [mod."github.com/go-gorp/gorp/v3"] + version = "v3.1.0" + hash = "sha256-z8AJoWp3fDJMNMYAi8kJdtzXDv8QyAd6bPYE58b2urs=" [mod."github.com/go-jose/go-jose/v4"] version = "v4.1.4" hash = "sha256-MKoJKXup1jfwOyN8mHXu1CQ8fvFJTaEf3K2LVtNSRhc=" @@ -347,6 +404,9 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/gobuffalo/flect"] version = "v1.0.3" hash = "sha256-gpA1fe9XTjZ9r+yYCysCgXKo1AmYNuNFwWn7ZQ4Ky1M=" + [mod."github.com/gobwas/glob"] + version = "v0.2.3" + hash = "sha256-hYHMUdwxVkMOjSKjR7UWO0D0juHdI4wL8JEy5plu/Jc=" [mod."github.com/golang-jwt/jwt/v4"] version = "v4.5.2" hash = "sha256-rTSqYEPooi8Uu4aXMW6k9dynOV+URYTGzVmbG3EQ7uo=" @@ -380,9 +440,18 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/google/go-containerregistry/pkg/authn/kubernetes"] version = "v0.0.0-20250225234217-098045d5e61f" hash = "sha256-UZyDwMt9qQw5XHHDOlTyYMRvG1BiDfBHeZLmoMzunB4=" + [mod."github.com/google/ko"] + version = "v0.18.1" + hash = "sha256-BAqB5dfXJ4op5ifojSxS7OaNVaTA6CsG596NRPyHwIM=" [mod."github.com/google/uuid"] version = "v1.6.0" hash = "sha256-VWl9sqUzdOuhW0KzQlv0gwwUQClYkmZwSydHG2sALYw=" + [mod."github.com/gosuri/uitable"] + version = "v0.0.4" + hash = "sha256-/SpsQ7j+3dEDC0UX9C+ZjQ8zY7taoqIOQspTqRb8oLk=" + [mod."github.com/gregjones/httpcache"] + version = "v0.0.0-20190611155906-901d90724c79" + hash = "sha256-AEfenLNBYwZjwHsMG48bpwUyUtjx1BBiK2W5HQruIBc=" [mod."github.com/grpc-ecosystem/grpc-gateway/v2"] version = "v2.28.0" hash = "sha256-QeWb6jN6noeGPCzECgpUSb9YX9LzvKGwImEuX+A03gs=" @@ -398,6 +467,9 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/hashicorp/go-retryablehttp"] version = "v0.7.8" hash = "sha256-4LZwKaFBbpKi9lSq5y6lOlYHU6WMnQdGNMxTd33rN80=" + [mod."github.com/huandu/xstrings"] + version = "v1.5.0" + hash = "sha256-q4F/rzbWMDmOVv07RVApdpfIsRNRByfOUQPEKsTq5BM=" [mod."github.com/in-toto/attestation"] version = "v1.1.2" hash = "sha256-BdRbWCnzMCMyZmo8lkovtvGWQq2qCB7S2XBZWClJ6TM=" @@ -407,12 +479,21 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/inconshreveable/mousetrap"] version = "v1.1.0" hash = "sha256-XWlYH0c8IcxAwQTnIi6WYqq44nOKUylSWxWO/vi+8pE=" + [mod."github.com/invopop/jsonschema"] + version = "v0.14.0" + hash = "sha256-gndZdk5eUqIsFMDsYjcDEbKpY5XCC4sLLZZ55Z4KCHk=" [mod."github.com/jbenet/go-context"] version = "v0.0.0-20150711004518-d14ea06fba99" hash = "sha256-VANNCWNNpARH/ILQV9sCQsBWgyL2iFT+4AHZREpxIWE=" [mod."github.com/jedisct1/go-minisign"] version = "v0.0.0-20241212093149-d2f9f49435c7" hash = "sha256-2ICJG87R+NNLeW8xPxmqkhRlFsajUd4rAm9PE/GN5lU=" + [mod."github.com/jmoiron/sqlx"] + version = "v1.4.0" + hash = "sha256-0H132+A983nBr2zEyCKsJoBCZlC9pG+ylEcGysxKL4M=" + [mod."github.com/josharian/intern"] + version = "v1.0.0" + hash = "sha256-LJR0QE2vOQ2/2shBbO5Yl8cVPq+NFrE3ers0vu9FRP0=" [mod."github.com/json-iterator/go"] version = "v1.1.12" hash = "sha256-To8A0h+lbfZ/6zM+2PpRpY3+L6725OPC66lffq6fUoM=" @@ -422,15 +503,30 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/klauspost/compress"] version = "v1.18.5" hash = "sha256-H9b5iFJf4XbEnkGQCjGQAJ3aYhVDiolKrDewTbhuzQo=" + [mod."github.com/kubernetes-sigs/kro"] + version = "v0.9.1" + hash = "sha256-fxmbgdU4OCBloYoNu5uJo9pzDohW7uwJiW1622J9Kn8=" + [mod."github.com/lann/builder"] + version = "v0.0.0-20180802200727-47ae307949d0" + hash = "sha256-NDZvsU6T2jVq5pfhp/VoJcMTq8DXKXiEkfZHloOX6c0=" + [mod."github.com/lann/ps"] + version = "v0.0.0-20150810152359-62de8c46ede0" + hash = "sha256-fHIjAtshTJWa67PzzgruqN1LdpQ7Zgc1qpEZWhjQTnU=" [mod."github.com/letsencrypt/boulder"] version = "v0.20260223.0" hash = "sha256-p/AuDyJr7chBqbXT+LLa3ShKX96aC3SsfzR2ekb2+xM=" + [mod."github.com/lib/pq"] + version = "v1.10.9" + hash = "sha256-Gl6dLtL+yk6UrTTWfas43aM4lP/pNa2l7+ITXnjQyKs=" [mod."github.com/liggitt/tabwriter"] version = "v0.0.0-20181228230101-89fcab3d43de" hash = "sha256-b6pLitORwgfGpOHpe45ykj00P17utbDv8bv6MCVoCBM=" [mod."github.com/lucasb-eyer/go-colorful"] version = "v1.3.0" hash = "sha256-6BKrJsfmxie+YFAWzTYVPQfrwjQEXRo+J8LY+50C1BU=" + [mod."github.com/mailru/easyjson"] + version = "v0.9.1" + hash = "sha256-3JJVYCnx7m0Prn7bA/6/CmBOrPLOznNuA6h0XTvrT5A=" [mod."github.com/mattn/go-colorable"] version = "v0.1.14" hash = "sha256-JC60PjKj7MvhZmUHTZ9p372FV72I9Mxvli3fivTbxuA=" @@ -443,15 +539,21 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/mattn/go-runewidth"] version = "v0.0.19" hash = "sha256-GpnbKplhX410Q/eIdknvWbYZgdav1keN+7wNUeOSMHE=" + [mod."github.com/mitchellh/copystructure"] + version = "v1.2.0" + hash = "sha256-VR9cPZvyW62IHXgmMw8ee+hBDThzd2vftgPksQYR/Mc=" [mod."github.com/mitchellh/go-homedir"] version = "v1.1.0" hash = "sha256-oduBKXHAQG8X6aqLEpqZHs5DOKe84u6WkBwi4W6cv3k=" + [mod."github.com/mitchellh/go-wordwrap"] + version = "v1.0.1" + hash = "sha256-fiD7kh5037BjA0vW6A2El0XArkK+4S5iTBjJB43BNYo=" + [mod."github.com/mitchellh/reflectwalk"] + version = "v1.0.2" + hash = "sha256-VX9DPqChm7jPnyrA3RAYgxAFrAhj7TRKIWD/qR9Zr9s=" [mod."github.com/moby/docker-image-spec"] version = "v1.3.1" hash = "sha256-xwSNLmMagzywdGJIuhrWl1r7cIWBYCOMNYbuDDT6Jhs=" - [mod."github.com/moby/sys/sequential"] - version = "v0.6.0" - hash = "sha256-ZNWZuuvn+iDYMsL08IU6wvXC4OfAa7rol4kaCvytZ64=" [mod."github.com/moby/term"] version = "v0.5.2" hash = "sha256-/G20jUZKx36ktmPU/nEw/gX7kRTl1Dbu7zvNBYNt4xU=" @@ -461,6 +563,12 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/modern-go/reflect2"] version = "v1.0.3-0.20250322232337-35a7c28c31ee" hash = "sha256-0pkWWZRB3lGFyzmlxxrm0KWVQo9HNXNafaUu3k+rE1g=" + [mod."github.com/mohae/deepcopy"] + version = "v0.0.0-20170929034955-c48cc78d4826" + hash = "sha256-TQMmKqIYwVhmMVh4RYQkAui97Eyj7poLmcAuDcHXsEk=" + [mod."github.com/monochromegane/go-gitignore"] + version = "v0.0.0-20200626010858-205db1a8cc00" + hash = "sha256-j1Mgb2TUUIiBcXB+slOkjtvcjmqSMEsG5RZYE7vGXOU=" [mod."github.com/muesli/ansi"] version = "v0.0.0-20230316100256-276c6243b2f6" hash = "sha256-qRKn0Bh2yvP0QxeEMeZe11Vz0BPFIkVcleKsPeybKMs=" @@ -476,21 +584,36 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/nozzle/throttler"] version = "v0.0.0-20180817012639-2ea982251481" hash = "sha256-pufLisYZW//uJXtCkobaU0Etnu+ZPQCqaRzRItx65hk=" + [mod."github.com/oapi-codegen/oapi-codegen/v2"] + version = "v2.7.0" + hash = "sha256-Eo8/3dkcOzrLC2pR+F5+rfcRt836YByq8UwnjsqAuD8=" + [mod."github.com/oasdiff/yaml"] + version = "v0.0.9" + hash = "sha256-je1aZ/MUidJRSTfJs8NpbWC63z73MUnU+SD3baiaDgY=" + [mod."github.com/oasdiff/yaml3"] + version = "v0.0.12" + hash = "sha256-/Dcdd+K90WIWqjaomw7MsmlzWATQCxTMlKQkjYRTYc0=" [mod."github.com/oklog/ulid/v2"] version = "v2.1.1" hash = "sha256-kPNLaZMGwGc7ngPCivf/n4Bis219yOkGAaa6mt7+yTY=" - [mod."github.com/onsi/ginkgo/v2"] - version = "v2.27.5" - hash = "sha256-4YtMCQDR+odfRReIah0jHLXFdG8UyX+EOaDT00XpMr0=" - [mod."github.com/onsi/gomega"] - version = "v1.39.0" - hash = "sha256-in2eEUjcDC3JGDSAQxBI/mWdT0E2X1yCBKoGXemlWaE=" [mod."github.com/opencontainers/go-digest"] version = "v1.0.0" hash = "sha256-cfVDjHyWItmUGZ2dzQhCHgmOmou8v7N+itDkLZVkqkQ=" [mod."github.com/opencontainers/image-spec"] version = "v1.1.1" hash = "sha256-bxBjtl+6846Ed3QHwdssOrNvlHV6b+Dn17zPISSQGP8=" + [mod."github.com/pb33f/ordered-map/v2"] + version = "v2.3.1" + hash = "sha256-eDCb6p/b7dhOB2YOshY/0EU+Do3eoUXFR9f1EMrCK8E=" + [mod."github.com/pelletier/go-toml"] + version = "v1.9.5" + hash = "sha256-RJ9K1BTId0Mled7S66iGgxHkZ5JKEIsrrNaEfM8aImc=" + [mod."github.com/perimeterx/marshmallow"] + version = "v1.1.5" + hash = "sha256-fFWjg0FNohDSV0/wUjQ8fBq1g8h6yIqTrHkxqL2Tt0s=" + [mod."github.com/peterbourgon/diskv"] + version = "v2.0.1+incompatible" + hash = "sha256-K4mEVjH0eyxyYHQRxdbmgJT0AJrfucUwGB2BplRRt9c=" [mod."github.com/pjbgf/sha1cd"] version = "v0.3.2" hash = "sha256-jdbiRhU8xc1C5c8m7BSCj71PUXHY3f7TWFfxDKKpUMk=" @@ -524,6 +647,15 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/riywo/loginshell"] version = "v0.0.0-20200815045211-7d26008be1ab" hash = "sha256-keDEue4jkpIVm9GxZYAAIvYlDjk/eilAT/xGanTcHo0=" + [mod."github.com/rubenv/sql-migrate"] + version = "v1.8.1" + hash = "sha256-etogS73ms8b6GoL7WxaU6l5HhnwdITWwbC6ajVP0oRI=" + [mod."github.com/russross/blackfriday/v2"] + version = "v2.1.0" + hash = "sha256-R+84l1si8az5yDqd5CYcFrTyNZ1eSYlpXKq6nFt4OTQ=" + [mod."github.com/santhosh-tekuri/jsonschema/v6"] + version = "v6.0.2" + hash = "sha256-rPRYeV00NRyt6rb+gFJRK1K4TlVxy92cocRK/X9Wef4=" [mod."github.com/sassoftware/relic"] version = "v7.2.1+incompatible" hash = "sha256-vHyTdLRh6OlfoGzVgvx7I0+E6tpE7V43lCQaHD/e8J4=" @@ -536,6 +668,12 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/shibumi/go-pathspec"] version = "v1.3.0" hash = "sha256-ZHLft/o+xyJrUlaCwnCDqbjkPj6iIxlOuA0fFBuwVvM=" + [mod."github.com/shopspring/decimal"] + version = "v1.4.0" + hash = "sha256-U36bC271jQsjuWFF8BfLz4WicxPJUcPHRGxLvTz4Mdw=" + [mod."github.com/sigstore/cosign/v2"] + version = "v2.6.1" + hash = "sha256-//aFi4lORbfwD3Gzd8P5JB1TpBF2I0SCNXpwTLdq99o=" [mod."github.com/sigstore/cosign/v3"] version = "v3.0.5" hash = "sha256-wN5iAfcBCDTvhbvSar4DBw7w1sxIFWcMKv8qkx07mfo=" @@ -563,9 +701,18 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/skeema/knownhosts"] version = "v1.3.1" hash = "sha256-kjqQDzuncQNTuOYegqVZExwuOt/Z73m2ST7NZFEKixI=" + [mod."github.com/speakeasy-api/jsonpath"] + version = "v0.6.3" + hash = "sha256-p9s0Ya/+C+wqTOhM9ulf4moroRtF4+MLdYJvn21Ad88=" + [mod."github.com/speakeasy-api/openapi"] + version = "v1.19.2" + hash = "sha256-6jaHjxI2A1hIliKLX/L+p9gavu6s7YipDv2qAGk+JJ8=" [mod."github.com/spf13/afero"] version = "v1.15.0" hash = "sha256-LhcezbOqfuBzacytbqck0hNUxi6NbWNhifUc5/9uHQ8=" + [mod."github.com/spf13/cast"] + version = "v1.10.0" + hash = "sha256-dQ6Qqf26IZsa6XsGKP7GDuCj+WmSsBmkBwGTDfue/rk=" [mod."github.com/spf13/cobra"] version = "v1.10.2" hash = "sha256-nbRCTFiDCC2jKK7AHi79n7urYCMP5yDZnWtNVJrDi+k=" @@ -593,30 +740,42 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."github.com/vbatts/tar-split"] version = "v0.12.2" hash = "sha256-6gOHl4puCV9T2EWpFpqMCkV9N2PEPSiWbNZNp20q7iM=" + [mod."github.com/vmware-labs/yaml-jsonpath"] + version = "v0.3.2" + hash = "sha256-BZiEtlTVjwtLFaqYu1005t0yFc1/D1iNeabnsAtSXRY=" [mod."github.com/willabides/kongplete"] version = "v0.4.0" hash = "sha256-PIgYbQo/kbxm5wDBrf2RPZvlfxZK0ndEwrnviISCoxg=" + [mod."github.com/woodsbury/decimal128"] + version = "v1.4.0" + hash = "sha256-iywk2bDtlSY2Lg3n71356eEYezc7wCtLozSGAEz+6FE=" [mod."github.com/x448/float16"] version = "v0.8.4" hash = "sha256-VKzMTMS9pIB/cwe17xPftCSK9Mf4Y6EuBEJlB4by5mE=" [mod."github.com/xanzy/ssh-agent"] version = "v0.3.3" hash = "sha256-l3pGB6IdzcPA/HLk93sSN6NM2pKPy+bVOoacR5RC2+c=" + [mod."github.com/xlab/treeprint"] + version = "v1.2.0" + hash = "sha256-g85HyWGLZuD/TFXZzmXT+u9TA1xIT5escUVhnofsYQI=" [mod."github.com/xo/terminfo"] version = "v0.0.0-20220910002029-abceb7e1c41e" hash = "sha256-GyCDxxMQhXA3Pi/TsWXpA8cX5akEoZV7CFx4RO3rARU=" [mod."go.opentelemetry.io/auto/sdk"] version = "v1.2.1" hash = "sha256-73bFYhnxNf4SfeQ52ebnwOWywdQbqc9lWawCcSgofvE=" - [mod."go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc"] - version = "v0.64.0" - hash = "sha256-tKc/JvkjDskPv9YYFbiVx3dp0G6gGsA27xoAkPO5Xl8=" [mod."go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"] version = "v0.67.0" hash = "sha256-efihYJm1SmM0T+n4e8MsUtTS5yAROK8svGwPAycd7fA=" [mod."go.opentelemetry.io/otel"] version = "v1.43.0" hash = "sha256-oRemJUZhA7AzfUoBbRVA32u/XhMpipxLywHoJ1qsHBs=" + [mod."go.opentelemetry.io/otel/exporters/otlp/otlptrace"] + version = "v1.43.0" + hash = "sha256-caYRUaQ4DZGYtcUtH5kEkWXezDI4/vZRpUXpet3tQlg=" + [mod."go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc"] + version = "v1.39.0" + hash = "sha256-7pfSAaoIS1fbtVd9CCx6J4/DHBsmReon6r9Hocb2CCU=" [mod."go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp"] version = "v1.43.0" hash = "sha256-wvXfMOb3dIVtNDrsxO+wlH3BJwN70t3p0X2EV/ubPjQ=" @@ -626,12 +785,12 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."go.opentelemetry.io/otel/sdk"] version = "v1.43.0" hash = "sha256-Z1uTuALNhRXStiDl0UvYh9+XE2hd9OYe/bxCSuR78uE=" - [mod."go.opentelemetry.io/otel/sdk/metric"] - version = "v1.43.0" - hash = "sha256-8wIG4fqOYJSqlKRpLFze7HTaIptFq51nQXdMWLeGz2g=" [mod."go.opentelemetry.io/otel/trace"] version = "v1.43.0" hash = "sha256-LLx1PjBGzDwZ3//Gp14R1DCMlnMCzFxnGYqVUz5jTmk=" + [mod."go.opentelemetry.io/proto/otlp"] + version = "v1.10.0" + hash = "sha256-IEnbR38ucFLTcuC2FA+gRvZNq2loUqXgDskSqP3+LUM=" [mod."go.uber.org/multierr"] version = "v1.11.0" hash = "sha256-Lb6rHHfR62Ozg2j2JZy3MKOMKdsfzd1IYTR57r3Mhp0=" @@ -644,6 +803,9 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."go.yaml.in/yaml/v3"] version = "v3.0.4" hash = "sha256-NkGFiDPoCxbr3LFsI6OCygjjkY0rdmg5ggvVVwpyDQ4=" + [mod."go.yaml.in/yaml/v4"] + version = "v4.0.0-rc.2" + hash = "sha256-vLpe6QjO8zGBfBSCkWgrI8uPSABAF+Cc3PJNCcm4ylU=" [mod."golang.org/x/crypto"] version = "v0.50.0" hash = "sha256-vC1BJT7+3UBWLyEE5n3to0NKhMo6m2HGow2HiFgpQLo=" @@ -707,6 +869,9 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."gopkg.in/yaml.v3"] version = "v3.0.1" hash = "sha256-FqL9TKYJ0XkNwJFnq9j0VvJ5ZUU1RvH/52h/f5bkYAU=" + [mod."helm.sh/helm/v3"] + version = "v3.20.2" + hash = "sha256-w06PoPmwmlP0eK8zdqH/0DQi7Mqps/hEi70qkVfKeok=" [mod."k8s.io/api"] version = "v0.35.3" hash = "sha256-MIl5MB5b6QsV/VSWoDDmqx8GdNnfNmAnXIe0DRKo5vI=" @@ -740,12 +905,21 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."k8s.io/kube-openapi"] version = "v0.0.0-20260127142750-a19766b6e2d4" hash = "sha256-NS8NvGTX3Ycoc4JU/jwLgtNlD5OOQ5zk2hzvFFSD/jM=" + [mod."k8s.io/kubectl"] + version = "v0.35.1" + hash = "sha256-SpY1TRpPXcQGkl9+UZTMRSctKP0P7aPckmLpWJIArTk=" [mod."k8s.io/metrics"] version = "v0.35.1" hash = "sha256-dA5IXkJbAirrvLxnARPLvauNg7LhVy7iODhN1VDT3iI=" [mod."k8s.io/utils"] version = "v0.0.0-20260319190234-28399d86e0b5" hash = "sha256-ER2/AqF5AbVv4lfIDoggmlGfTnNH0cNccDisJqNyXn4=" + [mod."oras.land/oras-go/v2"] + version = "v2.6.0" + hash = "sha256-UwoJIpfocbUEYk25WqXbfysztCaYUXybk9W9EfxtTHg=" + [mod."sigs.k8s.io/apiserver-network-proxy/konnectivity-client"] + version = "v0.34.0" + hash = "sha256-98ScvhhmVxEVAGv9rhk10ceYUadNOuBERtCcdaIb42s=" [mod."sigs.k8s.io/controller-runtime"] version = "v0.23.1" hash = "sha256-iOaYAJgy/Q1Hi6afs5mLtP8K5J8Cs/MlDoGp8wE1GOY=" @@ -755,6 +929,15 @@ cachePackages = ["cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario. [mod."sigs.k8s.io/json"] version = "v0.0.0-20250730193827-2d320260d730" hash = "sha256-y3vUPJYL6oxu/8c0j4vgX6fzqHtVPSCjfyuWkZYf6+I=" + [mod."sigs.k8s.io/kind"] + version = "v0.30.0" + hash = "sha256-BHwrJ6qW4KA8UfM99GBHigM+fk+nxbeM7RoHHztU3cE=" + [mod."sigs.k8s.io/kustomize/api"] + version = "v0.20.1" + hash = "sha256-kcZREdlFsFC7xaMRzvwkE+93lQJBTanImDJjgYMyzRU=" + [mod."sigs.k8s.io/kustomize/kyaml"] + version = "v0.20.1" + hash = "sha256-k87zgSRMFVcph06vqMd4KG9kE1GzllxKu36mWKdSisY=" [mod."sigs.k8s.io/randfill"] version = "v1.0.0" hash = "sha256-xldQxDwW84hmlihdSOFfjXyauhxEWV9KmIDLZMTcYNo=" diff --git a/internal/async/event.go b/internal/async/event.go new file mode 100644 index 0000000..2bf0851 --- /dev/null +++ b/internal/async/event.go @@ -0,0 +1,60 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package async contains infrastructure for performing asynchronous tasks in +// the CLI. +package async + +// Event represents an event that happened during an asynchronous operation. It +// is used to pass information back to callers that are interested in the +// operation's progress. +type Event struct { + // Text is a description of the event. Events with the same text represent + // updates to the status of a single sub-operation. + Text string + // Status is the updated status of the sub-operation. + Status EventStatus +} + +// EventStatus represents the status of an async process. +type EventStatus string + +const ( + // EventStatusStarted indicates that an operation has started. + EventStatusStarted EventStatus = "started" + // EventStatusSuccess indicates that an operation has completed + // successfully. + EventStatusSuccess EventStatus = "success" + // EventStatusFailure indicates that an operation has failed. + EventStatusFailure EventStatus = "failure" +) + +// EventChannel is a channel for sending events. We define our own type for it +// so we can attach useful functions to it. +type EventChannel chan Event + +// SendEvent sends an event to an event channel. It is a no-op if the channel is +// nil. This allows event producers to produce events unconditionally, with +// callers providing an optionally nil channel. +func (ch EventChannel) SendEvent(text string, status EventStatus) { + if ch == nil { + return + } + ch <- Event{ + Text: text, + Status: status, + } +} diff --git a/internal/crd/convert.go b/internal/crd/convert.go new file mode 100644 index 0000000..231a905 --- /dev/null +++ b/internal/crd/convert.go @@ -0,0 +1,169 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package crd contains utilities for working with CRDs. +package crd + +import ( + "fmt" + "slices" + "strings" + + "github.com/spf13/afero" + extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "k8s.io/apiextensions-apiserver/pkg/controller/openapi/builder" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/kube-openapi/pkg/spec3" + "k8s.io/kube-openapi/pkg/validation/spec" + "sigs.k8s.io/yaml" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" +) + +// ToOpenAPI converts the storage version of a CRD to an OpenAPI spec. The +// version is returned along with the OpenAPI spec. +func ToOpenAPI(crd *extv1.CustomResourceDefinition) (map[string]*spec3.OpenAPI, error) { + modifyCRDManifestFields(crd) + oapis := make(map[string]*spec3.OpenAPI, len(crd.Spec.Versions)) + + if len(crd.Spec.Versions) == 0 { + return nil, errors.New("crd has no versions") + } + + for _, crdVersion := range crd.Spec.Versions { + version := crdVersion.Name + + output, err := builder.BuildOpenAPIV3(crd, version, builder.Options{}) + if err != nil { + return nil, errors.Wrapf(err, "failed to build OpenAPI v3 schema") + } + + groupParts := strings.Split(crd.Spec.Group, ".") + slices.Reverse(groupParts) + reverseGroup := strings.Join(groupParts, ".") + + for name, s := range output.Components.Schemas { + if !strings.HasPrefix(name, reverseGroup+".") { + continue + } + + if fmt.Sprintf("%s.%s.%s", reverseGroup, version, crd.Spec.Names.Kind) == name { + addDefaultAPIVersionAndKind(s, schema.GroupVersionKind{ + Group: crd.Spec.Group, + Version: version, + Kind: crd.Spec.Names.Kind, + }) + } + } + + oapis[version] = output + } + + return oapis, nil +} + +// FilesToOpenAPI converts an on-disk CRD to an OpenAPI spec, and writes the +// OpenAPI spec to a file. The paths to the specs are returned. +func FilesToOpenAPI(fs afero.Fs, bs []byte, path string) ([]string, error) { + var crd extv1.CustomResourceDefinition + if err := yaml.Unmarshal(bs, &crd); err != nil { + return nil, errors.Wrapf(err, "failed to unmarshal CRD file %q", path) + } + + outputs, err := ToOpenAPI(&crd) + if err != nil { + return nil, err + } + + paths := make([]string, 0, len(outputs)) + for version, output := range outputs { + openAPIBytes, err := yaml.Marshal(output) + if err != nil { + return nil, errors.Wrapf(err, "failed to marshal OpenAPI output to YAML") + } + + groupFormatted := strings.ReplaceAll(crd.Spec.Group, ".", "_") + kindFormatted := strings.ToLower(crd.Spec.Names.Kind) + openAPIPath := fmt.Sprintf("%s_%s_%s.yaml", groupFormatted, version, kindFormatted) + + if err := afero.WriteFile(fs, openAPIPath, openAPIBytes, 0o644); err != nil { + return nil, errors.Wrapf(err, "failed to write OpenAPI file") + } + + paths = append(paths, openAPIPath) + } + + return paths, nil +} + +func addDefaultAPIVersionAndKind(s *spec.Schema, gvk schema.GroupVersionKind) { + if prop, ok := s.Properties["apiVersion"]; ok { + prop.Default = gvk.GroupVersion().String() + prop.Enum = []any{gvk.GroupVersion().String()} + s.Properties["apiVersion"] = prop + } + if prop, ok := s.Properties["kind"]; ok { + prop.Default = gvk.Kind + prop.Enum = []any{gvk.Kind} + s.Properties["kind"] = prop + } +} + +func modifyCRDManifestFields(crd *extv1.CustomResourceDefinition) { + for i, version := range crd.Spec.Versions { + if version.Schema != nil && version.Schema.OpenAPIV3Schema != nil { + updateSchemaPropertiesXEmbeddedResource(version.Schema.OpenAPIV3Schema) + crd.Spec.Versions[i].Schema.OpenAPIV3Schema.Properties = version.Schema.OpenAPIV3Schema.Properties + } + } +} + +// updateSchemaPropertiesXEmbeddedResource recursively traverses and updates +// schema properties at all depths. +func updateSchemaPropertiesXEmbeddedResource(s *extv1.JSONSchemaProps) { + if s == nil { + return + } + + if s.XEmbeddedResource && s.XPreserveUnknownFields != nil && *s.XPreserveUnknownFields { + s.XEmbeddedResource = false + s.XPreserveUnknownFields = nil + s.Type = "object" + s.AdditionalProperties = &extv1.JSONSchemaPropsOrBool{ + Allows: true, + Schema: nil, + } + } + + for key, property := range s.Properties { + updateSchemaPropertiesXEmbeddedResource(&property) + s.Properties[key] = property + } + + if s.AdditionalProperties != nil && s.AdditionalProperties.Schema != nil { + updateSchemaPropertiesXEmbeddedResource(s.AdditionalProperties.Schema) + } + + if s.Items != nil { + if s.Items.Schema != nil { + updateSchemaPropertiesXEmbeddedResource(s.Items.Schema) + } else if s.Items.JSONSchemas != nil { + for i := range s.Items.JSONSchemas { + updateSchemaPropertiesXEmbeddedResource(&s.Items.JSONSchemas[i]) + } + } + } +} diff --git a/internal/crd/convert_test.go b/internal/crd/convert_test.go new file mode 100644 index 0000000..7bf9aef --- /dev/null +++ b/internal/crd/convert_test.go @@ -0,0 +1,379 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package crd + +import ( + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/spf13/afero" + extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/kube-openapi/pkg/spec3" + "k8s.io/kube-openapi/pkg/validation/spec" + "sigs.k8s.io/yaml" + + _ "embed" +) + +//go:embed testdata/template.fn.crossplane.io_kclinputs.yaml +var testCRD []byte + +func TestFilesToOpenAPI(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + crdContent []byte + expectedErr bool + }{ + { + name: "ValidCRDFromEmbed", + crdContent: testCRD, + expectedErr: false, + }, + { + name: "InvalidCRD", + crdContent: []byte(`invalid: crd content`), + expectedErr: true, + }, + { + name: "CRDMissingVersion", + crdContent: []byte(` +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: testresources.testgroup.example.com +spec: + group: testgroup.example.com + versions: [] + names: + kind: TestResource + plural: testresources +`), + expectedErr: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + fs := afero.NewMemMapFs() + outputPaths, err := FilesToOpenAPI(fs, tt.crdContent, "test-crd.yaml") + + if tt.expectedErr { + if err == nil { + t.Fatal("expected error, got nil") + } + return + } + if err != nil { + t.Fatal(err) + } + if got := len(outputPaths); got != 1 { + t.Fatalf("len(outputPaths) = %d, want 1", got) + } + + output, err := afero.ReadFile(fs, outputPaths[0]) + if err != nil { + t.Fatal(err) + } + + var openapi *spec3.OpenAPI + if err := yaml.Unmarshal(output, &openapi); err != nil { + t.Fatal(err) + } + + apiVersionDefault := openapi.Components.Schemas["io.crossplane.fn.template.v1beta1.KCLInput"].SchemaProps.Properties["apiVersion"].Default + if diff := cmp.Diff("template.fn.crossplane.io/v1beta1", apiVersionDefault); diff != "" { + t.Errorf("apiVersion default (-want +got):\n%s", diff) + } + + kindDefault := openapi.Components.Schemas["io.crossplane.fn.template.v1beta1.KCLInput"].SchemaProps.Properties["kind"].Default + if diff := cmp.Diff("KCLInput", kindDefault); diff != "" { + t.Errorf("kind default (-want +got):\n%s", diff) + } + }) + } +} + +func TestAddDefaultAPIVersionAndKind(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + initialSchema spec.Schema + gvk schema.GroupVersionKind + expectedAPIVersion string + expectedKind string + }{ + { + name: "ApiVersionAndKind", + initialSchema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Properties: map[string]spec.Schema{ + "apiVersion": {}, + "kind": {}, + }, + }, + }, + gvk: schema.GroupVersionKind{Group: "example.com", Version: "v1", Kind: "ExampleKind"}, + expectedAPIVersion: "example.com/v1", + expectedKind: "ExampleKind", + }, + { + name: "ApiVersion", + initialSchema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Properties: map[string]spec.Schema{ + "apiVersion": {}, + }, + }, + }, + gvk: schema.GroupVersionKind{Group: "example.com", Version: "v2", Kind: "AnotherKind"}, + expectedAPIVersion: "example.com/v2", + expectedKind: "", + }, + { + name: "Kind", + initialSchema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Properties: map[string]spec.Schema{ + "kind": {}, + }, + }, + }, + gvk: schema.GroupVersionKind{Group: "example.com", Version: "v1alpha1", Kind: "SampleKind"}, + expectedAPIVersion: "", + expectedKind: "SampleKind", + }, + { + name: "Nothing", + initialSchema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Properties: map[string]spec.Schema{}, + }, + }, + gvk: schema.GroupVersionKind{Group: "example.com", Version: "v1beta1", Kind: "NoDefaults"}, + expectedAPIVersion: "", + expectedKind: "", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + addDefaultAPIVersionAndKind(&tt.initialSchema, tt.gvk) + + if prop, ok := tt.initialSchema.Properties["apiVersion"]; ok { + if diff := cmp.Diff(tt.expectedAPIVersion, prop.Default); diff != "" { + t.Errorf("apiVersion default (-want +got):\n%s", diff) + } + } + if prop, ok := tt.initialSchema.Properties["kind"]; ok { + if diff := cmp.Diff(tt.expectedKind, prop.Default); diff != "" { + t.Errorf("kind default (-want +got):\n%s", diff) + } + } + }) + } +} + +var testValidCRD = []byte(` +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: objects.kubernetes.crossplane.io +spec: + group: kubernetes.crossplane.io + names: + kind: Object + plural: objects + singular: object + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + forProvider: + properties: + manifest: + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true +`) + +func TestModifyCRDManifestFields(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + crdContent []byte + expectedErr bool + }{ + { + name: "ValidCRD", + crdContent: testValidCRD, + expectedErr: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + var crd extv1.CustomResourceDefinition + if err := yaml.Unmarshal(tt.crdContent, &crd); err != nil { + if tt.expectedErr { + return + } + t.Fatalf("Failed to unmarshal CRD: %v", err) + } + + modifyCRDManifestFields(&crd) + + modifiedManifest := crd.Spec.Versions[0].Schema.OpenAPIV3Schema.Properties["spec"]. + Properties["forProvider"].Properties["manifest"] + + if modifiedManifest.XEmbeddedResource { + t.Errorf("XEmbeddedResource = true, want false") + } + if modifiedManifest.XPreserveUnknownFields != nil { + t.Errorf("XPreserveUnknownFields = %v, want nil", *modifiedManifest.XPreserveUnknownFields) + } + if diff := cmp.Diff("object", modifiedManifest.Type); diff != "" { + t.Errorf("manifest Type (-want +got):\n%s", diff) + } + }) + } +} + +func TestUpdateSchemaPropertiesXEmbeddedResource(t *testing.T) { + tests := []struct { + name string + input *extv1.JSONSchemaProps + expected *extv1.JSONSchemaProps + }{ + { + name: "NilSchema", + input: nil, + expected: nil, + }, + { + name: "SchemaWithXEmbeddedResourceAndXPreserveUnknownFields", + input: &extv1.JSONSchemaProps{ + XEmbeddedResource: true, + XPreserveUnknownFields: &[]bool{true}[0], + }, + expected: &extv1.JSONSchemaProps{ + XEmbeddedResource: false, + XPreserveUnknownFields: nil, + Type: "object", + AdditionalProperties: &extv1.JSONSchemaPropsOrBool{ + Allows: true, + Schema: nil, + }, + }, + }, + { + name: "NestedProperties", + input: &extv1.JSONSchemaProps{ + Properties: map[string]extv1.JSONSchemaProps{ + "nested": { + XEmbeddedResource: true, + XPreserveUnknownFields: &[]bool{true}[0], + }, + }, + }, + expected: &extv1.JSONSchemaProps{ + Properties: map[string]extv1.JSONSchemaProps{ + "nested": { + XEmbeddedResource: false, + XPreserveUnknownFields: nil, + Type: "object", + AdditionalProperties: &extv1.JSONSchemaPropsOrBool{ + Allows: true, + Schema: nil, + }, + }, + }, + }, + }, + { + name: "AdditionalProperties", + input: &extv1.JSONSchemaProps{ + AdditionalProperties: &extv1.JSONSchemaPropsOrBool{ + Schema: &extv1.JSONSchemaProps{ + XEmbeddedResource: true, + XPreserveUnknownFields: &[]bool{true}[0], + }, + }, + }, + expected: &extv1.JSONSchemaProps{ + AdditionalProperties: &extv1.JSONSchemaPropsOrBool{ + Schema: &extv1.JSONSchemaProps{ + XEmbeddedResource: false, + XPreserveUnknownFields: nil, + Type: "object", + AdditionalProperties: &extv1.JSONSchemaPropsOrBool{ + Allows: true, + Schema: nil, + }, + }, + }, + }, + }, + { + name: "Items", + input: &extv1.JSONSchemaProps{ + Items: &extv1.JSONSchemaPropsOrArray{ + Schema: &extv1.JSONSchemaProps{ + XEmbeddedResource: true, + XPreserveUnknownFields: &[]bool{true}[0], + }, + }, + }, + expected: &extv1.JSONSchemaProps{ + Items: &extv1.JSONSchemaPropsOrArray{ + Schema: &extv1.JSONSchemaProps{ + XEmbeddedResource: false, + XPreserveUnknownFields: nil, + Type: "object", + AdditionalProperties: &extv1.JSONSchemaPropsOrBool{ + Allows: true, + Schema: nil, + }, + }, + }, + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + updateSchemaPropertiesXEmbeddedResource(tt.input) + if diff := cmp.Diff(tt.expected, tt.input); diff != "" { + t.Errorf("updateSchemaPropertiesXEmbeddedResource (-want +got):\n%s", diff) + } + }) + } +} diff --git a/internal/crd/generator.go b/internal/crd/generator.go new file mode 100644 index 0000000..fd79145 --- /dev/null +++ b/internal/crd/generator.go @@ -0,0 +1,99 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package crd + +import ( + "path/filepath" + + "github.com/spf13/afero" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "sigs.k8s.io/yaml" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/xcrd" + + xpv1 "github.com/crossplane/crossplane/apis/v2/apiextensions/v1" +) + +// createCRDFromXRD creates a xrCRD and claimCRD if possible from the XRD. +func createCRDFromXRD(xrd xpv1.CompositeResourceDefinition) (*apiextensionsv1.CustomResourceDefinition, *apiextensionsv1.CustomResourceDefinition, error) { + var xrCrd, claimCrd *apiextensionsv1.CustomResourceDefinition + + crdGVK := apiextensionsv1.SchemeGroupVersion.WithKind("CustomResourceDefinition") + + xrCrd, err := xcrd.ForCompositeResource(&xrd) + if err != nil { + return nil, nil, errors.Wrapf(err, "cannot derive composite CRD from XRD %q for Composite Resource", xrd.GetName()) + } + xrCrd.SetGroupVersionKind(crdGVK) + if xrCrd.Spec.Names.ListKind == "" { + xrCrd.Spec.Names.ListKind = xrCrd.Spec.Names.Kind + "List" + } + + if xrd.Spec.ClaimNames != nil { + claimCrd, err = xcrd.ForCompositeResourceClaim(&xrd) + if err != nil { + return nil, nil, errors.Wrapf(err, "cannot derive composite CRD from XRD %q for Composite Resource Claim", xrd.GetName()) + } + + claimCrd.SetGroupVersionKind(crdGVK) + if claimCrd.Spec.Names.ListKind == "" { + claimCrd.Spec.Names.ListKind = claimCrd.Spec.Names.Kind + "List" + } + } + + return xrCrd, claimCrd, nil +} + +// ProcessXRD generates associated CRDs from an XRD. +func ProcessXRD(fs afero.Fs, bs []byte, path, baseFolder string) (string, string, error) { + var xrd xpv1.CompositeResourceDefinition + if err := yaml.Unmarshal(bs, &xrd); err != nil { + return "", "", errors.Wrapf(err, "failed to unmarshal XRD file %q", path) + } + + xrCRD, claimCRD, err := createCRDFromXRD(xrd) + if err != nil { + return "", "", err + } + + var xrPath, claimPath string + + if xrCRD != nil { + xrPath = filepath.Join(baseFolder, xrCRD.Name+".yaml") + xrCRDBytes, err := yaml.Marshal(xrCRD) + if err != nil { + return "", "", errors.Wrap(err, "failed to marshal XR CRD to YAML") + } + if err := afero.WriteFile(fs, xrPath, xrCRDBytes, 0o644); err != nil { + return "", "", err + } + } + + if claimCRD != nil { + claimPath = filepath.Join(baseFolder, claimCRD.Name+".yaml") + claimCRDBytes, err := yaml.Marshal(claimCRD) + if err != nil { + return "", "", errors.Wrap(err, "failed to marshal claim CRD to YAML") + } + if err := afero.WriteFile(fs, claimPath, claimCRDBytes, 0o644); err != nil { + return "", "", err + } + } + + return xrPath, claimPath, nil +} diff --git a/internal/crd/generator_test.go b/internal/crd/generator_test.go new file mode 100644 index 0000000..7e1f3aa --- /dev/null +++ b/internal/crd/generator_test.go @@ -0,0 +1,117 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package crd + +import ( + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/spf13/afero" + extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "sigs.k8s.io/yaml" + + _ "embed" +) + +//go:embed testdata/claimable-xrd.yaml +var claimableXRDBytes []byte + +//go:embed testdata/unclaimable-xrd.yaml +var unclaimableXRDBytes []byte + +func TestProcessXRD(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + xrdBytes []byte + + expectedXRKind string + expectedXRListKind string + + expectedClaimKind string + expectedClaimListKind string + }{ + "ClaimableXRD": { + xrdBytes: claimableXRDBytes, + expectedXRKind: "XStorageBucket", + expectedXRListKind: "XStorageBucketList", + expectedClaimKind: "StorageBucket", + expectedClaimListKind: "StorageBucketList", + }, + "UnclaimableXRD": { + xrdBytes: unclaimableXRDBytes, + expectedXRKind: "XInternalBucket", + expectedXRListKind: "XInternalBucketList", + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + outFS := afero.NewMemMapFs() + xrPath, claimPath, err := ProcessXRD(outFS, tc.xrdBytes, "output", "/") + if err != nil { + t.Fatal(err) + } + + if xrPath != "" { + if tc.expectedXRKind == "" { + t.Fatalf("unexpected XR CRD generated at %q", xrPath) + } + xrBytes, err := afero.ReadFile(outFS, xrPath) + if err != nil { + t.Fatal(err) + } + + var xrCRD extv1.CustomResourceDefinition + if err := yaml.Unmarshal(xrBytes, &xrCRD); err != nil { + t.Fatal(err) + } + + if diff := cmp.Diff(tc.expectedXRKind, xrCRD.Spec.Names.Kind); diff != "" { + t.Errorf("XR Kind (-want +got):\n%s", diff) + } + if diff := cmp.Diff(tc.expectedXRListKind, xrCRD.Spec.Names.ListKind); diff != "" { + t.Errorf("XR ListKind (-want +got):\n%s", diff) + } + } + + if claimPath != "" { + if tc.expectedClaimKind == "" { + t.Fatalf("unexpected claim CRD generated at %q", claimPath) + } + claimBytes, err := afero.ReadFile(outFS, claimPath) + if err != nil { + t.Fatal(err) + } + + var claimCRD extv1.CustomResourceDefinition + if err := yaml.Unmarshal(claimBytes, &claimCRD); err != nil { + t.Fatal(err) + } + + if diff := cmp.Diff(tc.expectedClaimKind, claimCRD.Spec.Names.Kind); diff != "" { + t.Errorf("Claim Kind (-want +got):\n%s", diff) + } + if diff := cmp.Diff(tc.expectedClaimListKind, claimCRD.Spec.Names.ListKind); diff != "" { + t.Errorf("Claim ListKind (-want +got):\n%s", diff) + } + } + }) + } +} diff --git a/internal/crd/testdata/claimable-xrd.yaml b/internal/crd/testdata/claimable-xrd.yaml new file mode 100644 index 0000000..caa70ae --- /dev/null +++ b/internal/crd/testdata/claimable-xrd.yaml @@ -0,0 +1,47 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: CompositeResourceDefinition +metadata: + name: xstoragebuckets.platform.example.com +spec: + claimNames: + kind: StorageBucket + plural: storagebuckets + group: platform.example.com + names: + categories: + - crossplane + kind: XStorageBucket + plural: xstoragebuckets + versions: + - name: v1alpha1 + referenceable: true + schema: + openAPIV3Schema: + description: StorageBucket is the Schema for the StorageBucket API. + properties: + spec: + description: StorageBucketSpec defines the desired state of StorageBucket. + properties: + parameters: + properties: + acl: + type: string + region: + type: string + versioning: + type: boolean + type: object + required: + - acl + - region + - versioning + type: object + required: + - parameters + status: + description: StorageBucketStatus defines the observed state of StorageBucket. + type: object + required: + - spec + type: object + served: true diff --git a/internal/crd/testdata/template.fn.crossplane.io_kclinputs.yaml b/internal/crd/testdata/template.fn.crossplane.io_kclinputs.yaml new file mode 100644 index 0000000..ad029ac --- /dev/null +++ b/internal/crd/testdata/template.fn.crossplane.io_kclinputs.yaml @@ -0,0 +1,161 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: kclinputs.template.fn.crossplane.io +spec: + group: template.fn.crossplane.io + names: + categories: + - crossplane + kind: KCLInput + listKind: KCLInputList + plural: kclinputs + singular: kclinput + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: KCLInput can be used to provide input to this Function. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RunSpec defines the desired state of Crossplane KCL function. + properties: + config: + description: Config is the compile config. + properties: + arguments: + description: Arguments is the list of top level dynamic arguments + for the kcl option function, e.g., env="prod" + items: + type: string + type: array + debug: + description: Debug denotes running kcl in debug mode. + type: boolean + disableNone: + description: DisableNone denotes running kcl and disable dumping + None values. + type: boolean + overrides: + description: Overrides is the list of override paths and values, + e.g., app.image="v2" + items: + type: string + type: array + pathSelectors: + description: PathSelectors is the list of path selectors to select + output result, e.g., a.b.c + items: + type: string + type: array + settings: + description: Settings is the list of kcl setting files including + all of the CLI config. + items: + type: string + type: array + showHidden: + description: ShowHidden denotes output the hidden attribute in + the result. + type: boolean + sortKeys: + description: SortKeys denotes sorting the output result keys, + e.g., `{b = 1, a = 2} => {a = 2, b = 1}`. + type: boolean + strictRangeCheck: + description: StrictRangeCheck performs the 32-bit strict numeric + range checks on numbers. + type: boolean + vendor: + description: Vendor denotes running kcl in the vendor mode. + type: boolean + type: object + credentials: + description: Credentials for remote locations + properties: + password: + type: string + url: + type: string + username: + type: string + required: + - password + - username + type: object + dependencies: + description: |- + Dependencies are the external dependencies for the KCL code. + The format of the `dependencies` field is same as the `[dependencies]` in the `kcl.mod` file + type: string + params: + additionalProperties: + type: object + x-kubernetes-preserve-unknown-fields: true + description: Params are the parameters in key-value pairs format. + type: object + resources: + description: |- + Resources is a list of resources to patch and create + This is utilized when a Target is set to PatchResources + items: + properties: + base: + description: |- + Base of the composed resource that patches will be applied to. + According to the patches and transforms functions, this may be ommited on + occassion by a previous pipeline + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + name: + description: Name is a unique identifier for this entry in a + ResourceList + type: string + required: + - name + type: object + type: array + source: + description: Source is a required field for providing a KCL script + inline. + type: string + target: + default: Resources + description: Target determines what object the export output should + be applied to + enum: + - Default + - PatchDesired + - PatchResources + - Resources + - XR + type: string + required: + - source + - target + type: object + type: object + served: true + storage: true diff --git a/internal/crd/testdata/unclaimable-xrd.yaml b/internal/crd/testdata/unclaimable-xrd.yaml new file mode 100644 index 0000000..1a6fd4f --- /dev/null +++ b/internal/crd/testdata/unclaimable-xrd.yaml @@ -0,0 +1,44 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: CompositeResourceDefinition +metadata: + name: xinternalbuckets.platform.example.com +spec: + group: platform.example.com + names: + categories: + - crossplane + kind: XInternalBucket + plural: xinternalbuckets + versions: + - name: v1alpha1 + referenceable: true + schema: + openAPIV3Schema: + description: InternalBucket is the Schema for the InternalBucket API. + properties: + spec: + description: InternalBucketSpec defines the desired state of InternalBucket. + properties: + parameters: + properties: + acl: + type: string + region: + type: string + versioning: + type: boolean + type: object + required: + - acl + - region + - versioning + type: object + required: + - parameters + status: + description: InternalBucketStatus defines the observed state of InternalBucket. + type: object + required: + - spec + type: object + served: true diff --git a/internal/dependency/cache_dir.go b/internal/dependency/cache_dir.go new file mode 100644 index 0000000..a09d7c8 --- /dev/null +++ b/internal/dependency/cache_dir.go @@ -0,0 +1,31 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package dependency + +import ( + "os" + "path/filepath" +) + +// DefaultCacheDir returns the default per-user xpkg cache directory. +func DefaultCacheDir() string { + base, err := os.UserCacheDir() + if err != nil { + base = os.TempDir() + } + return filepath.Join(base, "crossplane", "xpkg") +} diff --git a/internal/dependency/manager.go b/internal/dependency/manager.go new file mode 100644 index 0000000..79c946b --- /dev/null +++ b/internal/dependency/manager.go @@ -0,0 +1,384 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package dependency manages schema generation for Crossplane project +// dependencies. +package dependency + +import ( + "context" + "fmt" + "strings" + "sync" + + "github.com/google/go-containerregistry/pkg/name" + conregv1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/spf13/afero" + "golang.org/x/sync/errgroup" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + runtimexpkg "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg" + + "github.com/crossplane/cli/v2/apis/dev/v1alpha1" + "github.com/crossplane/cli/v2/internal/async" + "github.com/crossplane/cli/v2/internal/git" + "github.com/crossplane/cli/v2/internal/project/projectfile" + "github.com/crossplane/cli/v2/internal/schemas/generator" + smanager "github.com/crossplane/cli/v2/internal/schemas/manager" + "github.com/crossplane/cli/v2/internal/schemas/runner" + clixpkg "github.com/crossplane/cli/v2/internal/xpkg" +) + +// Manager manages dependencies for a Crossplane project, including fetching +// packages, extracting CRDs, and generating schemas. +type Manager struct { + proj *v1alpha1.Project + projFS afero.Fs + projFile string + schemas *smanager.Manager + + gitCloner git.Cloner + gitAuthProvider git.AuthProvider + + client runtimexpkg.Client + resolver *clixpkg.Resolver + + updateMutex sync.Mutex +} + +// ManagerOption configures the dependency manager. +type ManagerOption func(*managerOptions) + +type managerOptions struct { + projFile string + schemaFS afero.Fs + schemaGenerators []generator.Interface + schemaRunner runner.SchemaRunner + gitAuthProvider git.AuthProvider + client runtimexpkg.Client + resolver *clixpkg.Resolver +} + +// WithProjectFile sets the path to the project file. +func WithProjectFile(path string) ManagerOption { + return func(opts *managerOptions) { + opts.projFile = path + } +} + +// WithSchemaFS sets the filesystem to use for schemas. +func WithSchemaFS(fs afero.Fs) ManagerOption { + return func(opts *managerOptions) { + opts.schemaFS = fs + } +} + +// WithSchemaRunner sets the runner to use when generating schemas. +func WithSchemaRunner(r runner.SchemaRunner) ManagerOption { + return func(opts *managerOptions) { + opts.schemaRunner = r + } +} + +// WithSchemaGenerators sets the schema generators to call. +func WithSchemaGenerators(gs []generator.Interface) ManagerOption { + return func(opts *managerOptions) { + opts.schemaGenerators = gs + } +} + +// WithGitAuthProvider sets the auth provider for git operations. +func WithGitAuthProvider(p git.AuthProvider) ManagerOption { + return func(opts *managerOptions) { + opts.gitAuthProvider = p + } +} + +// WithXpkgClient sets the runtime xpkg.Client used to fetch and parse +// xpkg dependencies. +func WithXpkgClient(c runtimexpkg.Client) ManagerOption { + return func(opts *managerOptions) { + opts.client = c + } +} + +// WithResolver sets the package reference resolver used to translate +// semver constraints into concrete tags before calling Client.Get. +func WithResolver(r *clixpkg.Resolver) ManagerOption { + return func(opts *managerOptions) { + opts.resolver = r + } +} + +// NewManager returns an initialized dependency manager. +func NewManager(proj *v1alpha1.Project, projFS afero.Fs, opts ...ManagerOption) *Manager { + options := &managerOptions{ + projFile: "crossplane-project.yaml", + schemaFS: afero.NewBasePathFs(projFS, proj.Spec.Paths.Schemas), + schemaGenerators: generator.AllLanguages(), + schemaRunner: runner.NewRealSchemaRunner( + runner.WithImageConfig(proj.Spec.ImageConfigs), + ), + gitAuthProvider: &git.HTTPSAuthProvider{}, + } + + for _, opt := range opts { + opt(options) + } + + schemas := smanager.New( + options.schemaFS, + options.schemaGenerators, + options.schemaRunner, + ) + + return &Manager{ + proj: proj, + projFS: projFS, + projFile: options.projFile, + schemas: schemas, + gitCloner: &git.DefaultCloner{}, + gitAuthProvider: options.gitAuthProvider, + client: options.client, + resolver: options.resolver, + } +} + +// ResolveRef resolves a version constraint in an OCI ref to a concrete tag. If +// the ref has no tag, has an exact semver version, or is not a valid +// constraint, it is returned unchanged. +func (m *Manager) ResolveRef(ref string) (name.Reference, error) { + resolved, _, err := m.resolver.Resolve(context.Background(), ref) + return resolved, err +} + +// AddPackage adds a package to the dependency manager. If refresh is set, the +// package's ref will be re-resolved regardless of whether it is cached. +func (m *Manager) AddPackage(ctx context.Context, ref string, refresh bool) (*schema.GroupVersionKind, error) { + return m.addPackage(ctx, ref, refresh) +} + +func (m *Manager) addPackage(ctx context.Context, ref string, refresh bool) (*schema.GroupVersionKind, error) { + resolvedRef, version, err := m.resolver.Resolve(ctx, ref) + if err != nil { + return nil, errors.Wrapf(err, "cannot resolve %s", ref) + } + + pullPolicy := corev1.PullIfNotPresent + if refresh { + pullPolicy = corev1.PullAlways + } + pkg, err := m.client.Get(ctx, resolvedRef.String(), runtimexpkg.WithPullPolicy(pullPolicy)) + if err != nil { + return nil, errors.Wrapf(err, "failed to fetch %s", ref) + } + + gvk, err := runtimeGVKForPackage(pkg) + if err != nil { + return nil, errors.Wrapf(err, "cannot identify package %s", ref) + } + crdFS, err := clixpkg.CRDFilesystem(pkg.Package) + if err != nil { + return nil, errors.Wrapf(err, "cannot extract CRDs from %s", ref) + } + + // Use the resolved version so constraint and exact-version inputs + // collapse to one schema-lock entry. Digest-pinned refs (no resolved + // version) intentionally use a digest-form ID and remain separate. + id := pkg.Source + "@" + pkg.Digest + if version != "" { + id = pkg.Source + ":" + version + } + src := smanager.NewXpkgSource(id, pkg.Digest, crdFS) + if err := m.schemas.Add(ctx, src); err != nil { + return nil, err + } + return gvk, nil +} + +func runtimeGVKForPackage(pkg *runtimexpkg.Package) (*schema.GroupVersionKind, error) { + gvk := pkg.GetMeta().GetObjectKind().GroupVersionKind() + + // NOTE(adamwg): We assume all packages follow the existing Crossplane + // convention where the meta and runtime kinds match, and the meta apiGroup + // the runtime apiGroup prefixed with "meta.". + group := strings.TrimPrefix(gvk.Group, "meta.") + if group == gvk.Group { + return nil, errors.Errorf("package metadata group %s does not start with \"meta.\"", gvk.Group) + } + + return &schema.GroupVersionKind{ + Group: group, + Version: gvk.Version, + Kind: gvk.Kind, + }, nil +} + +// AddDependency adds a dependency, generates schemas for it, and persists the +// dependency to the project file. +func (m *Manager) AddDependency(ctx context.Context, dep *v1alpha1.Dependency) error { + gvk, err := m.addDependencyNoWrite(ctx, dep, false) + if err != nil { + return err + } + + // For xpkg dependencies, fill in the apiVersion and kind. We don't care + // about these for development purposes, but they are required to install an + // xpkg dependency into a cluster at runtime. + if dep.Type == v1alpha1.DependencyTypeXpkg && dep.Xpkg != nil && gvk != nil { + dep.Xpkg.APIVersion = gvk.GroupVersion().String() + dep.Xpkg.Kind = gvk.Kind + } + + m.updateMutex.Lock() + defer m.updateMutex.Unlock() + + upsertDependency(m.proj, *dep) + return projectfile.Update(m.projFS, m.projFile, func(p *v1alpha1.Project) { + upsertDependency(p, *dep) + }) +} + +// AddAll adds all dependencies configured in the project. If ch is non-nil, +// events will be sent for each dependency as it is processed. +func (m *Manager) AddAll(ctx context.Context, ch async.EventChannel) error { + return m.addAll(ctx, ch, false) +} + +// RefreshAll re-resolves every dependency's version constraint against the +// registry. Used by `dependency update-cache`. +func (m *Manager) RefreshAll(ctx context.Context, ch async.EventChannel) error { + return m.addAll(ctx, ch, true) +} + +func (m *Manager) addAll(ctx context.Context, ch async.EventChannel, refresh bool) error { + eg, egCtx := errgroup.WithContext(ctx) + + for i := range m.proj.Spec.Dependencies { + dep := &m.proj.Spec.Dependencies[i] + desc := "Updating dependency " + GetSourceDescription(*dep) + eg.Go(func() error { + ch.SendEvent(desc, async.EventStatusStarted) + if _, err := m.addDependencyNoWrite(egCtx, dep, refresh); err != nil { + ch.SendEvent(desc, async.EventStatusFailure) + return err + } + ch.SendEvent(desc, async.EventStatusSuccess) + return nil + }) + } + + return eg.Wait() +} + +func (m *Manager) addDependencyNoWrite(ctx context.Context, dep *v1alpha1.Dependency, refresh bool) (*schema.GroupVersionKind, error) { + switch { + case dep.Type == v1alpha1.DependencyTypeXpkg: + if dep.Xpkg == nil { + return nil, errors.New("xpkg dependency has no package reference") + } + + // If the version is a digest, format the OCI ref as + // repo@digest. Otherwise, use repo:tag, where tag may be a semver + // constraint. + ref := dep.Xpkg.Package + if _, err := conregv1.NewHash(dep.Xpkg.Version); err == nil { + ref = fmt.Sprintf("%s@%s", ref, dep.Xpkg.Version) + } else if dep.Xpkg.Version != "" { + ref = fmt.Sprintf("%s:%s", ref, dep.Xpkg.Version) + } + + return m.addPackage(ctx, ref, refresh) + case dep.Git != nil: + return nil, m.schemas.Add(ctx, smanager.NewGitSource(*dep, m.gitCloner, m.gitAuthProvider)) + case dep.HTTP != nil: + return nil, m.schemas.Add(ctx, smanager.NewHTTPSource(*dep)) + case dep.K8s != nil: + return nil, m.schemas.Add(ctx, smanager.NewK8sSource(*dep)) + default: + return nil, errors.New("dependency has no source configured") + } +} + +// Clean removes all generated schemas. +func (m *Manager) Clean() error { + return m.projFS.RemoveAll(m.proj.Spec.Paths.Schemas) +} + +// CleanPackages removes the per-user xpkg cache directory at root. +func CleanPackages(root string, fs afero.Fs) error { + if err := fs.RemoveAll(root); err != nil { + return errors.Wrapf(err, "cannot remove xpkg cache at %s", root) + } + return nil +} + +// GetSourceDescription returns a human-readable description of a dependency. +func GetSourceDescription(dep v1alpha1.Dependency) string { + switch { + case dep.Xpkg != nil: + desc := dep.Xpkg.Package + if dep.Xpkg.Version != "" { + desc += ":" + dep.Xpkg.Version + } + return desc + case dep.Git != nil: + desc := dep.Git.Repository + if dep.Git.Ref != "" { + desc += " (" + dep.Git.Ref + ")" + } + if dep.Git.Path != "" { + desc += " at " + dep.Git.Path + } + return desc + case dep.HTTP != nil: + return dep.HTTP.URL + case dep.K8s != nil: + return "Kubernetes API " + dep.K8s.Version + default: + return "unknown source" + } +} + +func upsertDependency(proj *v1alpha1.Project, dep v1alpha1.Dependency) { + for i, existing := range proj.Spec.Dependencies { + if matchesDependency(existing, dep) { + proj.Spec.Dependencies[i] = dep + return + } + } + + proj.Spec.Dependencies = append(proj.Spec.Dependencies, dep) +} + +func matchesDependency(a, b v1alpha1.Dependency) bool { + if a.Type != b.Type { + return false + } + switch { + case a.Xpkg != nil && b.Xpkg != nil: + return a.Xpkg.Package == b.Xpkg.Package + case a.Git != nil && b.Git != nil: + return a.Git.Repository == b.Git.Repository + case a.HTTP != nil && b.HTTP != nil: + return a.HTTP.URL == b.HTTP.URL + case a.K8s != nil && b.K8s != nil: + return true // Only one k8s dep makes sense. + } + return false +} diff --git a/internal/dependency/manager_test.go b/internal/dependency/manager_test.go new file mode 100644 index 0000000..2b37d26 --- /dev/null +++ b/internal/dependency/manager_test.go @@ -0,0 +1,552 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package dependency + +import ( + "context" + "encoding/json" + "io" + "maps" + "slices" + "strings" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/spf13/afero" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/yaml" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + runtimexpkg "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser" + + "github.com/crossplane/cli/v2/apis/dev/v1alpha1" + "github.com/crossplane/cli/v2/internal/schemas/generator" + clixpkg "github.com/crossplane/cli/v2/internal/xpkg" +) + +const configurationPackageYAML = `apiVersion: meta.pkg.crossplane.io/v1 +kind: Configuration +metadata: + name: example +spec: + crossplane: + version: ">=v1.14.0" +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: things.example.com +spec: + group: example.com + names: + plural: things + kind: Thing + listKind: ThingList + singular: thing + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object +` + +const providerPackageYAML = `apiVersion: meta.pkg.crossplane.io/v1 +kind: Provider +metadata: + name: example +spec: + crossplane: + version: ">=v1.14.0" +` + +const functionPackageYAML = `apiVersion: meta.pkg.crossplane.io/v1beta1 +kind: Function +metadata: + name: example +spec: + crossplane: + version: ">=v1.14.0" +` + +// parsedPackage parses the given package YAML into a *parser.Package that the +// fake client can hand back from Get. +func parsedPackage(t *testing.T, body string) *parser.Package { + t.Helper() + metaScheme, err := runtimexpkg.BuildMetaScheme() + if err != nil { + t.Fatalf("build meta scheme: %v", err) + } + objScheme, err := runtimexpkg.BuildObjectScheme() + if err != nil { + t.Fatalf("build object scheme: %v", err) + } + pkg, err := parser.New(metaScheme, objScheme).Parse(context.Background(), io.NopCloser(strings.NewReader(body))) + if err != nil { + t.Fatalf("parse package: %v", err) + } + return pkg +} + +// parsedTestPackage parses configurationPackageYAML once into a *parser.Package +// that the fake client can hand back from Get. +func parsedTestPackage(t *testing.T) *parser.Package { + t.Helper() + return parsedPackage(t, configurationPackageYAML) +} + +// fakeClient is a fake xpkg.Client. Get returns a pre-canned Package per ref; +// ListVersions returns a fixed tag list, so a real Resolver can be wired on +// top. +type fakeClient struct { + packages map[string]*runtimexpkg.Package + tags []string +} + +func (f *fakeClient) Get(_ context.Context, ref string, _ ...runtimexpkg.GetOption) (*runtimexpkg.Package, error) { + pkg, ok := f.packages[ref] + if !ok { + return nil, errors.New("not found") + } + return pkg, nil +} + +func (f *fakeClient) ListVersions(_ context.Context, _ string, _ ...runtimexpkg.GetOption) ([]string, error) { + return f.tags, nil +} + +func makePackage(t *testing.T, source, digest, version string) *runtimexpkg.Package { + t.Helper() + return &runtimexpkg.Package{ + Package: parsedTestPackage(t), + Source: source, + Digest: digest, + Version: version, + } +} + +func makePackageWithBody(t *testing.T, source, digest, version, body string) *runtimexpkg.Package { + t.Helper() + return &runtimexpkg.Package{ + Package: parsedPackage(t, body), + Source: source, + Digest: digest, + Version: version, + } +} + +func newTestManager(t *testing.T, fc *fakeClient) (*Manager, afero.Fs) { + t.Helper() + schemaFS := afero.NewMemMapFs() + m := NewManager( + &v1alpha1.Project{ + Spec: v1alpha1.ProjectSpec{ + Paths: &v1alpha1.ProjectPaths{Schemas: "schemas"}, + }, + }, + afero.NewMemMapFs(), + WithSchemaFS(schemaFS), + WithSchemaGenerators([]generator.Interface{}), + WithXpkgClient(fc), + WithResolver(clixpkg.NewResolver(fc)), + ) + return m, schemaFS +} + +// xpkgDep builds an xpkg dependency the same way cmd/crossplane/dependency/add.go +// does for the given package string. +func xpkgDep(pkg, version string) *v1alpha1.Dependency { + return &v1alpha1.Dependency{ + Type: v1alpha1.DependencyTypeXpkg, + Xpkg: &v1alpha1.XpkgDependency{ + Package: pkg, + Version: version, + }, + } +} + +func TestManager_AddDependency(t *testing.T) { + const ( + fnPkg = "xpkg.crossplane.io/crossplane-contrib/function-auto-ready" + provPkg = "xpkg.crossplane.io/crossplane-contrib/provider-nop" + cfgPkg = "xpkg.crossplane.io/crossplane-contrib/configuration-empty" + fnTag = "v0.2.1" + provTag = "v0.2.1" + cfgTag = "v0.1.0" + digestVal = "sha256:5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03" + ) + + type pkgInfo struct { + body string + // expectedAPIVersion / expectedKind that AddDependency should + // populate on the runtime Xpkg fields. + apiVersion string + kind string + } + fnInfo := pkgInfo{body: functionPackageYAML, apiVersion: "pkg.crossplane.io/v1beta1", kind: "Function"} + provInfo := pkgInfo{body: providerPackageYAML, apiVersion: "pkg.crossplane.io/v1", kind: "Provider"} + cfgInfo := pkgInfo{body: configurationPackageYAML, apiVersion: "pkg.crossplane.io/v1", kind: "Configuration"} + + tcs := map[string]struct { + inputDeps []v1alpha1.Dependency + dep *v1alpha1.Dependency + pkg pkgInfo + fetchAt string // exact ref the fake client should serve. + tags []string // tags ListVersions returns. + expectedDeps []v1alpha1.Dependency + expectError bool + }{ + "AddFunctionWithoutVersion": { + dep: xpkgDep(fnPkg, ">=v0.0.0"), + pkg: fnInfo, + fetchAt: fnPkg + ":" + fnTag, + tags: []string{fnTag}, + expectedDeps: []v1alpha1.Dependency{{ + Type: v1alpha1.DependencyTypeXpkg, + Xpkg: &v1alpha1.XpkgDependency{ + APIVersion: fnInfo.apiVersion, + Kind: fnInfo.kind, + Package: fnPkg, + Version: ">=v0.0.0", + }, + }}, + }, + "AddProviderWithoutVersion": { + dep: xpkgDep(provPkg, ">=v0.0.0"), + pkg: provInfo, + fetchAt: provPkg + ":" + provTag, + tags: []string{provTag}, + expectedDeps: []v1alpha1.Dependency{{ + Type: v1alpha1.DependencyTypeXpkg, + Xpkg: &v1alpha1.XpkgDependency{ + APIVersion: provInfo.apiVersion, + Kind: provInfo.kind, + Package: provPkg, + Version: ">=v0.0.0", + }, + }}, + }, + "AddConfigurationWithoutVersion": { + dep: xpkgDep(cfgPkg, ">=v0.0.0"), + pkg: cfgInfo, + fetchAt: cfgPkg + ":" + cfgTag, + tags: []string{cfgTag}, + expectedDeps: []v1alpha1.Dependency{{ + Type: v1alpha1.DependencyTypeXpkg, + Xpkg: &v1alpha1.XpkgDependency{ + APIVersion: cfgInfo.apiVersion, + Kind: cfgInfo.kind, + Package: cfgPkg, + Version: ">=v0.0.0", + }, + }}, + }, + "AddFunctionWithVersion": { + dep: xpkgDep(fnPkg, fnTag), + pkg: fnInfo, + fetchAt: fnPkg + ":" + fnTag, + tags: []string{fnTag}, + expectedDeps: []v1alpha1.Dependency{{ + Type: v1alpha1.DependencyTypeXpkg, + Xpkg: &v1alpha1.XpkgDependency{ + APIVersion: fnInfo.apiVersion, + Kind: fnInfo.kind, + Package: fnPkg, + Version: fnTag, + }, + }}, + }, + "AddFunctionWithSemVersion": { + dep: xpkgDep(fnPkg, ">=v0.1.0"), + pkg: fnInfo, + fetchAt: fnPkg + ":" + fnTag, + tags: []string{fnTag}, + expectedDeps: []v1alpha1.Dependency{{ + Type: v1alpha1.DependencyTypeXpkg, + Xpkg: &v1alpha1.XpkgDependency{ + APIVersion: fnInfo.apiVersion, + Kind: fnInfo.kind, + Package: fnPkg, + Version: ">=v0.1.0", + }, + }}, + }, + "AddFunctionWithSemVersionGreaterThan": { + dep: xpkgDep(fnPkg, ">v0.1.0"), + pkg: fnInfo, + fetchAt: fnPkg + ":" + fnTag, + tags: []string{fnTag}, + expectedDeps: []v1alpha1.Dependency{{ + Type: v1alpha1.DependencyTypeXpkg, + Xpkg: &v1alpha1.XpkgDependency{ + APIVersion: fnInfo.apiVersion, + Kind: fnInfo.kind, + Package: fnPkg, + Version: ">v0.1.0", + }, + }}, + }, + "AddFunctionWithSemVersionLessThan": { + dep: xpkgDep(fnPkg, "=v1.0.0"), + pkg: cfgInfo, + tags: []string{cfgTag}, + expectError: true, + }, + "AddProviderWithExistingDeps": { + inputDeps: []v1alpha1.Dependency{{ + Type: v1alpha1.DependencyTypeXpkg, + Xpkg: &v1alpha1.XpkgDependency{ + APIVersion: fnInfo.apiVersion, + Kind: fnInfo.kind, + Package: fnPkg, + Version: fnTag, + }, + }}, + dep: xpkgDep(provPkg, provTag), + pkg: provInfo, + fetchAt: provPkg + ":" + provTag, + tags: []string{provTag}, + expectedDeps: []v1alpha1.Dependency{ + { + Type: v1alpha1.DependencyTypeXpkg, + Xpkg: &v1alpha1.XpkgDependency{ + APIVersion: fnInfo.apiVersion, + Kind: fnInfo.kind, + Package: fnPkg, + Version: fnTag, + }, + }, + { + Type: v1alpha1.DependencyTypeXpkg, + Xpkg: &v1alpha1.XpkgDependency{ + APIVersion: provInfo.apiVersion, + Kind: provInfo.kind, + Package: provPkg, + Version: provTag, + }, + }, + }, + }, + "UpdateFunction": { + inputDeps: []v1alpha1.Dependency{{ + Type: v1alpha1.DependencyTypeXpkg, + Xpkg: &v1alpha1.XpkgDependency{ + APIVersion: fnInfo.apiVersion, + Kind: fnInfo.kind, + Package: fnPkg, + Version: "v0.1.0", + }, + }}, + dep: xpkgDep(fnPkg, fnTag), + pkg: fnInfo, + fetchAt: fnPkg + ":" + fnTag, + tags: []string{fnTag}, + expectedDeps: []v1alpha1.Dependency{{ + Type: v1alpha1.DependencyTypeXpkg, + Xpkg: &v1alpha1.XpkgDependency{ + APIVersion: fnInfo.apiVersion, + Kind: fnInfo.kind, + Package: fnPkg, + Version: fnTag, + }, + }}, + }, + "AddByDigest": { + dep: xpkgDep(fnPkg, digestVal), + pkg: fnInfo, + fetchAt: fnPkg + "@" + digestVal, + tags: nil, + expectedDeps: []v1alpha1.Dependency{{ + Type: v1alpha1.DependencyTypeXpkg, + Xpkg: &v1alpha1.XpkgDependency{ + APIVersion: fnInfo.apiVersion, + Kind: fnInfo.kind, + Package: fnPkg, + Version: digestVal, + }, + }}, + }, + } + + for tname, tc := range tcs { + t.Run(tname, func(t *testing.T) { + fc := &fakeClient{ + packages: map[string]*runtimexpkg.Package{}, + tags: tc.tags, + } + if tc.fetchAt != "" { + fc.packages[tc.fetchAt] = makePackageWithBody(t, tc.dep.Xpkg.Package, digestVal, "", tc.pkg.body) + } + + projFS := afero.NewMemMapFs() + proj := &v1alpha1.Project{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "dev.crossplane.io/v1alpha1", + Kind: "Project", + }, + ObjectMeta: metav1.ObjectMeta{Name: "test-project"}, + Spec: v1alpha1.ProjectSpec{ + Repository: "xpkg.crossplane.io/test/test", + Dependencies: tc.inputDeps, + Paths: &v1alpha1.ProjectPaths{Schemas: "schemas"}, + }, + } + bs, err := yaml.Marshal(proj) + if err != nil { + t.Fatal(err) + } + if err := afero.WriteFile(projFS, "crossplane-project.yaml", bs, 0o644); err != nil { + t.Fatal(err) + } + + m := NewManager(proj, projFS, + WithProjectFile("crossplane-project.yaml"), + WithSchemaFS(afero.NewMemMapFs()), + WithSchemaGenerators([]generator.Interface{}), + WithXpkgClient(fc), + WithResolver(clixpkg.NewResolver(fc)), + ) + + err = m.AddDependency(context.Background(), tc.dep) + if tc.expectError { + if err == nil { + t.Fatal("expected error, got nil") + } + return + } + if err != nil { + t.Fatalf("AddDependency: %v", err) + } + + if diff := cmp.Diff(tc.expectedDeps, proj.Spec.Dependencies); diff != "" { + t.Errorf("project deps (-want +got):\n%s", diff) + } + + // Verify the project file on disk reflects the updated deps. + gotBytes, err := afero.ReadFile(projFS, "crossplane-project.yaml") + if err != nil { + t.Fatal(err) + } + var gotProj v1alpha1.Project + if err := yaml.Unmarshal(gotBytes, &gotProj); err != nil { + t.Fatal(err) + } + if diff := cmp.Diff(tc.expectedDeps, gotProj.Spec.Dependencies); diff != "" { + t.Errorf("on-disk project deps (-want +got):\n%s", diff) + } + }) + } +} + +func TestManager_AddPackage(t *testing.T) { + tests := map[string]struct { + ref string + tags []string + fetchAt string + wantKey string + }{ + "ConstraintCollapsesToResolvedVersion": { + ref: "pkg.example/foo:>=v0.0.0", + tags: []string{"v0.5.2"}, + fetchAt: "pkg.example/foo:v0.5.2", + wantKey: "xpkg://pkg.example/foo:v0.5.2", + }, + "ExactVersionMatchesResolved": { + ref: "pkg.example/foo:v0.5.2", + tags: []string{"v0.5.2"}, + fetchAt: "pkg.example/foo:v0.5.2", + wantKey: "xpkg://pkg.example/foo:v0.5.2", + }, + "DigestRefUsesDigestForm": { + ref: "pkg.example/foo@sha256:5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03", + fetchAt: "pkg.example/foo@sha256:5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03", + wantKey: "xpkg://pkg.example/foo@sha256:5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03", + }, + } + + for name, tc := range tests { + t.Run(name, func(t *testing.T) { + fc := &fakeClient{ + packages: map[string]*runtimexpkg.Package{ + tc.fetchAt: makePackage(t, "pkg.example/foo", "sha256:5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03", ""), + }, + tags: tc.tags, + } + m, schemaFS := newTestManager(t, fc) + + if _, err := m.AddPackage(context.Background(), tc.ref, false); err != nil { + t.Fatalf("AddPackage: %v", err) + } + + bs, err := afero.ReadFile(schemaFS, ".lock.json") + if err != nil { + t.Fatalf("read lock: %v", err) + } + var got struct { + Packages map[string]string `json:"packages"` + } + if err := json.Unmarshal(bs, &got); err != nil { + t.Fatalf("unmarshal lock: %v", err) + } + if _, ok := got.Packages[tc.wantKey]; !ok { + t.Errorf("lock has no entry for %q; keys = %v", tc.wantKey, slices.Collect(maps.Keys(got.Packages))) + } + if len(got.Packages) != 1 { + t.Errorf("lock packages = %d, want 1; got %v", len(got.Packages), got.Packages) + } + }) + } +} diff --git a/internal/docker/docker.go b/internal/docker/docker.go index a907964..2ff891f 100644 --- a/internal/docker/docker.go +++ b/internal/docker/docker.go @@ -19,6 +19,7 @@ limitations under the License. package docker import ( + "archive/tar" "bytes" "context" "encoding/base64" @@ -26,6 +27,7 @@ import ( "fmt" "io" "path/filepath" + "slices" "strings" "github.com/docker/cli/cli/config" @@ -36,6 +38,7 @@ import ( "github.com/docker/docker/client" "github.com/docker/docker/pkg/stdcopy" "github.com/google/go-containerregistry/pkg/name" + "github.com/spf13/afero" "github.com/crossplane/crossplane-runtime/v2/pkg/errors" ) @@ -149,9 +152,9 @@ func StartContainer(ctx context.Context, name, img string, opts ...StartContaine return "", errors.Wrap(err, "failed to create container") } - for path, tarball := range cfg.copyFiles { - if err := cli.CopyToContainer(ctx, resp.ID, filepath.Clean(path), bytes.NewReader(tarball), container.CopyToContainerOptions{}); err != nil { - return "", errors.Wrapf(err, "failed to copy files to container path %s", path) + for _, cpy := range cfg.copyFiles { + if err := cli.CopyToContainer(ctx, resp.ID, filepath.Clean(cpy.to), bytes.NewReader(cpy.tarball), container.CopyToContainerOptions{}); err != nil { + return "", errors.Wrapf(err, "failed to copy files to container path %s", cpy.to) } } @@ -214,7 +217,12 @@ type startContainerConfig struct { containerConfig *container.Config hostConfig *container.HostConfig networks []string - copyFiles map[string][]byte + copyFiles []copyFilesConfig +} + +type copyFilesConfig struct { + to string + tarball []byte } // StartContainerOption provides optional options for StartContainer. @@ -251,10 +259,10 @@ func StartWithNetworkID(nid string) StartContainerOption { // starting the container. func StartWithCopyFiles(tarball []byte, path string) StartContainerOption { return func(cfg *startContainerConfig) { - if cfg.copyFiles == nil { - cfg.copyFiles = make(map[string][]byte) - } - cfg.copyFiles[path] = tarball + cfg.copyFiles = append(cfg.copyFiles, copyFilesConfig{ + to: path, + tarball: tarball, + }) } } @@ -467,6 +475,85 @@ func RunContainer(ctx context.Context, img string, opts ...RunContainerOption) ( return stdout.Bytes(), stderr.Bytes(), nil } +// CopyFromContainer copies files from a container to an afero filesystem. +func CopyFromContainer(ctx context.Context, cid, path string, fs afero.Fs) error { + cli, err := NewClient() + if err != nil { + return err + } + + reader, _, err := cli.CopyFromContainer(ctx, cid, path) + if err != nil { + return errors.Wrap(err, "failed to copy files from container") + } + defer func() { _ = reader.Close() }() + + tarReader := tar.NewReader(reader) + + // Limit files to 1GiB to avoid excessive memory usage. + const maxFileSize = 1024 * 1024 * 1024 + + for { + header, err := tarReader.Next() + if errors.Is(err, io.EOF) { + break + } + if err != nil { + return errors.Wrap(err, "failed while reading tarball") + } + + if header.Size > maxFileSize { + return errors.Errorf("file %s is over 1GiB - refusing to copy", header.Name) + } + + cleanedPath := filepath.Clean(strings.TrimPrefix(header.Name, filepath.Base(path)+"/")) + if slices.Contains(filepath.SplitList(cleanedPath), "..") { + return errors.Errorf("file %s lives outside path %s - refusing to copy", cleanedPath, path) + } + + switch header.Typeflag { + case tar.TypeDir: + if err := fs.MkdirAll(cleanedPath, 0o755); err != nil { + return err + } + case tar.TypeReg: + outFile, err := fs.Create(cleanedPath) + if err != nil { + return err + } + + if _, err := io.Copy(outFile, tarReader); err != nil { //nolint:gosec // File size is checked above. + if cerr := outFile.Close(); cerr != nil { + err = errors.Wrap(cerr, "error while closing file") + } + return err + } + if cerr := outFile.Close(); cerr != nil { + return errors.Wrapf(cerr, "error closing file %s", header.Name) + } + } + } + + return nil +} + +// TarFromContainer retrieves files from a container in a tarball (Docker's +// native file transfer format). +func TarFromContainer(ctx context.Context, cid, path string) ([]byte, error) { + cli, err := NewClient() + if err != nil { + return nil, err + } + + reader, _, err := cli.CopyFromContainer(ctx, cid, path) + if err != nil { + return nil, errors.Wrap(err, "failed to copy files from container") + } + defer func() { _ = reader.Close() }() + + return io.ReadAll(reader) +} + // NewClient creates a new Docker client configured from environment variables. func NewClient() (*client.Client, error) { cli, err := client.NewClientWithOpts(client.WithAPIVersionNegotiation(), client.FromEnv) diff --git a/internal/filesystem/filesystem.go b/internal/filesystem/filesystem.go new file mode 100644 index 0000000..d173483 --- /dev/null +++ b/internal/filesystem/filesystem.go @@ -0,0 +1,474 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package filesystem contains utilities for working with filesystems. +package filesystem + +import ( + "archive/tar" + "bytes" + "io" + "io/fs" + "os" + "path" + "path/filepath" + "strings" + + "github.com/spf13/afero" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" +) + +// Walk is a replacement for afero.Walk that ensures paths are normalized for +// in-memory filesystem compatibility on Windows. This reimplementation uses +// path.Join instead of filepath.Join to always use forward slashes. +func Walk(fs afero.Fs, root string, walkFn filepath.WalkFunc) error { + root = filepath.ToSlash(root) + if root == "" { + root = "." + } + + info, err := fs.Stat(root) + if err != nil { + return walkFn(root, nil, err) + } + return walk(fs, root, info, walkFn) +} + +func walk(fs afero.Fs, p string, info os.FileInfo, walkFn filepath.WalkFunc) error { + err := walkFn(p, info, nil) + if err != nil { + if info.IsDir() && errors.Is(err, filepath.SkipDir) { + return nil + } + return err + } + + if !info.IsDir() { + return nil + } + + f, err := fs.Open(p) + if err != nil { + return walkFn(p, info, err) + } + defer f.Close() //nolint:errcheck // Can't do anything useful with this error. + + list, err := f.Readdir(-1) + if err != nil { + return walkFn(p, info, err) + } + + for _, fileInfo := range list { + filename := path.Join(p, fileInfo.Name()) + err = walk(fs, filename, fileInfo, walkFn) + if err != nil { + if !fileInfo.IsDir() || !errors.Is(err, filepath.SkipDir) { + return err + } + } + } + return nil +} + +// CopyFilesBetweenFs copies all files from the source filesystem (fromFS) to +// the destination filesystem (toFS). +func CopyFilesBetweenFs(fromFS, toFS afero.Fs) error { + return afero.Walk(fromFS, ".", func(path string, info fs.FileInfo, err error) error { + if err != nil { + return err + } + if info.IsDir() { + return nil + } + + dir := filepath.Dir(path) + if err := toFS.MkdirAll(dir, 0o755); err != nil { + return err + } + + fileData, err := afero.ReadFile(fromFS, path) + if err != nil { + return err + } + return afero.WriteFile(toFS, path, fileData, 0o644) + }) +} + +type fsToTarConfig struct { + symlinkBasePath *string + uidOverride *int + gidOverride *int + excludes []string +} + +// FSToTarOption configures the behavior of FSToTar. +type FSToTarOption func(*fsToTarConfig) + +// WithSymlinkBasePath provides the real base path of the filesystem, for use in +// symlink resolution. +func WithSymlinkBasePath(bp string) FSToTarOption { + return func(opts *fsToTarConfig) { + opts.symlinkBasePath = &bp + } +} + +// WithUIDOverride sets the owner UID to use in the tar archive. +func WithUIDOverride(uid int) FSToTarOption { + return func(opts *fsToTarConfig) { + opts.uidOverride = &uid + } +} + +// WithGIDOverride sets the owner GID to use in the tar archive. +func WithGIDOverride(gid int) FSToTarOption { + return func(opts *fsToTarConfig) { + opts.gidOverride = &gid + } +} + +// WithExcludePrefix excludes files with the given prefix from the tar archive. +func WithExcludePrefix(prefix string) FSToTarOption { + return func(opts *fsToTarConfig) { + opts.excludes = append(opts.excludes, prefix) + } +} + +// FSToTar produces a tarball of all the files in a filesystem. +func FSToTar(f afero.Fs, prefix string, opts ...FSToTarOption) ([]byte, error) { + cfg := &fsToTarConfig{} + for _, opt := range opts { + opt(cfg) + } + + var buf bytes.Buffer + tw := tar.NewWriter(&buf) + prefixHdr := &tar.Header{ + Name: prefix, + Typeflag: tar.TypeDir, + Mode: 0o777, + } + if cfg.uidOverride != nil { + prefixHdr.Uid = *cfg.uidOverride + } + if cfg.gidOverride != nil { + prefixHdr.Gid = *cfg.gidOverride + } + + if err := tw.WriteHeader(prefixHdr); err != nil { + return nil, errors.Wrap(err, "failed to create prefix directory in tar archive") + } + err := Walk(f, ".", func(name string, info fs.FileInfo, err error) error { + if err != nil { + return err + } + + for _, prefix := range cfg.excludes { + if strings.HasPrefix(name, prefix) { + return filepath.SkipDir + } + } + + if info.Mode()&os.ModeSymlink != 0 { + if cfg.symlinkBasePath == nil { + return errors.New("cannot follow symlinks unless base path is configured") + } + return addSymlinkToTar(tw, prefix, name, cfg) + } + + return addToTar(tw, prefix, f, name, info, cfg) + }) + if err != nil { + return nil, errors.Wrap(err, "failed to populate tar archive") + } + if err := tw.Close(); err != nil { + return nil, errors.Wrap(err, "failed to close tar archive") + } + + return buf.Bytes(), nil +} + +func addToTar(tw *tar.Writer, prefix string, f afero.Fs, filename string, info fs.FileInfo, cfg *fsToTarConfig) error { + fullPath := path.Join(prefix, filename) + + if info.IsDir() { + if fullPath == prefix { + return nil + } + + h, err := tar.FileInfoHeader(info, "") + if err != nil { + return err + } + h.Name = fullPath + if cfg.uidOverride != nil { + h.Uid = *cfg.uidOverride + } + if cfg.gidOverride != nil { + h.Gid = *cfg.gidOverride + } + return tw.WriteHeader(h) + } + + if !info.Mode().IsRegular() { + return errors.Errorf("unhandled file mode %v", info.Mode()) + } + + h, err := tar.FileInfoHeader(info, "") + if err != nil { + return err + } + h.Name = fullPath + if cfg.uidOverride != nil { + h.Uid = *cfg.uidOverride + } + if cfg.gidOverride != nil { + h.Gid = *cfg.gidOverride + } + if err := tw.WriteHeader(h); err != nil { + return err + } + + file, err := f.Open(filename) + if err != nil { + return err + } + defer func() { _ = file.Close() }() + + _, err = io.Copy(tw, file) + return err +} + +func addSymlinkToTar(tw *tar.Writer, prefix string, symlinkPath string, cfg *fsToTarConfig) error { + osFs := afero.NewOsFs() + + targetPath, err := filepath.EvalSymlinks(filepath.Join(*cfg.symlinkBasePath, symlinkPath)) + if err != nil { + return nil //nolint:nilerr // Symlink target may be missing, safe to skip. + } + + exists, err := afero.Exists(osFs, targetPath) + if err != nil || !exists { + return err + } + + return afero.Walk(osFs, targetPath, func(symlinkedFile string, symlinkedInfo fs.FileInfo, err error) error { + if err != nil { + return err + } + + if symlinkedInfo.IsDir() { + return nil + } + + targetHeader, err := tar.FileInfoHeader(symlinkedInfo, "") + if err != nil { + return err + } + + relativePath, err := filepath.Rel(targetPath, symlinkedFile) + if err != nil { + return err + } + targetHeader.Name = path.Join(prefix, filepath.ToSlash(symlinkPath), filepath.ToSlash(relativePath)) + if cfg.uidOverride != nil { + targetHeader.Uid = *cfg.uidOverride + } + if cfg.gidOverride != nil { + targetHeader.Gid = *cfg.gidOverride + } + + if err := tw.WriteHeader(targetHeader); err != nil { + return err + } + + targetFile, err := osFs.Open(symlinkedFile) + if err != nil { + return err + } + defer func() { _ = targetFile.Close() }() + + _, err = io.Copy(tw, targetFile) + return err + }) +} + +// CopyFolder recursively copies directory and all its contents from sourceDir +// to targetDir. +func CopyFolder(fs afero.Fs, sourceDir, targetDir string) error { + return afero.Walk(fs, sourceDir, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + + relPath, err := filepath.Rel(sourceDir, path) + if err != nil { + return errors.Wrapf(err, "failed to determine relative path for %s", path) + } + + destPath := filepath.Join(targetDir, relPath) + + if info.IsDir() { + return fs.MkdirAll(destPath, 0o755) + } + + srcFile, err := fs.Open(path) + if err != nil { + return errors.Wrapf(err, "failed to open source file %s", path) + } + defer func() { _ = srcFile.Close() }() + + destFile, err := fs.Create(destPath) + if err != nil { + return errors.Wrapf(err, "failed to create destination file %s", destPath) + } + defer func() { _ = destFile.Close() }() + + _, err = io.Copy(destFile, srcFile) + return errors.Wrapf(err, "failed to copy file from %s to %s", path, destPath) + }) +} + +// CopyFileIfExists copies a file from src to dst if the src file exists. +func CopyFileIfExists(fs afero.Fs, src, dst string) error { + exists, err := afero.Exists(fs, src) + if err != nil { + return err + } + if !exists { + return nil + } + + srcFile, err := fs.Open(src) + if err != nil { + return errors.Wrapf(err, "failed to open source file %s", src) + } + + destFile, err := fs.Create(dst) + if err != nil { + return errors.Wrapf(err, "failed to create destination file %s", dst) + } + + _, err = io.Copy(destFile, srcFile) + return errors.Wrapf(err, "failed to copy file from %s to %s", src, dst) +} + +// FindNestedFoldersWithPattern finds nested folders containing files that match +// a specified pattern. +func FindNestedFoldersWithPattern(fs afero.Fs, root string, pattern string) ([]string, error) { + var foldersWithFiles []string + + err := afero.Walk(fs, root, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + + if !info.IsDir() { + return nil + } + + files, err := afero.ReadDir(fs, path) + if err != nil { + return err + } + + for _, f := range files { + if f.IsDir() { + continue + } + + match, _ := filepath.Match(pattern, f.Name()) + if match { + foldersWithFiles = append(foldersWithFiles, path) + break + } + } + + return nil + }) + + return foldersWithFiles, err +} + +// FullPath returns the full path to path within the given filesystem. If fs is +// not an afero.BasePathFs the original path is returned. +func FullPath(fs afero.Fs, path string) string { + bfs, ok := fs.(*afero.BasePathFs) + if ok { + return afero.FullBaseFsPath(bfs, path) + } + return path +} + +// MemOverlay returns a filesystem that uses the given filesystem as a base +// layer but writes changes to an in-memory overlay filesystem. +func MemOverlay(fs afero.Fs) afero.Fs { + return afero.NewBasePathFs(afero.NewCopyOnWriteFs(fs, afero.NewMemMapFs()), "/") +} + +// CreateSymlink creates a symlink in a BasePathFs, potentially to another +// BasePathFs that shares the same underlying filesystem. +func CreateSymlink(targetFS *afero.BasePathFs, targetPath string, sourceFS *afero.BasePathFs, sourcePath string) error { + realTargetPath, err := targetFS.RealPath(targetPath) + if err != nil { + return errors.Wrapf(err, "failed to get real path for targetPath: %s", targetPath) + } + + realSourcePath, err := sourceFS.RealPath(sourcePath) + if err != nil { + return errors.Wrapf(err, "failed to get real path for sourcePath: %s", sourcePath) + } + + symlinkParentDir := filepath.Dir(realTargetPath) + + absSymlinkParentDir, err := filepath.Abs(symlinkParentDir) + if err != nil { + return errors.Wrapf(err, "failed to get absolute path for symlink parent directory: %s", symlinkParentDir) + } + + absRealSourcePath, err := filepath.Abs(realSourcePath) + if err != nil { + return errors.Wrapf(err, "failed to get absolute path for source path: %s", realSourcePath) + } + + relativeSymlinkPath, err := filepath.Rel(absSymlinkParentDir, absRealSourcePath) + if err != nil { + return errors.Wrapf(err, "failed to calculate relative symlink path from %s to %s", absSymlinkParentDir, absRealSourcePath) + } + + symlinkPath := filepath.Join(absSymlinkParentDir, filepath.Base(realTargetPath)) + + if _, err := os.Lstat(symlinkPath); err == nil { + if err := os.Remove(symlinkPath); err != nil { + return errors.Wrapf(err, "failed to remove existing symlink or file at %s", symlinkPath) + } + } + + if err := os.Symlink(relativeSymlinkPath, symlinkPath); err != nil { + baseMsg := "failed to create symlink from " + relativeSymlinkPath + " to " + symlinkPath + if strings.Contains(err.Error(), "A required privilege is not held by the client") { + return errors.Errorf( + "%s: %v\n\nOn Windows, creating symlinks requires either:\n"+ + " 1. Running as Administrator, or\n"+ + " 2. Enabling Developer Mode (Settings > Update & Security > For developers > Developer Mode)", + baseMsg, err, + ) + } + return errors.Wrap(err, baseMsg) + } + + return nil +} diff --git a/internal/filesystem/filesystem_test.go b/internal/filesystem/filesystem_test.go new file mode 100644 index 0000000..28f4a83 --- /dev/null +++ b/internal/filesystem/filesystem_test.go @@ -0,0 +1,724 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package filesystem + +import ( + "archive/tar" + "bytes" + "io" + "os" + "path/filepath" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/spf13/afero" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" +) + +type fileInfo struct { + mode int64 + uid int + gid int +} + +func TestFSToTar(t *testing.T) { + // Helper function to read the contents of a TAR file. + readTar := func(t *testing.T, tarData []byte) map[string]*tar.Header { + t.Helper() + tr := tar.NewReader(bytes.NewReader(tarData)) + files := map[string]*tar.Header{} + for { + hdr, err := tr.Next() + if err == io.EOF { + break + } + if err != nil { + t.Fatal(err) + } + files[hdr.Name] = hdr + } + return files + } + + tests := []struct { + name string + setupFs func(fs afero.Fs) + prefix string + opts []FSToTarOption + expectErr bool + expectedFiles map[string]fileInfo + }{ + { + name: "SimpleFileTarWithPrefix", + setupFs: func(fs afero.Fs) { + // Create a file in the in-memory file system. + _ = afero.WriteFile(fs, "file.txt", []byte("test content"), os.ModePerm) + }, + prefix: "my-prefix/", + expectedFiles: map[string]fileInfo{ + "my-prefix/": {mode: 0o777}, + "my-prefix/file.txt": {mode: 0o777}, + }, + }, + { + name: "NonRegularFileDirectory", + setupFs: func(fs afero.Fs) { + // Create a directory, which should be ignored by FSToTar. + _ = fs.Mkdir("dir", os.ModePerm) + }, + prefix: "my-prefix/", + expectedFiles: map[string]fileInfo{ + "my-prefix/": {mode: 0o777}, // Only prefix should exist, no dir should be included. + }, + }, + { + name: "FilesystemWithMultipleFiles", + setupFs: func(fs afero.Fs) { + // Create multiple files in the in-memory file system. + _ = afero.WriteFile(fs, "file1.txt", []byte("test content 1"), os.ModePerm) + _ = afero.WriteFile(fs, "file2.txt", []byte("test content 2"), os.ModePerm) + }, + prefix: "another-prefix/", + expectedFiles: map[string]fileInfo{ + "another-prefix/": {mode: 0o777}, + "another-prefix/file1.txt": {mode: 0o777}, + "another-prefix/file2.txt": {mode: 0o777}, + }, + }, + { + name: "UIDOverride", + setupFs: func(fs afero.Fs) { + // Create multiple files in the in-memory file system. + _ = afero.WriteFile(fs, "file1.txt", []byte("test content 1"), os.ModePerm) + _ = afero.WriteFile(fs, "file2.txt", []byte("test content 2"), os.ModePerm) + }, + prefix: "my-prefix/", + opts: []FSToTarOption{ + WithUIDOverride(2345), + }, + expectedFiles: map[string]fileInfo{ + "my-prefix/": {mode: 0o777, uid: 2345}, + "my-prefix/file1.txt": {mode: 0o777, uid: 2345}, + "my-prefix/file2.txt": {mode: 0o777, uid: 2345}, + }, + }, + { + name: "GIDOverride", + setupFs: func(fs afero.Fs) { + // Create multiple files in the in-memory file system. + _ = afero.WriteFile(fs, "file1.txt", []byte("test content 1"), os.ModePerm) + _ = afero.WriteFile(fs, "file2.txt", []byte("test content 2"), os.ModePerm) + }, + prefix: "my-prefix/", + opts: []FSToTarOption{ + WithGIDOverride(2345), + }, + expectedFiles: map[string]fileInfo{ + "my-prefix/": {mode: 0o777, gid: 2345}, + "my-prefix/file1.txt": {mode: 0o777, gid: 2345}, + "my-prefix/file2.txt": {mode: 0o777, gid: 2345}, + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + // Setup in-memory file system. + fs := afero.NewMemMapFs() + + // Apply the setup function for the file system. + tt.setupFs(fs) + + // Run the FSToTar function. + tarData, err := FSToTar(fs, tt.prefix, tt.opts...) + + // Validate errors if expected. + if tt.expectErr { + if err == nil { + t.Fatal("expected error, got nil") + } + return + } + + if err != nil { + t.Fatal(err) + } + + // Read the TAR contents. + files := readTar(t, tarData) + + // Validate that the correct files were included. + for expectedFile, expectedInfo := range tt.expectedFiles { + file, ok := files[expectedFile] + if !ok { + t.Fatalf("%s not found in tar", expectedFile) + } + + if diff := cmp.Diff(expectedInfo.mode, file.Mode); diff != "" { + t.Errorf("Incorrect file mode for %s (-want +got):\n%s", expectedFile, diff) + } + if diff := cmp.Diff(expectedInfo.uid, file.Uid); diff != "" { + t.Errorf("Incorrect UID for %s (-want +got):\n%s", expectedFile, diff) + } + if diff := cmp.Diff(expectedInfo.gid, file.Gid); diff != "" { + t.Errorf("Incorrect GID for %s (-want +got):\n%s", expectedFile, diff) + } + } + }) + } +} + +func TestCopyFilesBetweenFs(t *testing.T) { + tests := []struct { + name string + setupFromFs func(fromFS afero.Fs) + setupToFs func(toFS afero.Fs) + expectedFiles map[string]string // Map of file paths to their expected content in destination filesystem + expectErr bool + }{ + { + name: "CopySingleFile", + setupFromFs: func(fromFS afero.Fs) { + // Setup source filesystem with a single file. + _ = afero.WriteFile(fromFS, "file.txt", []byte("file content"), os.ModePerm) + }, + setupToFs: func(_ afero.Fs) { + // No setup needed for destination filesystem. + }, + expectedFiles: map[string]string{ + "file.txt": "file content", // File content should be the same + }, + }, + { + name: "SkipDirectories", + setupFromFs: func(fromFS afero.Fs) { + // Setup source filesystem with a file inside a directory. + _ = fromFS.Mkdir("dir", os.ModePerm) + _ = afero.WriteFile(fromFS, "dir/file.txt", []byte("nested file content"), os.ModePerm) + }, + setupToFs: func(_ afero.Fs) { + // No setup needed for destination filesystem. + }, + expectedFiles: map[string]string{ + "dir/file.txt": "nested file content", // Only the file inside the directory should be copied. + }, + }, + { + name: "MultipleFilesInRoot", + setupFromFs: func(fromFS afero.Fs) { + // Setup source filesystem with multiple files. + _ = afero.WriteFile(fromFS, "file1.txt", []byte("file 1 content"), os.ModePerm) + _ = afero.WriteFile(fromFS, "file2.txt", []byte("file 2 content"), os.ModePerm) + }, + setupToFs: func(_ afero.Fs) { + // No setup needed for destination filesystem. + }, + expectedFiles: map[string]string{ + "file1.txt": "file 1 content", + "file2.txt": "file 2 content", + }, + }, + { + name: "FileOverwriteInDestination", + setupFromFs: func(fromFS afero.Fs) { + // Setup source filesystem with a file. + _ = afero.WriteFile(fromFS, "file.txt", []byte("new file content"), os.ModePerm) + }, + setupToFs: func(toFS afero.Fs) { + // Setup destination filesystem with an existing file. + _ = afero.WriteFile(toFS, "file.txt", []byte("old file content"), os.ModePerm) + }, + expectedFiles: map[string]string{ + "file.txt": "new file content", // The content should be overwritten in the destination. + }, + }, + { + name: "CopyFileInNestedDirectory", + setupFromFs: func(fromFS afero.Fs) { + // Setup source filesystem with a file deep inside nested directories. + _ = fromFS.MkdirAll("dir1/dir2", os.ModePerm) + _ = afero.WriteFile(fromFS, "dir1/dir2/file.txt", []byte("deep nested file content"), os.ModePerm) + }, + setupToFs: func(_ afero.Fs) { + // No setup needed for destination filesystem. + }, + expectedFiles: map[string]string{ + "dir1/dir2/file.txt": "deep nested file content", // Ensure nested directories are created and file copied. + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + // Setup in-memory filesystems. + fromFS := afero.NewMemMapFs() + toFS := afero.NewMemMapFs() + + // Apply file system setup for the test case. + tt.setupFromFs(fromFS) + tt.setupToFs(toFS) + + // Run the CopyFilesBetweenFs function. + err := CopyFilesBetweenFs(fromFS, toFS) + + // Validate errors if expected. + if tt.expectErr { + if err == nil { + t.Fatal("expected error, got nil") + } + return + } + if err != nil { + t.Fatal(err) + } + + // Validate that the expected files exist in the destination filesystem. + for filePath, expectedContent := range tt.expectedFiles { + data, err := afero.ReadFile(toFS, filePath) + if err != nil { + t.Fatalf("Expected file %s not found in destination filesystem: %v", filePath, err) + } + if diff := cmp.Diff(expectedContent, string(data)); diff != "" { + t.Errorf("Content mismatch for file %s (-want +got):\n%s", filePath, diff) + } + } + }) + } +} + +func TestCopyFolder(t *testing.T) { + tests := []struct { + name string + setupFs func(fs afero.Fs) + sourceDir string + targetDir string + expectedErr bool + verifyFs func(t *testing.T, fs afero.Fs) + }{ + { + name: "CopyEmptyDirectory", + sourceDir: "/source", + targetDir: "/target", + setupFs: func(fs afero.Fs) { + _ = fs.MkdirAll("/source", os.ModePerm) + }, + expectedErr: false, + verifyFs: func(t *testing.T, fs afero.Fs) { + t.Helper() + exists, err := afero.DirExists(fs, "/target") + if err != nil { + t.Errorf("unexpected error: %v", err) + } + if !exists { + t.Errorf("expected target directory to exist, but it does not") + } + }, + }, + { + name: "CopySingleFile", + sourceDir: "/source", + targetDir: "/target", + setupFs: func(fs afero.Fs) { + _ = fs.MkdirAll("/source", os.ModePerm) + _ = afero.WriteFile(fs, "/source/file1.txt", []byte("content"), 0o644) + }, + expectedErr: false, + verifyFs: func(t *testing.T, fs afero.Fs) { + t.Helper() + exists, err := afero.Exists(fs, "/target/file1.txt") + if err != nil { + t.Errorf("unexpected error: %v", err) + } + if !exists { + t.Errorf("expected file to be copied to target, but it does not exist") + } + + content, err := afero.ReadFile(fs, "/target/file1.txt") + if err != nil { + t.Errorf("unexpected error reading file: %v", err) + } + if string(content) != "content" { + t.Errorf("expected file content 'content', got '%s'", string(content)) + } + }, + }, + { + name: "CopyNestedDirectories", + sourceDir: "/source", + targetDir: "/target", + setupFs: func(fs afero.Fs) { + _ = fs.MkdirAll("/source/dir1/dir2", os.ModePerm) + _ = afero.WriteFile(fs, "/source/dir1/file1.txt", []byte("file1 content"), 0o644) + _ = afero.WriteFile(fs, "/source/dir1/dir2/file2.txt", []byte("file2 content"), 0o644) + }, + expectedErr: false, + verifyFs: func(t *testing.T, fs afero.Fs) { + t.Helper() + exists, err := afero.Exists(fs, "/target/dir1/file1.txt") + if err != nil { + t.Errorf("unexpected error: %v", err) + } + if !exists { + t.Errorf("expected file1 to be copied to target, but it does not exist") + } + + exists, err = afero.Exists(fs, "/target/dir1/dir2/file2.txt") + if err != nil { + t.Errorf("unexpected error: %v", err) + } + if !exists { + t.Errorf("expected file2 to be copied to target, but it does not exist") + } + + content1, err := afero.ReadFile(fs, "/target/dir1/file1.txt") + if err != nil { + t.Errorf("unexpected error reading file1: %v", err) + } + if string(content1) != "file1 content" { + t.Errorf("expected file1 content 'file1 content', got '%s'", string(content1)) + } + + content2, err := afero.ReadFile(fs, "/target/dir1/dir2/file2.txt") + if err != nil { + t.Errorf("unexpected error reading file2: %v", err) + } + if string(content2) != "file2 content" { + t.Errorf("expected file2 content 'file2 content', got '%s'", string(content2)) + } + }, + }, + { + name: "SourceDirDoesNotExist", + sourceDir: "/nonexistent", + targetDir: "/target", + setupFs: func(_ afero.Fs) {}, + expectedErr: true, + verifyFs: func(t *testing.T, fs afero.Fs) { + t.Helper() + exists, err := afero.DirExists(fs, "/target") + if err != nil { + t.Errorf("unexpected error: %v", err) + } + if exists { + t.Errorf("expected target directory not to exist when source does not exist, but it does") + } + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + fs := afero.NewMemMapFs() + tt.setupFs(fs) + + err := CopyFolder(fs, tt.sourceDir, tt.targetDir) + if tt.expectedErr && err == nil { + t.Errorf("expected an error, but got none") + } else if !tt.expectedErr && err != nil { + t.Errorf("unexpected error: %v", err) + } + + tt.verifyFs(t, fs) + }) + } +} + +func TestCopyFileIfExists(t *testing.T) { + tests := []struct { + name string + setupFs func(fs afero.Fs) + src string + dst string + expectedErr bool + verifyFs func(t *testing.T, fs afero.Fs) + }{ + { + name: "SourceFileExists", + src: "/source/file.txt", + dst: "/destination/file.txt", + setupFs: func(fs afero.Fs) { + _ = fs.MkdirAll("/source", os.ModePerm) + _ = afero.WriteFile(fs, "/source/file.txt", []byte("file content"), 0o644) + }, + expectedErr: false, + verifyFs: func(t *testing.T, fs afero.Fs) { + t.Helper() + exists, err := afero.Exists(fs, "/destination/file.txt") + if err != nil { + t.Errorf("unexpected error: %v", err) + } + if !exists { + t.Errorf("expected destination file to exist, but it does not") + } + + content, err := afero.ReadFile(fs, "/destination/file.txt") + if err != nil { + t.Errorf("unexpected error reading file: %v", err) + } + if string(content) != "file content" { + t.Errorf("expected file content 'file content', got '%s'", string(content)) + } + }, + }, + { + name: "SourceFileDoesNotExist", + src: "/source/nonexistent.txt", + dst: "/destination/file.txt", + setupFs: func(fs afero.Fs) { + _ = fs.MkdirAll("/source", os.ModePerm) + }, + expectedErr: false, + verifyFs: func(t *testing.T, fs afero.Fs) { + t.Helper() + exists, err := afero.Exists(fs, "/destination/file.txt") + if err != nil { + t.Errorf("unexpected error: %v", err) + } + if exists { + t.Errorf("expected destination file not to exist when source does not exist") + } + }, + }, + { + name: "OverwriteDestinationFile", + src: "/source/file.txt", + dst: "/destination/file.txt", + setupFs: func(fs afero.Fs) { + _ = fs.MkdirAll("/source", os.ModePerm) + _ = fs.MkdirAll("/destination", os.ModePerm) + _ = afero.WriteFile(fs, "/source/file.txt", []byte("new content"), 0o644) + _ = afero.WriteFile(fs, "/destination/file.txt", []byte("old content"), 0o644) + }, + expectedErr: false, + verifyFs: func(t *testing.T, fs afero.Fs) { + t.Helper() + content, err := afero.ReadFile(fs, "/destination/file.txt") + if err != nil { + t.Errorf("unexpected error reading file: %v", err) + } + if string(content) != "new content" { + t.Errorf("expected file content 'new content', got '%s'", string(content)) + } + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + fs := afero.NewMemMapFs() + tt.setupFs(fs) + + err := CopyFileIfExists(fs, tt.src, tt.dst) + if tt.expectedErr && err == nil { + t.Errorf("expected an error, but got none") + } else if !tt.expectedErr && err != nil { + t.Errorf("unexpected error: %v", err) + } + + tt.verifyFs(t, fs) + }) + } +} + +func TestWalk(t *testing.T) { + tests := []struct { + name string + setupFs func(fs afero.Fs) + root string + expectedPath []string + skipDir string + expectErr bool + }{ + { + name: "WalkSingleFile", + setupFs: func(fs afero.Fs) { + _ = afero.WriteFile(fs, "file.txt", []byte("content"), os.ModePerm) + }, + root: ".", + expectedPath: []string{".", "file.txt"}, + }, + { + name: "WalkNestedDirectories", + setupFs: func(fs afero.Fs) { + _ = fs.MkdirAll("dir1/dir2", os.ModePerm) + _ = afero.WriteFile(fs, "dir1/file1.txt", []byte("content1"), os.ModePerm) + _ = afero.WriteFile(fs, "dir1/dir2/file2.txt", []byte("content2"), os.ModePerm) + }, + root: ".", + expectedPath: []string{ + ".", + "dir1", + "dir1/dir2", + "dir1/dir2/file2.txt", + "dir1/file1.txt", + }, + }, + { + name: "WalkSkipDir", + setupFs: func(fs afero.Fs) { + _ = fs.MkdirAll("dir1/dir2", os.ModePerm) + _ = afero.WriteFile(fs, "dir1/file1.txt", []byte("content1"), os.ModePerm) + _ = afero.WriteFile(fs, "dir1/dir2/file2.txt", []byte("content2"), os.ModePerm) + _ = afero.WriteFile(fs, "file.txt", []byte("content"), os.ModePerm) + }, + root: ".", + skipDir: "dir1", + expectedPath: []string{ + ".", + "file.txt", + }, + }, + { + name: "WalkEmptyDirectory", + setupFs: func(fs afero.Fs) { + _ = fs.MkdirAll("empty", os.ModePerm) + }, + root: ".", + expectedPath: []string{".", "empty"}, + }, + { + name: "WalkNonExistentRoot", + setupFs: func(_ afero.Fs) { + }, + root: "nonexistent", + expectErr: true, + }, + { + name: "WalkForwardSlashPaths", + setupFs: func(fs afero.Fs) { + _ = fs.MkdirAll("dir/subdir", os.ModePerm) + _ = afero.WriteFile(fs, "dir/file.txt", []byte("content"), os.ModePerm) + }, + root: ".", + expectedPath: []string{ + ".", + "dir", + "dir/file.txt", + "dir/subdir", + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + fs := afero.NewMemMapFs() + tt.setupFs(fs) + + var visited []string + err := Walk(fs, tt.root, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + if tt.skipDir != "" && info.IsDir() && path == tt.skipDir { + return filepath.SkipDir + } + visited = append(visited, path) + return nil + }) + + if tt.expectErr { + if err == nil { + t.Fatal("expected error, got nil") + } + return + } + + if err != nil { + t.Fatal(err) + } + if diff := cmp.Diff(tt.expectedPath, visited); diff != "" { + t.Errorf("(-want +got):\n%s", diff) + } + }) + } +} + +func TestWalkSkipDirHandling(t *testing.T) { + tests := []struct { + name string + setupFs func(fs afero.Fs) + walkFn filepath.WalkFunc + expectedPath []string + }{ + { + name: "SkipDirOnDirectory", + setupFs: func(fs afero.Fs) { + _ = fs.MkdirAll("skip/subdir", os.ModePerm) + _ = afero.WriteFile(fs, "skip/file.txt", []byte("content"), os.ModePerm) + _ = afero.WriteFile(fs, "keep.txt", []byte("content"), os.ModePerm) + }, + walkFn: func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + if path == "skip" && info.IsDir() { + return filepath.SkipDir + } + return nil + }, + expectedPath: []string{".", "keep.txt"}, + }, + { + name: "SkipDirInNestedWalk", + setupFs: func(fs afero.Fs) { + _ = fs.MkdirAll("dir1/skip/nested", os.ModePerm) + _ = fs.MkdirAll("dir1/keep", os.ModePerm) + _ = afero.WriteFile(fs, "dir1/skip/file.txt", []byte("content"), os.ModePerm) + _ = afero.WriteFile(fs, "dir1/keep/file.txt", []byte("content"), os.ModePerm) + }, + walkFn: func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + if path == "dir1/skip" && info.IsDir() { + return filepath.SkipDir + } + return nil + }, + expectedPath: []string{ + ".", + "dir1", + "dir1/keep", + "dir1/keep/file.txt", + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + fs := afero.NewMemMapFs() + tt.setupFs(fs) + + var visited []string + err := Walk(fs, ".", func(path string, info os.FileInfo, err error) error { + walkErr := tt.walkFn(path, info, err) + if errors.Is(walkErr, filepath.SkipDir) { + return filepath.SkipDir + } + visited = append(visited, path) + return walkErr + }) + if err != nil { + t.Fatal(err) + } + if diff := cmp.Diff(tt.expectedPath, visited); diff != "" { + t.Errorf("(-want +got):\n%s", diff) + } + }) + } +} diff --git a/internal/git/git.go b/internal/git/git.go new file mode 100644 index 0000000..eb89800 --- /dev/null +++ b/internal/git/git.go @@ -0,0 +1,252 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package git contains functions to interact with repos. +package git + +import ( + "strings" + + "github.com/go-git/go-billy/v5" + "github.com/go-git/go-git/v5" + "github.com/go-git/go-git/v5/config" + "github.com/go-git/go-git/v5/plumbing" + "github.com/go-git/go-git/v5/plumbing/transport" + "github.com/go-git/go-git/v5/plumbing/transport/http" + "github.com/go-git/go-git/v5/plumbing/transport/ssh" + "github.com/go-git/go-git/v5/storage" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" +) + +// CloneOptions configure for git actions. +type CloneOptions struct { + Repo string + RefName string + Directory string + Path string // Optional path for sparse checkout +} + +// AuthProvider wraps a specific auth method. +type AuthProvider interface { + GetAuthMethod() (transport.AuthMethod, error) +} + +// HTTPSAuthProvider provides authentication for HTTPS repositories. +type HTTPSAuthProvider struct { + Username string + Password string +} + +// GetAuthMethod returns the HTTP BasicAuth transport method. +func (a *HTTPSAuthProvider) GetAuthMethod() (transport.AuthMethod, error) { + if a.Username != "" || a.Password != "" { + return &http.BasicAuth{Username: a.Username, Password: a.Password}, nil + } + // Return nil authenticator to allow anonymous cloning. + return nil, nil +} + +// SSHAuthProvider provides authentication for SSH repositories. +type SSHAuthProvider struct { + Username string + PrivateKeyPath string + Passphrase string +} + +// GetAuthMethod returns the SSH PublicKey transport method. +func (a *SSHAuthProvider) GetAuthMethod() (transport.AuthMethod, error) { + username := a.Username + if username == "" { + username = "git" + } + + authMethod, err := ssh.NewPublicKeysFromFile(username, a.PrivateKeyPath, a.Passphrase) + if err != nil { + return nil, errors.Wrapf(err, "failed to create SSH public key auth method for user %q", username) + } + + return authMethod, nil +} + +// SSHAgentAuthProvider provides authentication using the SSH agent. +type SSHAgentAuthProvider struct { + Username string +} + +// GetAuthMethod returns the SSH agent auth method. +func (a *SSHAgentAuthProvider) GetAuthMethod() (transport.AuthMethod, error) { + username := a.Username + if username == "" { + username = "git" + } + return ssh.NewSSHAgentAuth(username) +} + +// CompositeAuthProvider tries multiple auth providers in order until one succeeds. +type CompositeAuthProvider struct { + Providers []AuthProvider +} + +// GetAuthMethod returns the first successful auth method. +func (c *CompositeAuthProvider) GetAuthMethod() (transport.AuthMethod, error) { + var lastErr error + for _, p := range c.Providers { + method, err := p.GetAuthMethod() + if err == nil { + return method, nil + } + lastErr = err + } + if lastErr != nil { + return nil, lastErr + } + return nil, errors.New("no auth providers configured") +} + +// Cloner can clone git repositories with (optional) authentication. +type Cloner interface { + CloneRepository(store storage.Storer, fs billy.Filesystem, auth AuthProvider, opts CloneOptions) (*plumbing.Reference, error) +} + +// DefaultCloner is the default implementation of Cloner. +type DefaultCloner struct{} + +// CheckSHA1Hash checks if a string is a valid git SHA hash (40 hex characters). +func CheckSHA1Hash(ref string) bool { + if len(ref) != 40 { + return false + } + + for _, c := range ref { + if (c < '0' || c > '9') && (c < 'a' || c > 'f') && (c < 'A' || c > 'F') { + return false + } + } + + return true +} + +func extractBranchName(ref string) string { + if strings.HasPrefix(ref, "refs/heads/") { + return ref[11:] + } + if ref != "" && !strings.HasPrefix(ref, "refs/") { + return ref + } + return "main" +} + +func handleSHACheckout(repoObj *git.Repository, authMethod transport.AuthMethod, sha string, sparsePath string) error { + err := repoObj.Fetch(&git.FetchOptions{ + Auth: authMethod, + RefSpecs: []config.RefSpec{ + config.RefSpec("+refs/heads/*:refs/remotes/origin/*"), + }, + }) + if err != nil && !errors.Is(err, git.NoErrAlreadyUpToDate) { + return errors.Wrap(err, "failed to fetch refs") + } + + worktree, err := repoObj.Worktree() + if err != nil { + return errors.Wrap(err, "failed to get worktree") + } + + checkoutOpts := &git.CheckoutOptions{ + Hash: plumbing.NewHash(sha), + } + if sparsePath != "" { + checkoutOpts.SparseCheckoutDirectories = []string{sparsePath} + } + + if err := worktree.Checkout(checkoutOpts); err != nil { + if sparsePath != "" { + return errors.Wrapf(err, "failed to sparse checkout commit %s with path %q", sha, sparsePath) + } + return errors.Wrapf(err, "failed to checkout commit %s", sha) + } + + return nil +} + +// CloneRepository clones a git repository using the provided CloneOptions and AuthProvider. +func (dc *DefaultCloner) CloneRepository(store storage.Storer, fs billy.Filesystem, auth AuthProvider, opts CloneOptions) (*plumbing.Reference, error) { + authMethod, err := auth.GetAuthMethod() + if err != nil { + return nil, errors.Wrap(err, "failed to get authentication method") + } + + isTag := strings.HasPrefix(opts.RefName, "refs/tags/") + + refToCheck := strings.TrimPrefix(opts.RefName, "refs/heads/") + isSHA := CheckSHA1Hash(refToCheck) + + cloneOptions := &git.CloneOptions{ + URL: opts.Repo, + Depth: 1, + Auth: authMethod, + NoCheckout: opts.Path != "", + Tags: git.NoTags, + } + + if !isSHA { + cloneOptions.ReferenceName = plumbing.ReferenceName(opts.RefName) + cloneOptions.SingleBranch = !isTag + } + + repoObj, err := git.Clone(store, fs, cloneOptions) + if err != nil { + return nil, errors.Wrapf(err, "failed to clone repository from %q", opts.Repo) + } + + if isSHA { + if err := handleSHACheckout(repoObj, authMethod, refToCheck, opts.Path); err != nil { + return nil, err + } + } + + if opts.Path != "" && !isSHA { + worktree, err := repoObj.Worktree() + if err != nil { + return nil, errors.Wrap(err, "failed to get worktree") + } + + var checkoutRef plumbing.ReferenceName + switch { + case isTag: + checkoutRef = plumbing.ReferenceName(opts.RefName) + default: + branchName := extractBranchName(opts.RefName) + checkoutRef = plumbing.ReferenceName("refs/remotes/origin/" + branchName) + } + + checkoutOptions := &git.CheckoutOptions{ + Branch: checkoutRef, + SparseCheckoutDirectories: []string{opts.Path}, + } + + if err := worktree.Checkout(checkoutOptions); err != nil { + return nil, errors.Wrapf(err, "failed to sparse checkout path %q", opts.Path) + } + } + + ref, err := repoObj.Head() + if err != nil { + return nil, errors.Wrapf(err, "failed to get repository's HEAD from %q", opts.Repo) + } + return ref, nil +} diff --git a/internal/git/git_test.go b/internal/git/git_test.go new file mode 100644 index 0000000..ad7bdaa --- /dev/null +++ b/internal/git/git_test.go @@ -0,0 +1,568 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package git + +import ( + "os" + "path/filepath" + "strings" + "testing" + + "github.com/go-git/go-billy/v5" + "github.com/go-git/go-billy/v5/memfs" + "github.com/go-git/go-git/v5/plumbing" + "github.com/go-git/go-git/v5/plumbing/transport" + "github.com/go-git/go-git/v5/plumbing/transport/http" + "github.com/go-git/go-git/v5/storage" + "github.com/go-git/go-git/v5/storage/memory" + "github.com/google/go-cmp/cmp" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" +) + +func TestCloneRepository(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + options CloneOptions + mockAuth *MockAuthProvider + mockCloner *MockCloner + wantError bool + expectError string + expectRef string + }{ + "ValidHTTPS": { + options: CloneOptions{ + Repo: "https://github.com/example/repo.git", + RefName: "refs/heads/main", + Directory: "testdir", + }, + mockAuth: &MockAuthProvider{ + GetAuthMethodFunc: func() (transport.AuthMethod, error) { + return &http.BasicAuth{Username: "user", Password: "pass"}, nil + }, + }, + mockCloner: &MockCloner{ + CloneRepositoryFunc: func(storer storage.Storer, _ billy.Filesystem, _ AuthProvider, _ CloneOptions) (*plumbing.Reference, error) { + mainRef := plumbing.NewHashReference(plumbing.ReferenceName("refs/heads/main"), plumbing.NewHash("mocksha")) + if err := storer.SetReference(mainRef); err != nil { + return nil, errors.Wrap(err, "failed to set reference in storer") + } + headRef := plumbing.NewSymbolicReference(plumbing.HEAD, plumbing.ReferenceName("refs/heads/main")) + if err := storer.SetReference(headRef); err != nil { + return nil, errors.Wrap(err, "failed to set HEAD reference in storer") + } + return headRef, nil + }, + }, + wantError: false, + expectRef: "refs/heads/main", + }, + "CloneFailure": { + options: CloneOptions{ + Repo: "https://github.com/example/repo.git", + RefName: "main", + Directory: "testdir", + }, + mockAuth: &MockAuthProvider{ + GetAuthMethodFunc: func() (transport.AuthMethod, error) { + return &http.BasicAuth{Username: "user", Password: "pass"}, nil + }, + }, + mockCloner: &MockCloner{ + CloneRepositoryFunc: func(storage.Storer, billy.Filesystem, AuthProvider, CloneOptions) (*plumbing.Reference, error) { + return nil, errors.New("failed to clone repository") + }, + }, + wantError: true, + expectError: "failed to clone repository", + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + ref, err := tc.mockCloner.CloneRepository(memory.NewStorage(), nil, tc.mockAuth, tc.options) + + if tc.wantError { + if err == nil { + t.Fatal("expected error, got nil") + } + if !strings.Contains(err.Error(), tc.expectError) { + t.Errorf("error %q does not contain %q", err.Error(), tc.expectError) + } + return + } + if err != nil { + t.Fatal(err) + } + + resolvedRef := ref.Target() + if diff := cmp.Diff(tc.expectRef, resolvedRef.String()); diff != "" { + t.Errorf("ref (-want +got):\n%s", diff) + } + }) + } +} + +func TestHTTPSAuthProvider(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + username string + password string + wantAuth bool + }{ + "WithUsernameAndPassword": {username: "testuser", password: "testpass", wantAuth: true}, + "WithUsernameOnly": {username: "testuser", password: "", wantAuth: true}, + "WithPasswordOnly": {username: "", password: "testpass", wantAuth: true}, + "WithoutCredentials": {username: "", password: "", wantAuth: false}, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + provider := &HTTPSAuthProvider{ + Username: tc.username, + Password: tc.password, + } + + auth, err := provider.GetAuthMethod() + if err != nil { + t.Fatal(err) + } + + if tc.wantAuth { + if auth == nil { + t.Fatal("auth is nil, expected non-nil") + } + httpAuth, ok := auth.(*http.BasicAuth) + if !ok { + t.Fatalf("auth is %T, want *http.BasicAuth", auth) + } + if diff := cmp.Diff(tc.username, httpAuth.Username); diff != "" { + t.Errorf("username (-want +got):\n%s", diff) + } + if diff := cmp.Diff(tc.password, httpAuth.Password); diff != "" { + t.Errorf("password (-want +got):\n%s", diff) + } + } else if auth != nil { + t.Errorf("auth = %v, want nil", auth) + } + }) + } +} + +func TestSSHAuthProvider(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + setupKeyFile func(t *testing.T) string + username string + passphrase string + wantError bool + }{ + "WithUsernameAndValidKey": { + setupKeyFile: func(t *testing.T) string { + t.Helper() + tmpDir := t.TempDir() + keyPath := filepath.Join(tmpDir, "test_key") + keyContent := `-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAQEAtest_key_content_here +-----END OPENSSH PRIVATE KEY-----` + if err := os.WriteFile(keyPath, []byte(keyContent), 0o600); err != nil { + t.Fatal(err) + } + return keyPath + }, + username: "testuser", + passphrase: "", + wantError: true, + }, + "WithoutUsernameDefaultsToGit": { + setupKeyFile: func(t *testing.T) string { + t.Helper() + tmpDir := t.TempDir() + keyPath := filepath.Join(tmpDir, "test_key") + keyContent := `-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAQEAtest_key_content_here +-----END OPENSSH PRIVATE KEY-----` + if err := os.WriteFile(keyPath, []byte(keyContent), 0o600); err != nil { + t.Fatal(err) + } + return keyPath + }, + username: "", + passphrase: "", + wantError: true, + }, + "WithInvalidKeyPath": { + setupKeyFile: func(_ *testing.T) string { + return "/non/existent/path" + }, + username: "testuser", + passphrase: "", + wantError: true, + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + keyPath := tc.setupKeyFile(t) + provider := &SSHAuthProvider{ + Username: tc.username, + PrivateKeyPath: keyPath, + Passphrase: tc.passphrase, + } + + auth, err := provider.GetAuthMethod() + + if tc.wantError { + if err == nil { + t.Errorf("expected error, got nil") + } + if auth != nil { + t.Errorf("auth = %v, want nil", auth) + } + } else { + if err != nil { + t.Fatal(err) + } + if auth == nil { + t.Errorf("auth is nil, want non-nil") + } + } + }) + } +} + +func TestCheckSHA1Hash(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + input string + expected bool + }{ + "ValidSHA": {"a1b2c3d4e5f6789012345678901234567890abcd", true}, + "ValidSHAUppercase": {"A1B2C3D4E5F6789012345678901234567890ABCD", true}, + "ValidSHAMixed": {"a1B2c3D4e5F6789012345678901234567890AbCd", true}, + "TooShort": {"a1b2c3d4e5f6789012345678901234567890abc", false}, + "TooLong": {"a1b2c3d4e5f6789012345678901234567890abcde", false}, + "EmptyString": {"", false}, + "ContainsInvalidCharacters": {"a1b2c3d4e5f6789012345678901234567890abcg", false}, + "ContainsSpecialCharacters": {"a1b2c3d4e5f6789012345678901234567890ab-d", false}, + "AllZeros": {"0000000000000000000000000000000000000000", true}, + "AllNines": {"9999999999999999999999999999999999999999", true}, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + got := CheckSHA1Hash(tc.input) + if diff := cmp.Diff(tc.expected, got); diff != "" { + t.Errorf("(-want +got):\n%s", diff) + } + }) + } +} + +func TestExtractBranchName(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + input string + expected string + }{ + "FullRef": {"refs/heads/main", "main"}, + "FullRefFeatureBranch": {"refs/heads/feature/test", "feature/test"}, + "BranchNameOnly": {"develop", "develop"}, + "EmptyString": {"", "main"}, + "TagRef": {"refs/tags/v1.0.0", "main"}, + "RemoteRef": {"refs/remotes/origin/main", "main"}, + "JustRefs": {"refs/", "main"}, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + got := extractBranchName(tc.input) + if diff := cmp.Diff(tc.expected, got); diff != "" { + t.Errorf("(-want +got):\n%s", diff) + } + }) + } +} + +func TestDefaultCloner_CloneRepository(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + setupAuthProvider func() AuthProvider + options CloneOptions + wantError bool + expectError string + }{ + "AuthProviderError": { + setupAuthProvider: func() AuthProvider { + return &MockAuthProvider{ + GetAuthMethodFunc: func() (transport.AuthMethod, error) { + return nil, errors.New("auth provider error") + }, + } + }, + options: CloneOptions{ + Repo: "https://github.com/test/repo.git", + RefName: "main", + }, + wantError: true, + expectError: "failed to get authentication method", + }, + "InvalidRepo": { + setupAuthProvider: func() AuthProvider { + return &MockAuthProvider{ + GetAuthMethodFunc: func() (transport.AuthMethod, error) { + return nil, nil + }, + } + }, + options: CloneOptions{ + Repo: "https://github.com/nonexistent/repo.git", + RefName: "refs/heads/main", + }, + wantError: true, + expectError: "failed to clone repository", + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + cloner := &DefaultCloner{} + authProvider := tc.setupAuthProvider() + + _, err := cloner.CloneRepository(memory.NewStorage(), memfs.New(), authProvider, tc.options) + + if tc.wantError { + if err == nil { + t.Fatal("expected error, got nil") + } + if !strings.Contains(err.Error(), tc.expectError) { + t.Errorf("error %q does not contain %q", err.Error(), tc.expectError) + } + } else if err != nil { + t.Fatal(err) + } + }) + } +} + +func TestHandleSHACheckout(t *testing.T) { + t.Parallel() + + if testing.Short() { + t.Skip("Skipping integration-like test in short mode") + } + + tcs := map[string]struct { + setupAuthProvider func() AuthProvider + options CloneOptions + expectError string + }{ + "InvalidSHA": { + setupAuthProvider: func() AuthProvider { + return &MockAuthProvider{ + GetAuthMethodFunc: func() (transport.AuthMethod, error) { return nil, nil }, + } + }, + options: CloneOptions{ + Repo: "https://github.com/nonexistent/repo.git", + RefName: "1234567890abcdef1234567890abcdef12345678", + }, + expectError: "failed to clone repository", + }, + "SHAWithSparseCheckout": { + setupAuthProvider: func() AuthProvider { + return &MockAuthProvider{ + GetAuthMethodFunc: func() (transport.AuthMethod, error) { return nil, nil }, + } + }, + options: CloneOptions{ + Repo: "https://github.com/nonexistent/repo.git", + RefName: "1234567890abcdef1234567890abcdef12345678", + Path: "some/path", + }, + expectError: "failed to clone repository", + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + cloner := &DefaultCloner{} + authProvider := tc.setupAuthProvider() + + _, err := cloner.CloneRepository(memory.NewStorage(), memfs.New(), authProvider, tc.options) + if err == nil { + t.Fatal("expected error, got nil") + } + if !strings.Contains(err.Error(), tc.expectError) { + t.Errorf("error %q does not contain %q", err.Error(), tc.expectError) + } + }) + } +} + +func TestSSHAgentAuthProvider(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + username string + }{ + "WithUsername": {username: "customuser"}, + "WithoutUsernameDefaultsToGit": {username: ""}, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + provider := &SSHAgentAuthProvider{ + Username: tc.username, + } + + auth, err := provider.GetAuthMethod() + + if err == nil { + if auth == nil { + t.Error("auth method nil when no error") + } + } else { + t.Logf("SSH agent not available (expected in CI): %v", err) + } + }) + } +} + +func TestCompositeAuthProvider(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + providers []AuthProvider + wantError bool + expectError string + }{ + "FirstProviderSucceeds": { + providers: []AuthProvider{ + &MockAuthProvider{GetAuthMethodFunc: func() (transport.AuthMethod, error) { + return &http.BasicAuth{Username: "user1", Password: "pass1"}, nil + }}, + &MockAuthProvider{GetAuthMethodFunc: func() (transport.AuthMethod, error) { + return &http.BasicAuth{Username: "user2", Password: "pass2"}, nil + }}, + }, + wantError: false, + }, + "FirstFailsSecondSucceeds": { + providers: []AuthProvider{ + &MockAuthProvider{GetAuthMethodFunc: func() (transport.AuthMethod, error) { + return nil, errors.New("first provider failed") + }}, + &MockAuthProvider{GetAuthMethodFunc: func() (transport.AuthMethod, error) { + return &http.BasicAuth{Username: "user2", Password: "pass2"}, nil + }}, + }, + wantError: false, + }, + "AllProvidersFail": { + providers: []AuthProvider{ + &MockAuthProvider{GetAuthMethodFunc: func() (transport.AuthMethod, error) { + return nil, errors.New("first provider failed") + }}, + &MockAuthProvider{GetAuthMethodFunc: func() (transport.AuthMethod, error) { + return nil, errors.New("second provider failed") + }}, + }, + wantError: true, + expectError: "second provider failed", + }, + "NoProviders": { + providers: []AuthProvider{}, + wantError: true, + expectError: "no auth providers configured", + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + provider := &CompositeAuthProvider{ + Providers: tc.providers, + } + + auth, err := provider.GetAuthMethod() + + if tc.wantError { + if err == nil { + t.Fatal("expected error, got nil") + } + if !strings.Contains(err.Error(), tc.expectError) { + t.Errorf("error %q does not contain %q", err.Error(), tc.expectError) + } + } else { + if err != nil { + t.Fatal(err) + } + if auth == nil { + t.Error("auth method nil") + } + } + }) + } +} + +type MockAuthProvider struct { + GetAuthMethodFunc func() (transport.AuthMethod, error) +} + +func (m *MockAuthProvider) GetAuthMethod() (transport.AuthMethod, error) { + if m.GetAuthMethodFunc != nil { + return m.GetAuthMethodFunc() + } + return nil, nil +} + +type MockCloner struct { + CloneRepositoryFunc func(storage storage.Storer, fs billy.Filesystem, auth AuthProvider, opts CloneOptions) (*plumbing.Reference, error) +} + +func (m *MockCloner) CloneRepository(storage storage.Storer, fs billy.Filesystem, auth AuthProvider, opts CloneOptions) (*plumbing.Reference, error) { + if m.CloneRepositoryFunc != nil { + return m.CloneRepositoryFunc(storage, fs, auth, opts) + } + return nil, nil +} diff --git a/internal/kcl/import.go b/internal/kcl/import.go new file mode 100644 index 0000000..fd6c23e --- /dev/null +++ b/internal/kcl/import.go @@ -0,0 +1,79 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package kcl contains helpers for KCL function generation. +package kcl + +import ( + "path/filepath" + "strings" +) + +// FormatKclImportPaths converts a set of schema directory paths under +// schemas/kcl/ to KCL import paths prefixed with "models." and unqiue aliases. +// +// For example, given a path like "kcl/io.example.platform.v1alpha1" (relative +// to the schemas root), this produces: +// +// map[string]string{"platformv1alpha1": "models.io.example.platform.v1alpha1"} +// +// The "models." prefix matches the kcl.mod dependency name (models = { path = +// "./model" }) and the symlink created at function generation time. +func FormatKclImportPaths(paths []string) map[string]string { + imports := make(map[string]string, len(paths)) + + for _, path := range paths { + path = filepath.ToSlash(path) + + // Strip the leading "kcl/" prefix to get the schema-relative path. + const prefix = "kcl/" + if !strings.HasPrefix(path, prefix) { + continue + } + schemaPath := path[len(prefix):] + if schemaPath == "" { + continue + } + + // The import path is "models." + the schema path with slashes converted to + // dots and hyphens to underscores. + importPath := "models." + strings.ReplaceAll(schemaPath, "/", ".") + importPath = strings.ReplaceAll(importPath, "-", "_") + + // Split into components for alias generation. + parts := strings.Split(importPath, ".") + if len(parts) < 2 { + continue + } + + // Default alias is the last two components joined, e.g. "ec2v1beta1". + alias := parts[len(parts)-2] + parts[len(parts)-1] + + // Resolve collisions by adding more context from earlier components. + if _, ok := imports[alias]; ok { + for i := 3; i <= len(parts); i++ { + alias = strings.Join(parts[len(parts)-i:], "") + if _, ok := imports[alias]; !ok { + break + } + } + } + + imports[alias] = importPath + } + + return imports +} diff --git a/internal/kcl/import_test.go b/internal/kcl/import_test.go new file mode 100644 index 0000000..80f6b91 --- /dev/null +++ b/internal/kcl/import_test.go @@ -0,0 +1,74 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package kcl + +import ( + "testing" + + "github.com/google/go-cmp/cmp" +) + +func TestFormatKclImportPaths(t *testing.T) { + t.Parallel() + + tests := map[string]struct { + paths []string + wantImports map[string]string + }{ + "BasicPath": { + paths: []string{"kcl/io.upbound.aws.ec2.v1beta1"}, + wantImports: map[string]string{"ec2v1beta1": "models.io.upbound.aws.ec2.v1beta1"}, + }, + "NestedPath": { + paths: []string{"kcl/io/crossplane/contrib/example/v1alpha1"}, + wantImports: map[string]string{"examplev1alpha1": "models.io.crossplane.contrib.example.v1alpha1"}, + }, + "AliasConflict": { + paths: []string{"kcl/io/example/platformref/aws/v1alpha1", "kcl/io/example/crossplane/aws/v1alpha1"}, + wantImports: map[string]string{ + "awsv1alpha1": "models.io.example.platformref.aws.v1alpha1", + "crossplaneawsv1alpha1": "models.io.example.crossplane.aws.v1alpha1", + }, + }, + "PathWithHyphens": { + paths: []string{"kcl/io/k8s/kube-aggregator/apis/apiregistration/v1"}, + wantImports: map[string]string{"apiregistrationv1": "models.io.k8s.kube_aggregator.apis.apiregistration.v1"}, + }, + "NoKCLPrefix": { + paths: []string{"python/io/example/aws"}, + wantImports: map[string]string{}, + }, + "JustKCLPrefix": { + paths: []string{"kcl/"}, + wantImports: map[string]string{}, + }, + "TopLevelPath": { + paths: []string{"kcl/io.example.aws.v1alpha1"}, + wantImports: map[string]string{"awsv1alpha1": "models.io.example.aws.v1alpha1"}, + }, + } + + for name, tc := range tests { + t.Run(name, func(t *testing.T) { + t.Parallel() + gotImports := FormatKclImportPaths(tc.paths) + if diff := cmp.Diff(tc.wantImports, gotImports); diff != "" { + t.Errorf("importPath mismatch (-want +got):\n%s", diff) + } + }) + } +} diff --git a/internal/project/build.go b/internal/project/build.go new file mode 100644 index 0000000..92628a9 --- /dev/null +++ b/internal/project/build.go @@ -0,0 +1,600 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package project contains logic for building Crossplane projects. +package project + +import ( + "context" + "fmt" + "io/fs" + "os" + "path/filepath" + "slices" + "strings" + "sync" + + "github.com/google/go-containerregistry/pkg/name" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/spf13/afero" + "golang.org/x/sync/errgroup" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/yaml" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/logging" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser/examples" + pyaml "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser/yaml" + + xpv1 "github.com/crossplane/crossplane/apis/v2/apiextensions/v1" + extv1alpha1 "github.com/crossplane/crossplane/apis/v2/apiextensions/v1alpha1" + xpv2 "github.com/crossplane/crossplane/apis/v2/apiextensions/v2" + xpv1alpha1 "github.com/crossplane/crossplane/apis/v2/ops/v1alpha1" + xpmetav1 "github.com/crossplane/crossplane/apis/v2/pkg/meta/v1" + xpkgv1 "github.com/crossplane/crossplane/apis/v2/pkg/v1" + + devv1alpha1 "github.com/crossplane/cli/v2/apis/dev/v1alpha1" + "github.com/crossplane/cli/v2/internal/async" + "github.com/crossplane/cli/v2/internal/dependency" + "github.com/crossplane/cli/v2/internal/project/functions" + "github.com/crossplane/cli/v2/internal/schemas/manager" +) + +const ( + // ConfigurationTag is the tag used for the configuration image in the built + // package. + ConfigurationTag = "configuration" +) + +// ImageTagMap is a map of container image tags to images. +type ImageTagMap map[name.Tag]v1.Image + +// Builder is able to build a project into a set of packages. +type Builder interface { + // Build builds a project into a set of packages. It returns a map + // containing images that were built from the project. The returned map will + // always include one image with the ConfigurationTag, which is the + // configuration package built from the APIs found in the project. + Build(ctx context.Context, project *devv1alpha1.Project, projectFS afero.Fs, opts ...BuildOption) (ImageTagMap, error) +} + +// BuilderOption configures a builder. +type BuilderOption func(b *realBuilder) + +// BuildWithFunctionIdentifier sets the function identifier that will be used to +// find function builders for any functions in a project. +func BuildWithFunctionIdentifier(i functions.Identifier) BuilderOption { + return func(b *realBuilder) { + b.functionIdentifier = i + } +} + +// BuildWithMaxConcurrency sets the maximum concurrency for building embedded +// functions. +func BuildWithMaxConcurrency(n uint) BuilderOption { + return func(b *realBuilder) { + b.maxConcurrency = n + } +} + +// BuildWithSchemaManager sets the schema manager that will be used to generate +// language-specific schemas from XRDs before building functions. +func BuildWithSchemaManager(m *manager.Manager) BuilderOption { + return func(b *realBuilder) { + b.schemaManager = m + } +} + +// BuildWithDependencyManager sets the dependency manager that will be used to +// ensure schemas are present for the project's declared dependencies before +// building functions. +func BuildWithDependencyManager(m *dependency.Manager) BuilderOption { + return func(b *realBuilder) { + b.dependencyManager = m + } +} + +// BuildOption configures a build. +type BuildOption func(o *buildOptions) + +type buildOptions struct { + log logging.Logger + projectBasePath string + eventCh async.EventChannel +} + +// BuildWithLogger provides a logger for progress updates during the build. +func BuildWithLogger(l logging.Logger) BuildOption { + return func(o *buildOptions) { + o.log = l + } +} + +// BuildWithEventChannel provides a channel for sending progress events during +// the build. +func BuildWithEventChannel(ch async.EventChannel) BuildOption { + return func(o *buildOptions) { + o.eventCh = ch + } +} + +// BuildWithProjectBasePath sets the real on-disk base path of the project. This +// path will be used for following symlinks. If not set it will be inferred from +// the project FS, which works only when the project FS is an afero.BasePathFs. +func BuildWithProjectBasePath(path string) BuildOption { + return func(o *buildOptions) { + o.projectBasePath = path + } +} + +type realBuilder struct { + functionIdentifier functions.Identifier + maxConcurrency uint + schemaManager *manager.Manager + dependencyManager *dependency.Manager +} + +// Build implements the Builder interface. +func (b *realBuilder) Build(ctx context.Context, project *devv1alpha1.Project, projectFS afero.Fs, opts ...BuildOption) (ImageTagMap, error) { //nolint:gocyclo // This is the main build orchestration. + o := &buildOptions{ + log: logging.NewNopLogger(), + } + for _, opt := range opts { + opt(o) + } + + // Scaffold a configuration based on the metadata in the project. + cfg := &xpmetav1.Configuration{ + TypeMeta: metav1.TypeMeta{ + APIVersion: xpmetav1.SchemeGroupVersion.String(), + Kind: xpmetav1.ConfigurationKind, + }, + ObjectMeta: cfgMetaFromProject(project), + Spec: xpmetav1.ConfigurationSpec{ + MetaSpec: xpmetav1.MetaSpec{ + Crossplane: project.Spec.Crossplane, + DependsOn: runtimeDependencies(project), + }, + }, + } + + // Default to v2 constraint. + if cfg.Spec.Crossplane == nil || cfg.Spec.Crossplane.Version == "" { + cfg.Spec.Crossplane = &xpmetav1.CrossplaneConstraints{ + Version: ">=v2.0.0-rc.0", + } + } + + functionsSource := afero.NewBasePathFs(projectFS, project.Spec.Paths.Functions) + apisSource := projectFS + apiExcludes := []string{ + project.Spec.Paths.Examples, + project.Spec.Paths.Functions, + project.Spec.Paths.Operations, + } + if project.Spec.Paths.APIs != "/" { + apisSource = afero.NewBasePathFs(projectFS, project.Spec.Paths.APIs) + apiExcludes = []string{} + } + + // Not all projects have operations; ignore them if not present. + operationsSource := afero.NewMemMapFs() + opsExist, err := afero.DirExists(projectFS, project.Spec.Paths.Operations) + if err != nil { + return nil, err + } + if opsExist { + operationsSource = afero.NewBasePathFs(projectFS, project.Spec.Paths.Operations) + } + + // Collect resources (XRDs, MRAPs, compositions, and operations). + packageFS := afero.NewMemMapFs() + o.log.Debug("Collecting resources") + o.eventCh.SendEvent("Collecting resources", async.EventStatusStarted) + + apiGVKs := []string{ + xpv1.CompositeResourceDefinitionGroupVersionKind.String(), + xpv2.CompositeResourceDefinitionGroupVersionKind.String(), + xpv1.CompositionGroupVersionKind.String(), + extv1alpha1.ManagedResourceActivationPolicyGroupVersionKind.String(), + } + if err := collectResources(packageFS, apisSource, apiGVKs, apiExcludes); err != nil { + o.eventCh.SendEvent("Collecting resources", async.EventStatusFailure) + return nil, errors.Wrap(err, "failed to collect API resources") + } + + opsGVKs := []string{ + xpv1alpha1.OperationGroupVersionKind.String(), + xpv1alpha1.WatchOperationGroupVersionKind.String(), + xpv1alpha1.CronOperationGroupVersionKind.String(), + } + if err := collectResources(packageFS, operationsSource, opsGVKs, nil); err != nil { + o.eventCh.SendEvent("Collecting resources", async.EventStatusFailure) + return nil, errors.Wrap(err, "failed to collect operation resources") + } + o.eventCh.SendEvent("Collecting resources", async.EventStatusSuccess) + + // Generate schemas for declared dependencies. The dependency manager + // short-circuits sources whose recorded version still matches, so this is + // cheap on the steady-state path. + if b.dependencyManager != nil { + if err := b.dependencyManager.AddAll(ctx, o.eventCh); err != nil { + return nil, errors.Wrap(err, "failed to generate dependency schemas") + } + } + + // Generate language-specific schemas from XRDs. + if b.schemaManager != nil { + o.eventCh.SendEvent("Generating schemas", async.EventStatusStarted) + if _, err := b.schemaManager.Generate(ctx, manager.NewFSSource(project.Spec.Paths.APIs, apisSource)); err != nil { + o.eventCh.SendEvent("Generating schemas", async.EventStatusFailure) + return nil, errors.Wrap(err, "failed to generate schemas") + } + o.eventCh.SendEvent("Generating schemas", async.EventStatusSuccess) + } + + // Find and build embedded functions. + o.log.Debug("Building functions") + imgMap, deps, err := b.buildFunctions(ctx, projectFS, functionsSource, project, o.projectBasePath, o.eventCh) + if err != nil { + return nil, err + } + cfg.Spec.DependsOn = append(cfg.Spec.DependsOn, deps...) + + // Build the configuration package. + o.log.Debug("Building configuration package") + o.eventCh.SendEvent("Building configuration package", async.EventStatusStarted) + + y, err := yaml.Marshal(cfg) + if err != nil { + return nil, errors.Wrap(err, "failed to marshal package metadata") + } + err = afero.WriteFile(packageFS, "/crossplane.yaml", y, 0o644) + if err != nil { + return nil, errors.Wrap(err, "failed to write package metadata") + } + + pp, err := pyaml.New() + if err != nil { + return nil, errors.Wrap(err, "failed to create parser") + } + builder := xpkg.New( + parser.NewFsBackend(packageFS, parser.FsDir("/")), + parser.NewFsBackend(afero.NewBasePathFs(projectFS, project.Spec.Paths.Examples), + parser.FsDir("/"), + parser.FsFilters(parser.SkipNotYAML()), + ), + pp, + examples.New(), + ) + + img, _, err := builder.Build(ctx) + if err != nil { + o.eventCh.SendEvent("Building configuration package", async.EventStatusFailure) + return nil, errors.Wrap(err, "failed to build package") + } + + imgTag, err := name.NewTag(fmt.Sprintf("%s:%s", project.Spec.Repository, ConfigurationTag)) + if err != nil { + o.eventCh.SendEvent("Building configuration package", async.EventStatusFailure) + return nil, errors.Wrap(err, "failed to construct image tag") + } + imgMap[imgTag] = img + + o.eventCh.SendEvent("Building configuration package", async.EventStatusSuccess) + + return imgMap, nil +} + +// buildFunctions builds the embedded functions found in directories at the top +// level of the provided filesystem. +func (b *realBuilder) buildFunctions(ctx context.Context, projectFS, fromFS afero.Fs, project *devv1alpha1.Project, basePath string, eventCh async.EventChannel) (ImageTagMap, []xpmetav1.Dependency, error) { + var ( + imgMap = make(map[name.Tag]v1.Image) + imgMu sync.Mutex + ) + + infos, err := afero.ReadDir(fromFS, "/") + switch { + case os.IsNotExist(err): + return imgMap, nil, nil + case err != nil: + return nil, nil, errors.Wrap(err, "failed to list functions directory") + } + + fnDirs := make([]string, 0, len(infos)) + for _, info := range infos { + if info.IsDir() { + fnDirs = append(fnDirs, info.Name()) + } + } + + deps := make([]xpmetav1.Dependency, len(fnDirs)) + eg, ctx := errgroup.WithContext(ctx) + + sem := make(chan struct{}, b.maxConcurrency) + for i, fnName := range fnDirs { + eg.Go(func() error { + sem <- struct{}{} + defer func() { + <-sem + }() + + eventText := fmt.Sprintf("Building function %s", fnName) + eventCh.SendEvent(eventText, async.EventStatusStarted) + + fnRepo := fmt.Sprintf("%s_%s", project.Spec.Repository, fnName) + fnFS := afero.NewBasePathFs(fromFS, fnName) + fnBasePath := "" + if basePath != "" { + fnBasePath = filepath.Join(basePath, project.Spec.Paths.Functions, fnName) + } + imgs, err := b.buildFunction(ctx, projectFS, fnFS, project, fnName, fnBasePath) + if err != nil { + eventCh.SendEvent(eventText, async.EventStatusFailure) + return errors.Wrapf(err, "failed to build function %q", fnName) + } + + idx, imgs, err := BuildIndex(imgs...) + if err != nil { + return errors.Wrapf(err, "failed to construct index for function image %q", fnName) + } + dgst, err := idx.Digest() + if err != nil { + return errors.Wrapf(err, "failed to get index digest for function image %q", fnName) + } + deps[i] = xpmetav1.Dependency{ + APIVersion: new(xpkgv1.FunctionGroupVersionKind.GroupVersion().String()), + Kind: new(xpkgv1.FunctionKind), + Package: &fnRepo, + Version: dgst.String(), + } + + for _, img := range imgs { + cfgFile, err := img.ConfigFile() + if err != nil { + return errors.Wrapf(err, "failed to get config for function image %q", fnName) + } + + tag := fmt.Sprintf("%s:%s", fnRepo, cfgFile.Architecture) + imgTag, err := name.NewTag(tag) + if err != nil { + return errors.Wrapf(err, "failed to construct tag for function image %q", fnName) + } + imgMu.Lock() + imgMap[imgTag] = img + imgMu.Unlock() + } + + eventCh.SendEvent(eventText, async.EventStatusSuccess) + + return nil + }) + } + + err = eg.Wait() + if err != nil { + return nil, nil, err + } + + return imgMap, deps, nil +} + +// buildFunction builds images for a single function whose source resides in the +// given filesystem. +func (b *realBuilder) buildFunction(ctx context.Context, projectFS, fromFS afero.Fs, project *devv1alpha1.Project, fnName string, basePath string) ([]v1.Image, error) { + fn := &xpmetav1.Function{ + TypeMeta: metav1.TypeMeta{ + APIVersion: xpmetav1.SchemeGroupVersion.String(), + Kind: xpmetav1.FunctionKind, + }, + ObjectMeta: fnMetaFromProject(project, fnName), + Spec: xpmetav1.FunctionSpec{ + MetaSpec: xpmetav1.MetaSpec{ + Capabilities: []string{ + xpmetav1.FunctionCapabilityComposition, + xpmetav1.FunctionCapabilityOperation, + }, + }, + }, + } + metaFS := afero.NewMemMapFs() + y, err := yaml.Marshal(fn) + if err != nil { + return nil, errors.Wrap(err, "failed to marshal function metadata") + } + err = afero.WriteFile(metaFS, "/crossplane.yaml", y, 0o644) + if err != nil { + return nil, errors.Wrap(err, "failed to write function metadata") + } + + examplesParser := parser.NewEchoBackend("") + examplesExist, err := afero.IsDir(fromFS, "/examples") + switch { + case err == nil, os.IsNotExist(err): + default: + return nil, errors.Wrap(err, "failed to check for examples") + } + if examplesExist { + examplesParser = parser.NewFsBackend(fromFS, + parser.FsDir("/examples"), + parser.FsFilters(parser.SkipNotYAML()), + ) + } + + pp, err := pyaml.New() + if err != nil { + return nil, errors.Wrap(err, "failed to create parser") + } + builder := xpkg.New( + parser.NewFsBackend(metaFS, parser.FsDir("/")), + examplesParser, + pp, + examples.New(), + ) + + fnBuilder, err := b.functionIdentifier.Identify(fromFS, project.Spec.ImageConfigs) + if err != nil { + return nil, errors.Wrap(err, "failed to find a builder") + } + + if bfs, ok := fromFS.(*afero.BasePathFs); ok && basePath == "" { + basePath = afero.FullBaseFsPath(bfs, ".") + } + + runtimeImages, err := fnBuilder.Build(ctx, functions.BuildContext{ + ProjectFS: projectFS, + FunctionPath: filepath.Join(project.Spec.Paths.Functions, fnName), + SchemasPath: project.Spec.Paths.Schemas, + Architectures: project.Spec.Architectures, + OSBasePath: basePath, + }) + if err != nil { + return nil, errors.Wrap(err, "failed to build runtime images") + } + + pkgImages := make([]v1.Image, 0, len(runtimeImages)) + + for _, img := range runtimeImages { + pkgImage, _, err := builder.Build(ctx, xpkg.WithBase(img)) + if err != nil { + return nil, errors.Wrap(err, "failed to build function package") + } + pkgImages = append(pkgImages, pkgImage) + } + + return pkgImages, nil +} + +func collectResources(toFS afero.Fs, fromFS afero.Fs, gvks []string, exclude []string) error { + return afero.Walk(fromFS, "/", func(path string, info fs.FileInfo, err error) error { + if err != nil { + return err + } + + for _, excl := range exclude { + if strings.HasPrefix(path, excl) { + return filepath.SkipDir + } + } + + if info.IsDir() { + return nil + } + ext := filepath.Ext(path) + if ext != ".yaml" && ext != ".yml" { + return nil + } + + var u metav1.TypeMeta + bs, err := afero.ReadFile(fromFS, path) + if err != nil { + return errors.Wrapf(err, "failed to read file %q", path) + } + err = yaml.Unmarshal(bs, &u) + if err != nil { + return errors.Wrapf(err, "failed to parse file %q", path) + } + + if !slices.Contains(gvks, u.GroupVersionKind().String()) { + return nil + } + + err = toFS.MkdirAll(filepath.Dir(path), 0o755) + if err != nil { + return errors.Wrapf(err, "failed to create directory for %q", path) + } + + err = afero.WriteFile(toFS, path, bs, 0o644) + if err != nil { + return errors.Wrapf(err, "failed to write file %q to package", path) + } + + return nil + }) +} + +// runtimeDependencies extracts the runtime (non-APIOnly) xpkg dependencies +// from a project and converts them to package metadata dependencies for use in +// the built Configuration package. +func runtimeDependencies(proj *devv1alpha1.Project) []xpmetav1.Dependency { + deps := make([]xpmetav1.Dependency, 0, len(proj.Spec.Dependencies)) + for _, d := range proj.Spec.Dependencies { + if d.Type != devv1alpha1.DependencyTypeXpkg { + continue + } + if d.Xpkg == nil || d.Xpkg.APIOnly { + continue + } + + deps = append(deps, xpmetav1.Dependency{ + APIVersion: &d.Xpkg.APIVersion, + Kind: &d.Xpkg.Kind, + Package: &d.Xpkg.Package, + Version: d.Xpkg.Version, + }) + } + return deps +} + +func cfgMetaFromProject(proj *devv1alpha1.Project) metav1.ObjectMeta { + meta := proj.ObjectMeta.DeepCopy() + + if meta.Annotations == nil { + meta.Annotations = make(map[string]string) + } + + meta.Annotations["meta.crossplane.io/maintainer"] = proj.Spec.Maintainer + meta.Annotations["meta.crossplane.io/source"] = proj.Spec.Source + meta.Annotations["meta.crossplane.io/license"] = proj.Spec.License + meta.Annotations["meta.crossplane.io/description"] = proj.Spec.Description + meta.Annotations["meta.crossplane.io/readme"] = proj.Spec.Readme + + return *meta +} + +func fnMetaFromProject(proj *devv1alpha1.Project, fnName string) metav1.ObjectMeta { + meta := proj.ObjectMeta.DeepCopy() + + meta.Name = fmt.Sprintf("%s-%s", meta.Name, fnName) + + if meta.Annotations == nil { + meta.Annotations = make(map[string]string) + } + + meta.Annotations["meta.crossplane.io/maintainer"] = proj.Spec.Maintainer + meta.Annotations["meta.crossplane.io/source"] = proj.Spec.Source + meta.Annotations["meta.crossplane.io/license"] = proj.Spec.License + meta.Annotations["meta.crossplane.io/description"] = fmt.Sprintf("Function %s from project %s", fnName, proj.Name) + + return *meta +} + +// NewBuilder returns a new project builder. +func NewBuilder(opts ...BuilderOption) Builder { + b := &realBuilder{ + functionIdentifier: functions.DefaultIdentifier, + maxConcurrency: 8, + } + + for _, opt := range opts { + opt(b) + } + + return b +} diff --git a/internal/project/build_test.go b/internal/project/build_test.go new file mode 100644 index 0000000..8f74c35 --- /dev/null +++ b/internal/project/build_test.go @@ -0,0 +1,298 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package project + +import ( + "fmt" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-containerregistry/pkg/name" + "github.com/spf13/afero" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg" + + devv1alpha1 "github.com/crossplane/cli/v2/apis/dev/v1alpha1" + "github.com/crossplane/cli/v2/internal/project/functions" +) + +// xrdYAML returns an XRD manifest for a resource with the given group/kind. +func xrdYAML(group, plural, singular, kind string) string { + return fmt.Sprintf(`apiVersion: apiextensions.crossplane.io/v2 +kind: CompositeResourceDefinition +metadata: + name: %s.%s +spec: + group: %s + names: + kind: %s + plural: %s + singular: %s + listKind: %sList + scope: Namespaced + versions: + - name: v1alpha1 + served: true + referenceable: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object +`, plural, group, group, kind, plural, singular, kind) +} + +// compositionYAML returns a Composition manifest targeting the given XR kind. +func compositionYAML(name, group, kind string) string { + return fmt.Sprintf(`apiVersion: apiextensions.crossplane.io/v1 +kind: Composition +metadata: + name: %s +spec: + compositeTypeRef: + apiVersion: %s/v1alpha1 + kind: %s + pipeline: [] + mode: Pipeline +`, name, group, kind) +} + +func writeProject(t *testing.T, projFS afero.Fs, apis map[string]string, fns []string) { + t.Helper() + for path, content := range apis { + if err := projFS.MkdirAll("apis", 0o755); err != nil { + t.Fatal(err) + } + if err := afero.WriteFile(projFS, "apis/"+path, []byte(content), 0o644); err != nil { + t.Fatal(err) + } + } + for _, fn := range fns { + dir := "functions/" + fn + if err := projFS.MkdirAll(dir, 0o755); err != nil { + t.Fatal(err) + } + // A minimal function source file so FakeIdentifier has something to find. + if err := afero.WriteFile(projFS, dir+"/.placeholder", []byte(""), 0o644); err != nil { + t.Fatal(err) + } + } +} + +func TestBuilderBuild(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + apis map[string]string + functions []string + runtimeDeps []devv1alpha1.Dependency + expectedResources int + expectedFns int + }{ + "ConfigurationOnly": { + apis: map[string]string{ + "db.yaml": xrdYAML("acme.example.com", "xdatabases", "xdatabase", "XDatabase"), + "db-comp.yaml": compositionYAML("xdatabase-comp", "acme.example.com", "XDatabase"), + "queue.yaml": xrdYAML("acme.example.com", "xqueues", "xqueue", "XQueue"), + "queue-comp.yaml": compositionYAML("xqueue-comp", "acme.example.com", "XQueue"), + }, + runtimeDeps: []devv1alpha1.Dependency{ + { + Type: devv1alpha1.DependencyTypeXpkg, + Xpkg: &devv1alpha1.XpkgDependency{ + APIVersion: "pkg.crossplane.io/v1", + Kind: "Provider", + Package: "xpkg.crossplane.io/example/provider-nop", + Version: "v0.2.1", + }, + }, + }, + expectedResources: 4, + }, + "EmbeddedFunctions": { + apis: map[string]string{ + "db.yaml": xrdYAML("acme.example.com", "xdatabases", "xdatabase", "XDatabase"), + "db-comp.yaml": compositionYAML("xdatabase-comp", "acme.example.com", "XDatabase"), + }, + functions: []string{"fn-cluster", "fn-net"}, + expectedResources: 2, + expectedFns: 2, + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + projFS := afero.NewMemMapFs() + writeProject(t, projFS, tc.apis, tc.functions) + + proj := &devv1alpha1.Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-project", + }, + Spec: devv1alpha1.ProjectSpec{ + ProjectPackageMetadata: devv1alpha1.ProjectPackageMetadata{ + Maintainer: "Maintainer ", + Source: "github.com/example/proj", + License: "Apache-2.0", + Description: "test project", + }, + Repository: "xpkg.crossplane.io/example/test", + Dependencies: tc.runtimeDeps, + }, + } + proj.Default() + + b := NewBuilder( + BuildWithFunctionIdentifier(functions.FakeIdentifier), + ) + + imgMap, err := b.Build(t.Context(), proj, projFS) + if err != nil { + t.Fatalf("Build: %v", err) + } + + // Configuration image must be present at :configuration. + cfgTag, err := constructTag(proj.Spec.Repository, ConfigurationTag) + if err != nil { + t.Fatal(err) + } + cfgImg, ok := imgMap[cfgTag] + if !ok { + t.Fatalf("configuration image not found in image map; tags=%v", tagsOf(imgMap)) + } + + // Configuration image's package layer should carry the package + // annotation (added by AnnotateImage on push, but here we just + // verify the image has the expected meta/Configuration object via + // labels on the config file). + cfgFile, err := cfgImg.ConfigFile() + if err != nil { + t.Fatal(err) + } + // The builder applies xpkg annotations as image labels. + if _, ok := cfgFile.Config.Labels[xpkg.Label(xpkg.PackageAnnotation)]; !ok { + // The labels are computed during package construction; for some + // image shapes the label may not be present. We don't assert + // strictly here, but the absence is a sign something's off. + t.Logf("configuration image has no %s label", xpkg.PackageAnnotation) + } + + // Function images: each fn should produce one image per arch. + fnTags := map[string][]string{} + for tag := range imgMap { + if tag == cfgTag { + continue + } + fnTags[tag.Repository.Name()] = append(fnTags[tag.Repository.Name()], tag.TagStr()) + } + if diff := cmp.Diff(tc.expectedFns, len(fnTags)); diff != "" { + t.Errorf("function repo count (-want +got):\n%s", diff) + } + for repo, tags := range fnTags { + if diff := cmp.Diff(len(proj.Spec.Architectures), len(tags)); diff != "" { + t.Errorf("function %s: arch count (-want +got):\n%s", repo, diff) + } + } + }) + } +} + +// TestBuilderDependsOn verifies the configuration package's dependsOn list +// includes both runtime project deps and embedded function deps. +func TestBuilderDependsOn(t *testing.T) { + t.Parallel() + + projFS := afero.NewMemMapFs() + writeProject(t, projFS, + map[string]string{ + "db.yaml": xrdYAML("acme.example.com", "xdatabases", "xdatabase", "XDatabase"), + "db-comp.yaml": compositionYAML("xdb", "acme.example.com", "XDatabase"), + }, + []string{"fn-one"}, + ) + + runtimeDep := devv1alpha1.Dependency{ + Type: devv1alpha1.DependencyTypeXpkg, + Xpkg: &devv1alpha1.XpkgDependency{ + APIVersion: "pkg.crossplane.io/v1", + Kind: "Provider", + Package: "xpkg.crossplane.io/example/provider-nop", + Version: "v0.2.1", + }, + } + proj := &devv1alpha1.Project{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-project", + }, + Spec: devv1alpha1.ProjectSpec{ + Repository: "xpkg.crossplane.io/example/test", + Architectures: []string{"amd64", "arm64"}, + Dependencies: []devv1alpha1.Dependency{runtimeDep}, + }, + } + proj.Default() + + imgMap, err := NewBuilder( + BuildWithFunctionIdentifier(functions.FakeIdentifier), + ).Build(t.Context(), proj, projFS) + if err != nil { + t.Fatalf("Build: %v", err) + } + + // runtimeDependencies should have emitted the project's xpkg dep. + got := runtimeDependencies(proj) + if diff := cmp.Diff(1, len(got)); diff != "" { + t.Errorf("runtimeDependencies count (-want +got):\n%s", diff) + } + if got[0].Package == nil || *got[0].Package != runtimeDep.Xpkg.Package { + t.Errorf("runtimeDependencies package = %v, want %s", got[0].Package, runtimeDep.Xpkg.Package) + } + if diff := cmp.Diff(runtimeDep.Xpkg.Version, got[0].Version); diff != "" { + t.Errorf("runtimeDependencies version (-want +got):\n%s", diff) + } + if got[0].APIVersion == nil || *got[0].APIVersion != runtimeDep.Xpkg.APIVersion { + t.Errorf("runtimeDependencies APIVersion = %v, want %s", got[0].APIVersion, runtimeDep.Xpkg.APIVersion) + } + + // The function dep is reflected in the image map as _:. + wantFnRepo := proj.Spec.Repository + "_fn-one" + foundArchs := 0 + for tag := range imgMap { + if tag.Repository.Name() == wantFnRepo { + foundArchs++ + } + } + if diff := cmp.Diff(2, foundArchs); diff != "" { + t.Errorf("function arch images (-want +got):\n%s", diff) + } +} + +func constructTag(repo, tag string) (name.Tag, error) { + return name.NewTag(fmt.Sprintf("%s:%s", repo, tag)) +} + +func tagsOf(m ImageTagMap) []string { + out := make([]string, 0, len(m)) + for t := range m { + out = append(out, t.String()) + } + return out +} diff --git a/internal/project/certs/cert_generator.go b/internal/project/certs/cert_generator.go new file mode 100644 index 0000000..3e22cdc --- /dev/null +++ b/internal/project/certs/cert_generator.go @@ -0,0 +1,96 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package certs generates certificates for the local dev registry. +package certs + +import ( + "bytes" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" +) + +// CertificateSigner is the parent's certificate and key that will be used to +// sign the certificate. +type CertificateSigner struct { + certificate *x509.Certificate + key *rsa.PrivateKey + certificatePEM []byte +} + +// CertificateGenerator can return you TLS certificate valid for given domains. +type CertificateGenerator interface { + Generate(c *x509.Certificate, cs *CertificateSigner) (key, crt []byte, err error) +} + +var pkixName = pkix.Name{ //nolint:gochecknoglobals // We treat this as a constant. + CommonName: "Crossplane CLI", + Organization: []string{"Crossplane"}, + Country: []string{"Earth"}, + Province: []string{"Earth"}, + Locality: []string{"Earth"}, +} + +// NewCertGenerator returns a new CertGenerator. +func NewCertGenerator() *CertGenerator { + return &CertGenerator{} +} + +// CertGenerator generates a root CA and key that can be used by client and +// servers. +type CertGenerator struct{} + +// Generate creates TLS Secret with 10 years expiration date that is valid +// for the given domains. +func (*CertGenerator) Generate(cert *x509.Certificate, signer *CertificateSigner) (key []byte, crt []byte, err error) { + privateKey, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + return nil, nil, errors.Wrap(err, "cannot generate private key") + } + + if signer == nil { + signer = &CertificateSigner{ + certificate: cert, + key: privateKey, + } + } + + certBytes, err := x509.CreateCertificate(rand.Reader, cert, signer.certificate, &privateKey.PublicKey, signer.key) + if err != nil { + return nil, nil, errors.Wrap(err, "cannot create certificate with key") + } + + certPEM := new(bytes.Buffer) + if err := pem.Encode(certPEM, &pem.Block{ + Type: "CERTIFICATE", + Bytes: certBytes, + }); err != nil { + return nil, nil, errors.Wrap(err, "cannot encode cert into PEM") + } + certKeyPEM := new(bytes.Buffer) + if err := pem.Encode(certKeyPEM, &pem.Block{ + Type: "RSA PRIVATE KEY", + Bytes: x509.MarshalPKCS1PrivateKey(privateKey), + }); err != nil { + return nil, nil, errors.Wrap(err, "cannot encode private key into PEM") + } + return certKeyPEM.Bytes(), certPEM.Bytes(), nil +} diff --git a/internal/project/certs/tls.go b/internal/project/certs/tls.go new file mode 100644 index 0000000..9628d8f --- /dev/null +++ b/internal/project/certs/tls.go @@ -0,0 +1,252 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package certs + +import ( + "context" + "crypto/x509" + "encoding/pem" + "math/big" + "time" + + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/logging" + "github.com/crossplane/crossplane-runtime/v2/pkg/resource" +) + +const ( + // RootCACertSecretName is the name of the secret that will store CA + // certificates. The rest of the certificates created per entity will be + // signed by this CA. + RootCACertSecretName = "crossplane-ca" + + // SecretKeyCACert is the secret key of CA certificate. + SecretKeyCACert = "ca.crt" +) + +// TLSCertificateGenerator generates TLS certificate bundles and stores them +// in k8s secrets. +type TLSCertificateGenerator struct { + namespace string + caSecretName string + tlsServerSecretName *string + tlsServerDNSNames []string + certificate CertificateGenerator + log logging.Logger +} + +// TLSCertificateGeneratorOption configures TLSCertificateGenerator behavior. +type TLSCertificateGeneratorOption func(*TLSCertificateGenerator) + +// TLSCertificateGeneratorWithLogger configures the logger. +func TLSCertificateGeneratorWithLogger(log logging.Logger) TLSCertificateGeneratorOption { + return func(g *TLSCertificateGenerator) { + g.log = log + } +} + +// TLSCertificateGeneratorWithServerSecretName sets the server secret name and +// DNS names. +func TLSCertificateGeneratorWithServerSecretName(s string, dnsNames []string) TLSCertificateGeneratorOption { + return func(g *TLSCertificateGenerator) { + g.tlsServerSecretName = &s + g.tlsServerDNSNames = dnsNames + } +} + +// NewTLSCertificateGenerator returns a new TLSCertificateGenerator. +func NewTLSCertificateGenerator(ns, caSecret string, opts ...TLSCertificateGeneratorOption) *TLSCertificateGenerator { + e := &TLSCertificateGenerator{ + namespace: ns, + caSecretName: caSecret, + certificate: NewCertGenerator(), + log: logging.NewNopLogger(), + } + + for _, f := range opts { + f(e) + } + return e +} + +func (e *TLSCertificateGenerator) loadOrGenerateCA(ctx context.Context, kube client.Client, nn types.NamespacedName) (*CertificateSigner, error) { + caSecret := &corev1.Secret{} + + err := kube.Get(ctx, nn, caSecret) + if resource.IgnoreNotFound(err) != nil { + return nil, errors.Wrapf(err, "cannot get TLS secret: %s", nn.Name) + } + + create := true + if err == nil { + create = false + kd := caSecret.Data[corev1.TLSPrivateKeyKey] + cd := caSecret.Data[corev1.TLSCertKey] + if len(kd) != 0 && len(cd) != 0 { + e.log.Info("TLS CA secret is complete.") + return parseCertificateSigner(kd, cd) + } + } + e.log.Info("TLS CA secret is empty or not complete, generating a new CA...") + + a := &x509.Certificate{ + SerialNumber: big.NewInt(2022), + Subject: pkixName, + Issuer: pkixName, + DNSNames: []string{RootCACertSecretName}, + NotBefore: time.Now(), + NotAfter: time.Now().AddDate(10, 0, 0), + IsCA: true, + KeyUsage: x509.KeyUsageCRLSign | x509.KeyUsageCertSign, + BasicConstraintsValid: true, + } + + caKeyByte, caCrtByte, err := e.certificate.Generate(a, nil) + if err != nil { + return nil, errors.Wrap(err, "cannot generate CA certificate") + } + + caSecret.Name = nn.Name + caSecret.Namespace = nn.Namespace + caSecret.Data = map[string][]byte{ + corev1.TLSCertKey: caCrtByte, + corev1.TLSPrivateKeyKey: caKeyByte, + } + if create { + err = kube.Create(ctx, caSecret) + } else { + err = kube.Update(ctx, caSecret) + } + if err != nil { + return nil, errors.Wrapf(err, "cannot create or update secret: %s", nn.Name) + } + + return parseCertificateSigner(caKeyByte, caCrtByte) +} + +func (e *TLSCertificateGenerator) ensureServerCertificate(ctx context.Context, kube client.Client, nn types.NamespacedName, signer *CertificateSigner) error { + sec := &corev1.Secret{} + + err := kube.Get(ctx, nn, sec) + if resource.IgnoreNotFound(err) != nil { + return errors.Wrapf(err, "cannot get TLS secret: %s", nn.Name) + } + + create := true + if err == nil { + create = false + if len(sec.Data[corev1.TLSCertKey]) != 0 || len(sec.Data[corev1.TLSPrivateKeyKey]) != 0 || len(sec.Data[SecretKeyCACert]) != 0 { + e.log.Info("TLS secret contains server certificate.", "secret", nn.Name) + return nil + } + } + e.log.Info("Server certificates are empty or not complete, generating a new pair...", "secret", nn.Name) + dnsNames := e.tlsServerDNSNames + if len(dnsNames) == 0 { + return errors.New("server DNS names are empty, you must provide at least one DNS name") + } + + cert := &x509.Certificate{ + SerialNumber: big.NewInt(2022), + Subject: pkixName, + DNSNames: dnsNames, + NotBefore: time.Now(), + NotAfter: time.Now().AddDate(10, 0, 0), + IsCA: false, + KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageDataEncipherment, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + BasicConstraintsValid: true, + } + + keyData, certData, err := e.certificate.Generate(cert, signer) + if err != nil { + return errors.Wrap(err, "cannot generate tls certificate") + } + + sec.Name = nn.Name + sec.Namespace = nn.Namespace + if sec.Data == nil { + sec.Data = make(map[string][]byte) + } + sec.Data[corev1.TLSCertKey] = certData + sec.Data[corev1.TLSPrivateKeyKey] = keyData + sec.Data[SecretKeyCACert] = signer.certificatePEM + + if create { + err = kube.Create(ctx, sec) + } else { + err = kube.Update(ctx, sec) + } + return errors.Wrapf(err, "cannot create or update secret: %s", nn.Name) +} + +// Run generates the TLS certificate bundle and stores it in k8s secrets. +func (e *TLSCertificateGenerator) Run(ctx context.Context, kube client.Client) error { + if e.tlsServerSecretName == nil { + return nil + } + signer, err := e.loadOrGenerateCA(ctx, kube, types.NamespacedName{ + Name: e.caSecretName, + Namespace: e.namespace, + }) + if err != nil { + return errors.Wrap(err, "cannot load or generate certificate signer") + } + + if e.tlsServerSecretName != nil { + if err := e.ensureServerCertificate(ctx, kube, types.NamespacedName{ + Name: *e.tlsServerSecretName, + Namespace: e.namespace, + }, signer); err != nil { + return errors.Wrap(err, "could not generate server certificate") + } + } + + return nil +} + +func parseCertificateSigner(key, cert []byte) (*CertificateSigner, error) { + block, _ := pem.Decode(key) + if block == nil { + return nil, errors.New("cannot decode key") + } + + sKey, err := x509.ParsePKCS1PrivateKey(block.Bytes) + if err != nil { + return nil, errors.Wrap(err, "cannot parse CA key") + } + + block, _ = pem.Decode(cert) + if block == nil { + return nil, errors.New("cannot decode cert") + } + + sCert, err := x509.ParseCertificate(block.Bytes) + if err != nil { + return nil, errors.Wrap(err, "cannot parse CA certificate") + } + + return &CertificateSigner{ + key: sKey, + certificate: sCert, + certificatePEM: cert, + }, nil +} diff --git a/internal/project/controlplane/controlplane.go b/internal/project/controlplane/controlplane.go new file mode 100644 index 0000000..23776f5 --- /dev/null +++ b/internal/project/controlplane/controlplane.go @@ -0,0 +1,642 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package controlplane manages local development control planes. +package controlplane + +import ( + "bytes" + "context" + "fmt" + "io/fs" + "os" + "path" + "path/filepath" + "slices" + + "github.com/google/go-containerregistry/pkg/name" + "github.com/google/go-containerregistry/pkg/v1/empty" + "github.com/google/go-containerregistry/pkg/v1/layout" + batchv1 "k8s.io/api/batch/v1" + corev1 "k8s.io/api/core/v1" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/rest" + "k8s.io/client-go/tools/clientcmd" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/kind/pkg/apis/config/defaults" + "sigs.k8s.io/kind/pkg/apis/config/v1alpha4" + kind "sigs.k8s.io/kind/pkg/cluster" + "sigs.k8s.io/yaml" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/logging" + + pkgv1beta1 "github.com/crossplane/crossplane/apis/v2/pkg/v1beta1" + + "github.com/crossplane/cli/v2/internal/docker" + "github.com/crossplane/cli/v2/internal/project" + "github.com/crossplane/cli/v2/internal/project/certs" + "github.com/crossplane/cli/v2/internal/project/helm" +) + +const ( + crossplaneNamespace = "crossplane-system" +) + +// DevControlPlane is a local development control plane. +type DevControlPlane interface { + // Info returns human-friendly information about the control plane. + Info() string + // Client returns a controller-runtime client for the control plane. + Client() client.Client + // Kubeconfig returns a kubeconfig for the control plane. + Kubeconfig() clientcmd.ClientConfig + // Teardown tears down the control plane, deleting any resources it may use. + Teardown(ctx context.Context) error + // Sideload sideloads packages into the control plane. + Sideload(ctx context.Context, imgMap project.ImageTagMap, tag name.Tag) error +} + +type localDevControlPlane struct { + name string + kubeconfig clientcmd.ClientConfig + client client.Client + registryDir string + registryContainerID string + registryHostname string +} + +func (l *localDevControlPlane) Info() string { + return fmt.Sprintf("Local dev control plane running in kind cluster %q.", l.name) +} + +func (l *localDevControlPlane) Client() client.Client { + return l.client +} + +func (l *localDevControlPlane) Kubeconfig() clientcmd.ClientConfig { + return l.kubeconfig +} + +func (l *localDevControlPlane) Teardown(ctx context.Context) error { + provider := kind.NewProvider() + + if err := ctx.Err(); err != nil { + return err + } + + if err := provider.Delete(l.name, ""); err != nil { + return errors.Wrap(err, "failed to delete the local control plane") + } + + if err := teardownLocalRegistry(ctx, l.registryContainerID); err != nil { + return errors.Wrap(err, "failed to tear down registry") + } + + _ = os.RemoveAll(l.registryDir) + + return nil +} + +func (l *localDevControlPlane) Sideload(ctx context.Context, imgMap project.ImageTagMap, tag name.Tag) error { + cfgImage, fnImages, err := project.SortImages(imgMap, tag.Repository.Name()) + if err != nil { + return err + } + + for repo, images := range fnImages { + p := filepath.Join(l.registryDir, repo.RepositoryStr()) + if err := os.MkdirAll(p, 0o750); err != nil { + return err + } + + idx, _, err := project.BuildIndex(images...) + if err != nil { + return err + } + + lp, err := layout.Write(p, empty.Index) + if err != nil { + return err + } + + if err := lp.AppendIndex(idx, layout.WithAnnotations(map[string]string{ + "org.opencontainers.image.ref.name": tag.TagStr(), + })); err != nil { + return err + } + } + + p := filepath.Join(l.registryDir, tag.RepositoryStr()) + if err := os.MkdirAll(p, 0o750); err != nil { + return err + } + + lpath, err := layout.Write(p, empty.Index) + if err != nil { + return err + } + + if err := lpath.AppendImage(cfgImage, layout.WithAnnotations(map[string]string{ + "org.opencontainers.image.ref.name": tag.TagStr(), + })); err != nil { + return err + } + + // Make everything world-readable for unprivileged container access. + if err := filepath.WalkDir(l.registryDir, func(path string, d fs.DirEntry, err error) error { + if err != nil { + return err + } + + if d.IsDir() { + return os.Chmod(path, 0o755) //nolint:gosec // Container needs to read the dir. + } + + return os.Chmod(path, 0o644) //nolint:gosec // Container needs to read the file. + }); err != nil { + return errors.Wrap(err, "failed to adjust permissions on sideloaded images") + } + + rewrite := path.Join(l.registryHostname, tag.RepositoryStr()) + imgcfg := &pkgv1beta1.ImageConfig{ + ObjectMeta: metav1.ObjectMeta{ + Name: "local-registry", + }, + Spec: pkgv1beta1.ImageConfigSpec{ + MatchImages: []pkgv1beta1.ImageMatch{{ + Type: pkgv1beta1.Prefix, + Prefix: tag.Repository.Name(), + }}, + RewriteImage: &pkgv1beta1.ImageRewrite{ + Prefix: rewrite, + }, + }, + } + + if err := pkgv1beta1.AddToScheme(l.client.Scheme()); err != nil { + return err + } + if err := l.client.Create(ctx, imgcfg); err != nil && !kerrors.IsAlreadyExists(err) { + return errors.Wrap(err, "failed to create image config") + } + + return nil +} + +// Option configures EnsureLocalDevControlPlane. +type Option func(*config) + +type config struct { + name string + crossplaneVersion string + registryDir string + clusterAdmin bool + log logging.Logger +} + +// WithName sets the name of the local dev control plane. +func WithName(n string) Option { + return func(c *config) { + c.name = n + } +} + +// WithCrossplaneVersion sets the Crossplane version to install. +func WithCrossplaneVersion(v string) Option { + return func(c *config) { + c.crossplaneVersion = v + } +} + +// WithRegistryDir sets the directory for local registry images. +func WithRegistryDir(d string) Option { + return func(c *config) { + c.registryDir = d + } +} + +// WithClusterAdmin sets whether to grant Crossplane cluster admin privileges. +func WithClusterAdmin(enabled bool) Option { + return func(c *config) { + c.clusterAdmin = enabled + } +} + +// WithLogger sets the logger for progress updates. +func WithLogger(l logging.Logger) Option { + return func(c *config) { + c.log = l + } +} + +// EnsureLocalDevControlPlane creates or reuses a local kind-based development +// control plane with Crossplane installed. +func EnsureLocalDevControlPlane(ctx context.Context, opts ...Option) (DevControlPlane, error) { //nolint:gocyclo // Main orchestration function. + cfg := &config{ + clusterAdmin: true, + log: logging.NewNopLogger(), + } + for _, opt := range opts { + opt(cfg) + } + + cfg.log.Debug("Checking Docker connectivity") + if err := docker.Check(ctx); err != nil { + return nil, errors.Wrap(err, "failed to connect to Docker; local dev control planes require a Docker-compatible container runtime") + } + + // kind creates a docker container named -control-plane, and uses the + // name as the container's hostname. Hostnames can be at most 63 characters. + nameLen := len(cfg.name) + nameLen = min(nameLen, 63-len("-control-plane")) + cfg.name = cfg.name[:nameLen] + + cfg.log.Debug("Ensuring kind cluster", "name", cfg.name) + kubeconfig, err := ensureKindCluster(cfg.name) + if err != nil { + return nil, err + } + + restConfig, err := kubeconfig.ClientConfig() + if err != nil { + return nil, errors.Wrap(err, "cannot get rest config") + } + + cl, err := client.New(restConfig, client.Options{}) + if err != nil { + return nil, errors.Wrap(err, "cannot construct control plane client") + } + + // Create the crossplane namespace. + ns := &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: crossplaneNamespace, + }, + } + if err := cl.Create(ctx, ns); err != nil && !kerrors.IsAlreadyExists(err) { + return nil, errors.Wrap(err, "failed to create crossplane-system namespace") + } + + // Generate a CA and certificate for the local registry. + regName := cfg.name + "-registry" + cfg.log.Debug("Ensuring local registry certificate") + certSecret, ca, err := ensureLocalRegistryCertificate(ctx, cl, regName) + if err != nil { + return nil, errors.Wrap(err, "cannot generate certificate for registry") + } + + // Create a directory to store sideloaded images and spin up a registry + // container that uses it. + registryDir := cfg.registryDir + if registryDir == "" { + registryDir = filepath.Join(os.TempDir(), "crossplane-local-registry") + } + registryDir = filepath.Join(registryDir, cfg.name) + if err := os.MkdirAll(registryDir, 0o755); err != nil { //nolint:gosec // Container needs to read the dir. + return nil, err + } + + cfg.log.Debug("Ensuring local registry container") + cid, err := ensureLocalRegistry(ctx, cl, regName, registryDir, certSecret) + if err != nil { + return nil, err + } + + cfg.log.Debug("Ensuring Crossplane is installed") + if err := ensureCrossplane(restConfig, cfg.crossplaneVersion, ca.Name, cfg.clusterAdmin); err != nil { + return nil, err + } + + cfg.log.Debug("Local dev control plane ready") + return &localDevControlPlane{ + name: cfg.name, + kubeconfig: kubeconfig, + client: cl, + registryDir: registryDir, + registryContainerID: cid, + registryHostname: regName + ":5000", + }, nil +} + +// TeardownLocalDevControlPlane tears down a local dev control plane by name. +// It deletes the kind cluster, stops the registry container, and removes the +// registry data directory. +func TeardownLocalDevControlPlane(ctx context.Context, name string, registryDir string) error { + // Truncate name the same way EnsureLocalDevControlPlane does. + nameLen := len(name) + nameLen = min(nameLen, 63-len("-control-plane")) + name = name[:nameLen] + + provider := kind.NewProvider() + + existing, err := provider.List() + if err != nil { + return errors.Wrap(err, "failed to list kind clusters") + } + if !slices.Contains(existing, name) { + return errors.Errorf("kind cluster %q not found", name) + } + + if err := provider.Delete(name, ""); err != nil { + return errors.Wrap(err, "failed to delete the local control plane") + } + + // Stop and remove the registry container. + regName := name + "-registry" + cid, found, err := docker.GetContainerIDByName(ctx, regName, true) + if err != nil { + return errors.Wrap(err, "failed to look up registry container") + } + if found { + if err := teardownLocalRegistry(ctx, cid); err != nil { + return errors.Wrap(err, "failed to tear down registry") + } + } + + // Remove the registry data directory. + if registryDir == "" { + registryDir = filepath.Join(os.TempDir(), "crossplane-local-registry") + } + registryDir = filepath.Join(registryDir, name) + _ = os.RemoveAll(registryDir) + + return nil +} + +func ensureKindCluster(clusterName string) (clientcmd.ClientConfig, error) { + provider := kind.NewProvider() + + kubeconfigFile, err := os.CreateTemp("", "crossplane-*.kubeconfig") + if err != nil { + return nil, errors.Wrap(err, "failed to create temporary kubeconfig") + } + _ = kubeconfigFile.Close() + defer func() { _ = os.Remove(kubeconfigFile.Name()) }() + + existing, err := provider.List() + if err != nil { + return nil, errors.Wrap(err, "failed to list kind clusters") + } + + if slices.Contains(existing, clusterName) { + if err := provider.ExportKubeConfig(clusterName, kubeconfigFile.Name(), false); err != nil { + return nil, errors.Wrap(err, "failed to get kubeconfig for kind cluster") + } + } else { + if err := createNewKindCluster(provider, clusterName, kubeconfigFile.Name()); err != nil { + return nil, err + } + } + + kubeconfigBytes, err := os.ReadFile(kubeconfigFile.Name()) + if err != nil { + return nil, errors.Wrap(err, "failed to load kubeconfig") + } + + kubeconfig, err := clientcmd.NewClientConfigFromBytes(kubeconfigBytes) + if err != nil { + return nil, errors.Wrap(err, "failed to parse kubeconfig") + } + + return kubeconfig, nil +} + +func createNewKindCluster(provider *kind.Provider, clusterName, kubeconfigPath string) error { + cfg := createKindClusterConfig() + + cfgBytes, err := yaml.Marshal(cfg) + if err != nil { + return errors.Wrap(err, "failed to marshal kind config") + } + + if err := provider.Create( + clusterName, + kind.CreateWithRawConfig(cfgBytes), + kind.CreateWithNodeImage(defaults.Image), + kind.CreateWithDisplayUsage(false), + kind.CreateWithDisplaySalutation(false), + kind.CreateWithKubeconfigPath(kubeconfigPath), + ); err != nil { + return errors.Wrap(err, "failed to create kind cluster") + } + + return nil +} + +func createKindClusterConfig() *v1alpha4.Cluster { + return &v1alpha4.Cluster{ + TypeMeta: v1alpha4.TypeMeta{ + APIVersion: "kind.x-k8s.io/v1alpha4", + Kind: "Cluster", + }, + Nodes: []v1alpha4.Node{{ + Role: v1alpha4.ControlPlaneRole, + }}, + ContainerdConfigPatches: []string{ + "[plugins.\"io.containerd.grpc.v1.cri\".registry]\nconfig_path = \"/etc/containerd/certs.d\"\n", + }, + } +} + +func ensureCrossplane(restConfig *rest.Config, version, caConfigMap string, clusterAdmin bool) error { + mgr, err := helm.NewManager(restConfig, + "crossplane", + "https://charts.crossplane.io/stable", + crossplaneNamespace, + helm.Wait(), + ) + if err != nil { + return errors.Wrap(err, "failed to build new helm manager") + } + + // If crossplane is already installed, check the version. + if v, err := mgr.GetCurrentVersion(); err == nil { + if version != "" && v != version { + return errors.Errorf("existing cluster has wrong crossplane version installed: got %s, want %s", v, version) + } + return nil + } + + values := map[string]any{ + "args": []string{ + "--enable-dependency-version-upgrades", + }, + "registryCaBundleConfig": map[string]string{ + "name": caConfigMap, + "key": certs.SecretKeyCACert, + }, + "rbac": map[string]any{ + "clusterAdmin": clusterAdmin, + }, + } + if err = mgr.Install(version, values); err != nil { + return errors.Wrap(err, "failed to install crossplane") + } + + return nil +} + +func ensureLocalRegistry(ctx context.Context, cl client.Client, regName, dir string, certSecret *corev1.Secret) (string, error) { + const regImage = "ghcr.io/olareg/olareg:edge" + certDir := filepath.Join(dir, ".certs") + + // Check for existing registry container. + existing, found, err := docker.GetContainerIDByName(ctx, regName, true) + if err != nil { + return "", errors.Wrap(err, "failed to look up existing registry container") + } + if found { + //nolint:gosec // We don't do anything dangerous with the CA data. + caData, err := os.ReadFile(filepath.Join(certDir, "ca.crt")) + if err == nil && bytes.Equal(caData, certSecret.Data[certs.SecretKeyCACert]) { + if err := docker.StartContainerByID(ctx, existing); err != nil { + return "", errors.Wrap(err, "failed to start existing registry container") + } + return existing, nil + } + + if err := teardownLocalRegistry(ctx, existing); err != nil { + return "", errors.Wrap(err, "failed to tear down outdated registry") + } + } + + // Write the TLS cert and key files. + if err := os.MkdirAll(certDir, 0o755); err != nil { //nolint:gosec // Container needs to read the dir. + return "", errors.New("failed to create cert directory") + } + if err := os.WriteFile(filepath.Join(certDir, "ca.crt"), certSecret.Data[certs.SecretKeyCACert], 0o644); err != nil { //nolint:gosec // Container needs to read the file. + return "", errors.New("failed to write ca cert") + } + if err := os.WriteFile(filepath.Join(certDir, "tls.crt"), certSecret.Data[corev1.TLSCertKey], 0o644); err != nil { //nolint:gosec // Container needs to read the file. + return "", errors.New("failed to write tls cert") + } + if err := os.WriteFile(filepath.Join(certDir, "tls.key"), certSecret.Data[corev1.TLSPrivateKeyKey], 0o644); err != nil { //nolint:gosec // Container needs to read the file. + return "", errors.New("failed to write tls key") + } + + // Find kind's network. + nid, found, err := docker.GetNetworkIDByName(ctx, "kind") + if err != nil { + return "", errors.Wrap(err, "failed to get kind network ID") + } + if !found { + return "", errors.New("missing kind network") + } + + // Start the registry container. + cid, err := docker.StartContainer(ctx, regName, regImage, + docker.StartWithCommand([]string{"serve", "--dir=/registry-data", "--api-push=false", "--store-ro", "--tls-cert=/registry-data/.certs/tls.crt", "--tls-key=/registry-data/.certs/tls.key"}), + docker.StartWithBindMount(dir, "/registry-data"), + docker.StartWithNetworkID(nid), + ) + if err != nil { + return "", errors.Wrap(err, "failed to start registry container") + } + + // Configure containerd in the cluster to accept the local registry's CA + // certificate. + if err := configureContainerdLocalRegistry(ctx, cl, regName, string(certSecret.Data[certs.SecretKeyCACert])); err != nil { + return "", errors.Wrap(err, "failed to configure registry in kind cluster") + } + + return cid, nil +} + +func teardownLocalRegistry(ctx context.Context, cid string) error { + return errors.Wrap(docker.StopContainerByID(ctx, cid), "failed to stop registry container") +} + +func ensureLocalRegistryCertificate(ctx context.Context, cl client.Client, hostname string) (*corev1.Secret, *corev1.ConfigMap, error) { + const secretName = "local-registry-tls" + + gen := certs.NewTLSCertificateGenerator(crossplaneNamespace, certs.RootCACertSecretName, + certs.TLSCertificateGeneratorWithServerSecretName(secretName, []string{hostname}), + ) + + if err := gen.Run(ctx, cl); err != nil { + return nil, nil, errors.Wrap(err, "failed to generate local registry certificate") + } + + var s corev1.Secret + if err := cl.Get(ctx, types.NamespacedName{Namespace: crossplaneNamespace, Name: secretName}, &s); err != nil { + return nil, nil, errors.Wrap(err, "failed to retrieve local registry certificate") + } + + cm := &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "local-registry-cert", + Namespace: crossplaneNamespace, + }, + BinaryData: map[string][]byte{ + certs.SecretKeyCACert: s.Data[certs.SecretKeyCACert], + }, + } + if err := cl.Create(ctx, cm); err != nil && !kerrors.IsAlreadyExists(err) { + return nil, nil, errors.Wrap(err, "failed to save local registry ca certificate") + } + + return &s, cm, nil +} + +func configureContainerdLocalRegistry(ctx context.Context, cl client.Client, regName, caCert string) error { + hostsToml := fmt.Sprintf(`server = "https://%s:5000" + +[host."https://%s:5000"] + ca = "ca.crt" +`, regName, regName) + cmd := fmt.Sprintf("mkdir -p /containerd-certs/%s:5000", regName) + cmd += fmt.Sprintf("&& echo '%s' > /containerd-certs/%s:5000/ca.crt", caCert, regName) + cmd += fmt.Sprintf("&& echo '%s' > /containerd-certs/%s:5000/hosts.toml", hostsToml, regName) + j := &batchv1.Job{ + ObjectMeta: metav1.ObjectMeta{ + Name: "configure-kind-registry", + Namespace: "default", + }, + Spec: batchv1.JobSpec{ + Template: corev1.PodTemplateSpec{ + Spec: corev1.PodSpec{ + RestartPolicy: corev1.RestartPolicyNever, + Containers: []corev1.Container{{ + Name: "configurator", + VolumeMounts: []corev1.VolumeMount{{ + Name: "containerd-certs", + MountPath: "/containerd-certs", + }}, + Image: "docker.io/library/alpine:3", + Command: []string{"sh", "-c", cmd}, + }}, + Volumes: []corev1.Volume{{ + Name: "containerd-certs", + VolumeSource: corev1.VolumeSource{ + HostPath: &corev1.HostPathVolumeSource{ + Path: "/etc/containerd/certs.d", + }, + }, + }}, + }, + }, + }, + } + + if err := cl.Create(ctx, j); err != nil && !kerrors.IsAlreadyExists(err) { + return err + } + + return nil +} diff --git a/internal/project/functions/build.go b/internal/project/functions/build.go new file mode 100644 index 0000000..09c1751 --- /dev/null +++ b/internal/project/functions/build.go @@ -0,0 +1,146 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package functions contains functions for building embedded functions. +package functions + +import ( + "context" + + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/empty" + "github.com/google/go-containerregistry/pkg/v1/mutate" + "github.com/spf13/afero" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + + pkgv1beta1 "github.com/crossplane/crossplane/apis/v2/pkg/v1beta1" +) + +// Identifier knows how to identify an appropriate builder for a function based +// on its source code. +type Identifier interface { + // Identify returns a suitable builder for the function whose source lives + // in the given filesystem. It returns an error if no such builder is + // available. + Identify(fromFS afero.Fs, imageConfigs []pkgv1beta1.ImageConfig) (Builder, error) +} + +type realIdentifier struct{} + +// DefaultIdentifier is the default builder identifier, suitable for production +// use. +// +//nolint:gochecknoglobals // we want to keep this global +var DefaultIdentifier Identifier = realIdentifier{} + +func (realIdentifier) Identify(fromFS afero.Fs, imageConfigs []pkgv1beta1.ImageConfig) (Builder, error) { + builders := []Builder{ + newKCLBuilder(imageConfigs), + newPythonBuilder(imageConfigs), + newGoBuilder(imageConfigs), + newGoTemplatingBuilder(imageConfigs), + } + for _, b := range builders { + ok, err := b.match(fromFS) + if err != nil { + return nil, errors.Wrapf(err, "builder %q returned an error", b.Name()) + } + if ok { + return b, nil + } + } + + return nil, errors.New("no suitable builder found") +} + +// BuildContext bundles the inputs that function builders work from. Each +// builder slices the parts of the project it needs: the function +// subdirectory for Go/KCL/go-templating, plus the schemas dir for Python. +type BuildContext struct { + // ProjectFS is the project root filesystem. + ProjectFS afero.Fs + // FunctionPath is the function's path relative to ProjectFS root, + // e.g. "functions/my-fn". + FunctionPath string + // SchemasPath is the schemas dir relative to ProjectFS root, e.g. + // "schemas". Used by Python to stage schemas/python/ alongside the + // function source so the relative path-dep resolves at build time. + SchemasPath string + // Architectures is the list of architectures to build for. + Architectures []string + // OSBasePath is the absolute on-disk path of the function directory. + // Used by FSToTar to resolve symlinks. + OSBasePath string +} + +// FunctionFS returns a filesystem rooted at the function's source directory. +func (c BuildContext) FunctionFS() afero.Fs { + return afero.NewBasePathFs(c.ProjectFS, c.FunctionPath) +} + +// Builder knows how to build a particular kind of function. +type Builder interface { + // Name returns a name for this builder. + Name() string + // Build builds the function described by the given context, returning + // an image for each architecture. This image will *not* include + // package metadata; it's just the runtime image for the function. + Build(ctx context.Context, c BuildContext) ([]v1.Image, error) + // match returns true if this builder can build the function whose source + // lives in the given filesystem. + match(fromFS afero.Fs) (bool, error) +} + +type nopIdentifier struct{} + +// FakeIdentifier is an identifier that always returns a fake builder. This is +// for use in tests where we don't want to do real builds. +// +//nolint:gochecknoglobals // we want to keep this global +var FakeIdentifier Identifier = nopIdentifier{} + +func (nopIdentifier) Identify(_ afero.Fs, _ []pkgv1beta1.ImageConfig) (Builder, error) { + return &fakeBuilder{}, nil +} + +type fakeBuilder struct{} + +func (b *fakeBuilder) Name() string { + return "fake" +} + +func (b *fakeBuilder) match(_ afero.Fs) (bool, error) { + return true, nil +} + +func (b *fakeBuilder) Build(_ context.Context, c BuildContext) ([]v1.Image, error) { + images := make([]v1.Image, len(c.Architectures)) + for i, arch := range c.Architectures { + baseImg := empty.Image + cfg := &v1.ConfigFile{ + OS: "linux", + Architecture: arch, + } + img, err := mutate.ConfigFile(baseImg, cfg) + if err != nil { + return nil, err + } + images[i] = img + } + + return images, nil +} diff --git a/internal/project/functions/build_test.go b/internal/project/functions/build_test.go new file mode 100644 index 0000000..4c90a9f --- /dev/null +++ b/internal/project/functions/build_test.go @@ -0,0 +1,330 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package functions + +import ( + "archive/tar" + "context" + "embed" + "io/fs" + "path/filepath" + "reflect" + "slices" + "strings" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-containerregistry/pkg/name" + "github.com/google/go-containerregistry/pkg/registry" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/empty" + "github.com/google/go-containerregistry/pkg/v1/mutate" + "github.com/google/go-containerregistry/pkg/v1/random" + "github.com/google/go-containerregistry/pkg/v1/remote" + "github.com/google/go-containerregistry/pkg/v1/types" + "github.com/spf13/afero" + "github.com/spf13/afero/tarfs" + + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg" + + clixpkg "github.com/crossplane/cli/v2/internal/xpkg" +) + +var ( + _ Builder = &kclBuilder{} + _ Builder = &pythonBuilder{} +) + +func TestIdentify(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + files map[string]string + expectError bool + expectedBuilder Builder + }{ + "KCLOnly": { + files: map[string]string{ + "kcl.mod": "[package]", + }, + expectedBuilder: &kclBuilder{}, + }, + "PythonOnly": { + files: map[string]string{ + "pyproject.toml": "[project]", + "function/fn.py": "", + }, + expectedBuilder: &pythonBuilder{}, + }, + "GoOnly": { + files: map[string]string{ + "go.mod": "module example.com/fake/module", + }, + expectedBuilder: &goBuilder{}, + }, + "PythonAndKCL": { + files: map[string]string{ + "pyproject.toml": "[project]", + "function/fn.py": "", + "kcl.mod": "[package]", + }, + // kclBuilder has precedence. + expectedBuilder: &kclBuilder{}, + }, + "GoTemplating": { + files: map[string]string{ + "template1.gotmpl": "", + "template2.tmpl": "", + }, + expectedBuilder: &goTemplatingBuilder{}, + }, + "GoTemplatingInvalidFiles": { + files: map[string]string{ + "template1.gotmpl": "", + "template2.tmpl": "", + "sourcecode.go": "package main", + }, + expectError: true, + }, + "Empty": { + files: make(map[string]string), + expectError: true, + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + fromFS := afero.NewMemMapFs() + for fname, content := range tc.files { + if err := afero.WriteFile(fromFS, fname, []byte(content), 0o644); err != nil { + t.Fatal(err) + } + } + + builder, err := DefaultIdentifier.Identify(fromFS, nil) + if tc.expectError { + if err == nil { + t.Fatal("expected error, got nil") + } + if err.Error() != "no suitable builder found" { + t.Errorf("error = %q, want %q", err.Error(), "no suitable builder found") + } + return + } + if err != nil { + t.Fatal(err) + } + wantType := reflect.TypeOf(tc.expectedBuilder) + gotType := reflect.TypeOf(builder) + if wantType != gotType { + t.Errorf("builder type = %v, want %v", gotType, wantType) + } + }) + } +} + +//go:embed testdata/kcl-function/** +var kclFunction embed.FS + +func TestKCLBuild(t *testing.T) { + t.Parallel() + + regSrv, err := registry.TLS("localhost") + if err != nil { + t.Fatal(err) + } + t.Cleanup(regSrv.Close) + testRegistry, err := name.NewRegistry(strings.TrimPrefix(regSrv.URL, "https://")) + if err != nil { + t.Fatal(err) + } + + baseImageRef := testRegistry.Repo("unittest-base-image").Tag("latest") + baseImage, err := mutate.ConfigFile(empty.Image, &v1.ConfigFile{ + Architecture: "amd64", + }) + if err != nil { + t.Fatal(err) + } + baseLayer, err := random.Layer(1, types.OCILayer) + if err != nil { + t.Fatal(err) + } + baseImage, err = mutate.Append(baseImage, mutate.Addendum{ + Layer: baseLayer, + Annotations: map[string]string{ + xpkg.AnnotationKey: xpkg.PackageAnnotation, + }, + }) + if err != nil { + t.Fatal(err) + } + if err := remote.Push(baseImageRef, baseImage, remote.WithTransport(regSrv.Client().Transport)); err != nil { + t.Fatal(err) + } + + b := &kclBuilder{ + baseImage: baseImageRef.String(), + transport: regSrv.Client().Transport, + configStore: clixpkg.NewStaticImageConfigStore(nil), + } + projFS := afero.FromIOFS{FS: kclFunction} + fnImgs, err := b.Build(context.Background(), BuildContext{ + ProjectFS: projFS, + FunctionPath: "testdata/kcl-function", + Architectures: []string{"amd64"}, + }) + if err != nil { + t.Fatal(err) + } + if got := len(fnImgs); got != 1 { + t.Fatalf("len(fnImgs) = %d, want 1", got) + } + fnImg := fnImgs[0] + + cfgFile, err := fnImg.ConfigFile() + if err != nil { + t.Fatal(err) + } + if !slices.Contains(cfgFile.Config.Env, "FUNCTION_KCL_DEFAULT_SOURCE=/src") { + t.Errorf("env missing FUNCTION_KCL_DEFAULT_SOURCE=/src; got %v", cfgFile.Config.Env) + } + + verifyCodeLayer(t, fnImg, afero.NewBasePathFs(projFS, "testdata/kcl-function"), "/src") +} + +//go:embed testdata/go-templating-function/** +var goTemplatingFunction embed.FS + +func TestGoTemplatingBuild(t *testing.T) { + t.Parallel() + + regSrv, err := registry.TLS("localhost") + if err != nil { + t.Fatal(err) + } + t.Cleanup(regSrv.Close) + testRegistry, err := name.NewRegistry(strings.TrimPrefix(regSrv.URL, "https://")) + if err != nil { + t.Fatal(err) + } + + baseImageRef := testRegistry.Repo("unittest-base-image").Tag("latest") + baseImage, err := mutate.ConfigFile(empty.Image, &v1.ConfigFile{ + Architecture: "amd64", + }) + if err != nil { + t.Fatal(err) + } + baseLayer, err := random.Layer(1, types.OCILayer) + if err != nil { + t.Fatal(err) + } + baseImage, err = mutate.Append(baseImage, mutate.Addendum{ + Layer: baseLayer, + Annotations: map[string]string{ + xpkg.AnnotationKey: xpkg.PackageAnnotation, + }, + }) + if err != nil { + t.Fatal(err) + } + if err := remote.Push(baseImageRef, baseImage, remote.WithTransport(regSrv.Client().Transport)); err != nil { + t.Fatal(err) + } + + b := &goTemplatingBuilder{ + baseImage: baseImageRef.String(), + transport: regSrv.Client().Transport, + configStore: clixpkg.NewStaticImageConfigStore(nil), + } + projFS := afero.FromIOFS{FS: goTemplatingFunction} + fnImgs, err := b.Build(context.Background(), BuildContext{ + ProjectFS: projFS, + FunctionPath: "testdata/go-templating-function", + Architectures: []string{"amd64"}, + }) + if err != nil { + t.Fatal(err) + } + if got := len(fnImgs); got != 1 { + t.Fatalf("len(fnImgs) = %d, want 1", got) + } + fnImg := fnImgs[0] + + cfgFile, err := fnImg.ConfigFile() + if err != nil { + t.Fatal(err) + } + if !slices.Contains(cfgFile.Config.Env, "FUNCTION_GO_TEMPLATING_DEFAULT_SOURCE=/src") { + t.Errorf("env missing FUNCTION_GO_TEMPLATING_DEFAULT_SOURCE=/src; got %v", cfgFile.Config.Env) + } + + verifyCodeLayer(t, fnImg, afero.NewBasePathFs(projFS, "testdata/go-templating-function"), "/src") +} + +// verifyCodeLayer asserts that the image has exactly one layer, and that the +// layer's tarball contains every file from sourceFS, prefixed with destPrefix. +func verifyCodeLayer(t *testing.T, img v1.Image, sourceFS afero.Fs, destPrefix string) { + t.Helper() + + layers, err := img.Layers() + if err != nil { + t.Fatal(err) + } + if got := len(layers); got != 1 { + t.Fatalf("len(layers) = %d, want 1", got) + } + layer := layers[0] + rc, err := layer.Uncompressed() + if err != nil { + t.Fatal(err) + } + + tr := tar.NewReader(rc) + tfs := tarfs.New(tr) + _ = afero.Walk(sourceFS, "/", func(path string, _ fs.FileInfo, err error) error { + if err != nil { + t.Fatal(err) + } + + tpath := filepath.Join(destPrefix, path) + st, err := tfs.Stat(tpath) + if err != nil { + t.Fatal(err) + } + + if st.IsDir() { + return nil + } + wantContents, err := afero.ReadFile(sourceFS, path) + if err != nil { + t.Fatal(err) + } + gotContents, err := afero.ReadFile(tfs, tpath) + if err != nil { + t.Fatal(err) + } + if diff := cmp.Diff(wantContents, gotContents); diff != "" { + t.Errorf("file %q contents (-want +got):\n%s", path, diff) + } + + return nil + }) +} diff --git a/internal/project/functions/go.go b/internal/project/functions/go.go new file mode 100644 index 0000000..cc2f0f2 --- /dev/null +++ b/internal/project/functions/go.go @@ -0,0 +1,138 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package functions + +import ( + "context" + "io" + "log" + "net/http" + + "github.com/google/go-containerregistry/pkg/authn" + "github.com/google/go-containerregistry/pkg/name" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/remote" + "github.com/google/ko/pkg/build" + "github.com/spf13/afero" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg" + + pkgv1beta1 "github.com/crossplane/crossplane/apis/v2/pkg/v1beta1" + + clixpkg "github.com/crossplane/cli/v2/internal/xpkg" +) + +// goBuilder builds functions written in Go using ko. +type goBuilder struct { + baseImage string + transport http.RoundTripper + configStore xpkg.ConfigStore +} + +func (b *goBuilder) Name() string { + return "go" +} + +func (b *goBuilder) match(fromFS afero.Fs) (bool, error) { + return afero.Exists(fromFS, "go.mod") +} + +func (b *goBuilder) Build(ctx context.Context, c BuildContext) ([]v1.Image, error) { + // ko logs using the Go standard library global logger without providing + // any option to disable output. Disable output while we do our builds. + prev := log.Default().Writer() + log.SetOutput(io.Discard) + defer log.SetOutput(prev) + + platforms := make([]string, len(c.Architectures)) + for i, arch := range c.Architectures { + platforms[i] = "linux/" + arch + } + + builder, err := build.NewGo(ctx, c.OSBasePath, + build.WithBaseImages(func(ctx context.Context, _ string) (name.Reference, build.Result, error) { + baseImage := b.baseImage + _, rewritten, err := b.configStore.RewritePath(ctx, baseImage) + if err != nil { + return nil, nil, errors.Wrap(err, "failed to rewrite base image") + } + if rewritten != "" { + baseImage = rewritten + } + + ref, err := name.ParseReference(baseImage, name.StrictValidation) + if err != nil { + return nil, nil, err + } + img, err := remote.Index(ref, remote.WithTransport(b.transport), remote.WithAuthFromKeychain(authn.DefaultKeychain)) + return ref, img, err + }), + build.WithPlatforms(platforms...), + ) + if err != nil { + return nil, errors.Wrap(err, "failed to construct ko builder") + } + builder, err = build.NewCaching(builder) + if err != nil { + return nil, errors.Wrap(err, "failed to construct caching builder") + } + + path, err := builder.QualifyImport(".") + if err != nil { + return nil, errors.Wrap(err, "failed to determine go module path for function") + } + + res, err := builder.Build(ctx, path) + if err != nil { + return nil, errors.Wrap(err, "failed to build function") + } + + var imgs []v1.Image + switch out := res.(type) { + case v1.ImageIndex: + idx, err := out.IndexManifest() + if err != nil { + return nil, errors.Wrap(err, "failed to get index manifest") + } + + imgs = make([]v1.Image, len(idx.Manifests)) + for i, desc := range idx.Manifests { + img, err := out.Image(desc.Digest) + if err != nil { + return nil, errors.Wrapf(err, "failed to get image %v from index", desc.Digest) + } + imgs[i] = img + } + + case v1.Image: + imgs = []v1.Image{out} + + default: + return nil, errors.Errorf("ko builder returned unexpected type %T", res) + } + + return imgs, nil +} + +func newGoBuilder(imageConfigs []pkgv1beta1.ImageConfig) *goBuilder { + return &goBuilder{ + baseImage: "gcr.io/distroless/static-debian12@sha256:a9329520abc449e3b14d5bc3a6ffae065bdde0f02667fa10880c49b35c109fd1", + transport: http.DefaultTransport, + configStore: clixpkg.NewStaticImageConfigStore(imageConfigs), + } +} diff --git a/internal/project/functions/go_templating.go b/internal/project/functions/go_templating.go new file mode 100644 index 0000000..ce5a771 --- /dev/null +++ b/internal/project/functions/go_templating.go @@ -0,0 +1,159 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package functions + +import ( + "bytes" + "context" + "io" + "io/fs" + "net/http" + "path/filepath" + "slices" + + "github.com/google/go-containerregistry/pkg/name" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/mutate" + "github.com/google/go-containerregistry/pkg/v1/tarball" + "github.com/spf13/afero" + "golang.org/x/sync/errgroup" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg" + + pkgv1beta1 "github.com/crossplane/crossplane/apis/v2/pkg/v1beta1" + + "github.com/crossplane/cli/v2/internal/filesystem" + clixpkg "github.com/crossplane/cli/v2/internal/xpkg" +) + +// goTemplatingBuilder builds "functions" written in go templating by injecting +// their code into a function-go-templating base image. +type goTemplatingBuilder struct { + baseImage string + transport http.RoundTripper + configStore xpkg.ConfigStore +} + +func (b *goTemplatingBuilder) Name() string { + return "go-templating" +} + +func (b *goTemplatingBuilder) match(fromFS afero.Fs) (bool, error) { + goTemplatingExtensions := []string{ + ".gotmpl", + ".tmpl", + } + + matches := false + err := afero.Walk(fromFS, ".", func(path string, info fs.FileInfo, err error) error { + if err != nil { + return err + } + + if info.Mode().IsDir() { + return nil + } + + if !info.Mode().IsRegular() { + matches = false + return fs.SkipAll + } + + if !slices.Contains(goTemplatingExtensions, filepath.Ext(path)) { + matches = false + return fs.SkipAll + } + + matches = true + return nil + }) + + if errors.Is(err, fs.SkipAll) { + err = nil + } + + return matches, err +} + +func (b *goTemplatingBuilder) Build(ctx context.Context, c BuildContext) ([]v1.Image, error) { + baseImage := b.baseImage + _, rewritten, err := b.configStore.RewritePath(ctx, b.baseImage) + if err != nil { + return nil, errors.Wrap(err, "failed to rewrite base image") + } + if rewritten != "" { + baseImage = rewritten + } + + baseRef, err := name.NewTag(baseImage) + if err != nil { + return nil, errors.Wrap(err, "failed to parse go-templating base image tag") + } + + fnFS := c.FunctionFS() + + images := make([]v1.Image, len(c.Architectures)) + eg, _ := errgroup.WithContext(ctx) + for i, arch := range c.Architectures { + eg.Go(func() error { + baseImg, err := baseImageForArch(baseRef, arch, b.transport) + if err != nil { + return errors.Wrap(err, "failed to fetch go-templating base image") + } + + src, err := filesystem.FSToTar(fnFS, "/src", + filesystem.WithSymlinkBasePath(c.OSBasePath), + ) + if err != nil { + return errors.Wrap(err, "failed to tar layer contents") + } + + codeLayer, err := tarball.LayerFromOpener(func() (io.ReadCloser, error) { + return io.NopCloser(bytes.NewReader(src)), nil + }) + if err != nil { + return errors.Wrap(err, "failed to create code layer") + } + + img, err := mutate.AppendLayers(baseImg, codeLayer) + if err != nil { + return errors.Wrap(err, "failed to add code to image") + } + + img, err = setImageEnvvars(img, map[string]string{ + "FUNCTION_GO_TEMPLATING_DEFAULT_SOURCE": "/src", + }) + if err != nil { + return errors.Wrap(err, "failed to configure go-templating source path") + } + + images[i] = img + return nil + }) + } + + return images, eg.Wait() +} + +func newGoTemplatingBuilder(imageConfigs []pkgv1beta1.ImageConfig) *goTemplatingBuilder { + return &goTemplatingBuilder{ + transport: http.DefaultTransport, + baseImage: "xpkg.crossplane.io/crossplane-contrib/function-go-templating:v0.12.0", + configStore: clixpkg.NewStaticImageConfigStore(imageConfigs), + } +} diff --git a/internal/project/functions/kcl.go b/internal/project/functions/kcl.go new file mode 100644 index 0000000..d92cbe8 --- /dev/null +++ b/internal/project/functions/kcl.go @@ -0,0 +1,213 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package functions + +import ( + "bytes" + "context" + "fmt" + "io" + "net/http" + "slices" + + "github.com/google/go-containerregistry/pkg/authn" + "github.com/google/go-containerregistry/pkg/name" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/empty" + "github.com/google/go-containerregistry/pkg/v1/mutate" + "github.com/google/go-containerregistry/pkg/v1/remote" + "github.com/google/go-containerregistry/pkg/v1/tarball" + "github.com/spf13/afero" + "golang.org/x/sync/errgroup" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg" + + "github.com/crossplane/crossplane/apis/v2/pkg/v1beta1" + + "github.com/crossplane/cli/v2/internal/filesystem" + clixpkg "github.com/crossplane/cli/v2/internal/xpkg" +) + +const ( + crossplaneFunctionRunnerUID = 2000 + crossplaneFunctionRunnerGID = 2000 +) + +// kclBuilder builds functions written in KCL by injecting their code into a +// function-kcl base image. +type kclBuilder struct { + baseImage string + transport http.RoundTripper + configStore xpkg.ConfigStore +} + +func (b *kclBuilder) Name() string { + return "kcl" +} + +func (b *kclBuilder) match(fromFS afero.Fs) (bool, error) { + return afero.Exists(fromFS, "kcl.mod") +} + +func (b *kclBuilder) Build(ctx context.Context, c BuildContext) ([]v1.Image, error) { + baseImage := b.baseImage + _, rewritten, err := b.configStore.RewritePath(ctx, b.baseImage) + if err != nil { + return nil, errors.Wrap(err, "failed to rewrite KCL base image") + } + if rewritten != "" { + baseImage = rewritten + } + + baseRef, err := name.ParseReference(baseImage, name.StrictValidation) + if err != nil { + return nil, errors.Wrap(err, "failed to parse KCL base image tag") + } + + fnFS := c.FunctionFS() + + images := make([]v1.Image, len(c.Architectures)) + eg, _ := errgroup.WithContext(ctx) + for i, arch := range c.Architectures { + eg.Go(func() error { + baseImg, err := baseImageForArch(baseRef, arch, b.transport) + if err != nil { + return errors.Wrap(err, "failed to fetch KCL base image") + } + + src, err := filesystem.FSToTar(fnFS, "/src", + filesystem.WithSymlinkBasePath(c.OSBasePath), + filesystem.WithUIDOverride(crossplaneFunctionRunnerUID), + filesystem.WithGIDOverride(crossplaneFunctionRunnerGID), + ) + if err != nil { + return errors.Wrap(err, "failed to tar layer contents") + } + + codeLayer, err := tarball.LayerFromOpener(func() (io.ReadCloser, error) { + return io.NopCloser(bytes.NewReader(src)), nil + }) + if err != nil { + return errors.Wrap(err, "failed to create code layer") + } + + img, err := mutate.AppendLayers(baseImg, codeLayer) + if err != nil { + return errors.Wrap(err, "failed to add code to image") + } + + img, err = setImageEnvvars(img, map[string]string{ + "FUNCTION_KCL_DEFAULT_SOURCE": "/src", + "KCL_PKG_PATH": "/src", + }) + if err != nil { + return errors.Wrap(err, "failed to configure KCL source path") + } + + images[i] = img + return nil + }) + } + + return images, eg.Wait() +} + +// baseImageForArch pulls the image with the given ref, and returns a version of +// it suitable for use as a function base image. Package and examples layers +// will be removed if present. +func baseImageForArch(ref name.Reference, arch string, transport http.RoundTripper) (v1.Image, error) { + img, err := remote.Image(ref, remote.WithPlatform(v1.Platform{ + OS: "linux", + Architecture: arch, + }), remote.WithTransport(transport), remote.WithAuthFromKeychain(authn.DefaultKeychain)) + if err != nil { + return nil, errors.Wrap(err, "failed to pull image") + } + + cfg, err := img.ConfigFile() + if err != nil { + return nil, errors.Wrap(err, "failed to get config from image") + } + if cfg.Architecture != arch { + return nil, errors.Errorf("image not available for architecture %q", arch) + } + + mfst, err := img.Manifest() + if err != nil { + return nil, errors.Wrap(err, "failed to get manifest from image") + } + baseImage := empty.Image + cfg.RootFS = v1.RootFS{} + cfg.History = nil + baseImage, err = mutate.ConfigFile(baseImage, cfg) + if err != nil { + return nil, errors.Wrap(err, "failed to add configuration to base image") + } + for _, desc := range mfst.Layers { + if isNonBaseLayer(desc) { + continue + } + l, err := img.LayerByDigest(desc.Digest) + if err != nil { + return nil, errors.Wrap(err, "failed to get layer from image") + } + baseImage, err = mutate.AppendLayers(baseImage, l) + if err != nil { + return nil, errors.Wrap(err, "failed to add layer to base image") + } + } + + return baseImage, nil +} + +func isNonBaseLayer(desc v1.Descriptor) bool { + nonBaseLayerAnns := []string{ + xpkg.PackageAnnotation, + xpkg.ExamplesAnnotation, + } + + ann := desc.Annotations[xpkg.AnnotationKey] + return slices.Contains(nonBaseLayerAnns, ann) +} + +func setImageEnvvars(image v1.Image, envVars map[string]string) (v1.Image, error) { + cfgFile, err := image.ConfigFile() + if err != nil { + return nil, errors.Wrap(err, "failed to get config file") + } + cfg := cfgFile.Config + + for k, v := range envVars { + cfg.Env = append(cfg.Env, fmt.Sprintf("%s=%s", k, v)) + } + + image, err = mutate.Config(image, cfg) + if err != nil { + return nil, errors.Wrap(err, "failed to set config") + } + + return image, nil +} + +func newKCLBuilder(imageConfigs []v1beta1.ImageConfig) *kclBuilder { + return &kclBuilder{ + baseImage: "xpkg.crossplane.io/crossplane-contrib/function-kcl:v0.12.1", + transport: http.DefaultTransport, + configStore: clixpkg.NewStaticImageConfigStore(imageConfigs), + } +} diff --git a/internal/project/functions/python.go b/internal/project/functions/python.go new file mode 100644 index 0000000..78a6220 --- /dev/null +++ b/internal/project/functions/python.go @@ -0,0 +1,247 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package functions + +import ( + "bytes" + "context" + "io" + "net/http" + "path" + "path/filepath" + + "github.com/google/go-containerregistry/pkg/name" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/mutate" + "github.com/google/go-containerregistry/pkg/v1/tarball" + "github.com/spf13/afero" + "golang.org/x/sync/errgroup" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg" + + pkgv1beta1 "github.com/crossplane/crossplane/apis/v2/pkg/v1beta1" + + "github.com/crossplane/cli/v2/internal/docker" + "github.com/crossplane/cli/v2/internal/filesystem" + clixpkg "github.com/crossplane/cli/v2/internal/xpkg" +) + +const ( + // pythonBuildImage is the image in which we build the function. Its python + // version must match the python version of pythonRuntimeImage. + pythonBuildImage = "docker.io/library/debian:13-slim" + // pythonRuntimeImage is the distroless base used at runtime. + pythonRuntimeImage = "gcr.io/distroless/python3-debian13:nonroot" + // pythonBuildScript is the shell pipeline that runs in the build + // container. Mirrors function-template-python's Dockerfile: install hatch + // in a throwaway venv, build a wheel, install the wheel into a fresh venv + // at /fn. + // + // TODO(adamwg): We should build an image with python3 and python3-venv + // pre-installed so we don't have to install them for every build. + pythonBuildScript = `set -euo pipefail +export DEBIAN_FRONTEND=noninteractive +apt-get update +apt-get install -y --no-install-recommends python3 python3-venv +python3 -m venv /build +/build/bin/pip install --quiet hatch +/build/bin/hatch build -t wheel /whl +python3 -m venv /fn +/fn/bin/pip install --quiet /whl/*.whl +` +) + +// pythonBuilder builds Python composition functions. +// +// A Python embedded function is a full crossplane-function-sdk-python project +// (pyproject.toml + function/). We build it the same way function-template- +// python's Dockerfile does: in a throwaway debian build container we run +// `hatch build` to produce a wheel, install it into a fresh venv, then copy +// that venv onto a distroless python base. +type pythonBuilder struct { + buildImage string + runtimeImage string + transport http.RoundTripper + configStore xpkg.ConfigStore +} + +func (b *pythonBuilder) Name() string { + return "python" +} + +func (b *pythonBuilder) match(fromFS afero.Fs) (bool, error) { + hasPyproject, err := afero.Exists(fromFS, "pyproject.toml") + if err != nil { + return false, err + } + hasFnDir, err := afero.DirExists(fromFS, "function") + if err != nil { + return false, err + } + return hasPyproject && hasFnDir, nil +} + +func (b *pythonBuilder) Build(ctx context.Context, c BuildContext) ([]v1.Image, error) { + if err := docker.Check(ctx); err != nil { + return nil, errors.Wrap(err, "python builds require a Docker-compatible container runtime") + } + + venvTar, err := b.buildVenv(ctx, c) + if err != nil { + return nil, err + } + + runtimeImage := b.runtimeImage + _, rewritten, err := b.configStore.RewritePath(ctx, b.runtimeImage) + if err != nil { + return nil, errors.Wrap(err, "failed to rewrite runtime image") + } + if rewritten != "" { + runtimeImage = rewritten + } + + runtimeRef, err := name.ParseReference(runtimeImage) + if err != nil { + return nil, errors.Wrap(err, "failed to parse python runtime base image") + } + + images := make([]v1.Image, len(c.Architectures)) + eg, _ := errgroup.WithContext(ctx) + for i, arch := range c.Architectures { + eg.Go(func() error { + baseImg, err := baseImageForArch(runtimeRef, arch, b.transport) + if err != nil { + return errors.Wrap(err, "failed to fetch python runtime base image") + } + + venvLayer, err := tarball.LayerFromOpener(func() (io.ReadCloser, error) { + return io.NopCloser(bytes.NewReader(venvTar)), nil + }) + if err != nil { + return errors.Wrap(err, "failed to create venv layer") + } + + img, err := mutate.AppendLayers(baseImg, venvLayer) + if err != nil { + return errors.Wrap(err, "failed to append venv layer") + } + + img, err = configurePythonImage(img) + if err != nil { + return errors.Wrap(err, "failed to configure python image") + } + + images[i] = img + return nil + }) + } + + return images, eg.Wait() +} + +// buildVenv runs the build container against the function source and returns a +// tar of /fn suitable for use as an image layer (entries are rooted at +// /fn/...). +// +// The function source is staged at / and, if a python schemas +// tree exists, //python/ — preserving the project's relative +// layout so that pip resolves the schemas path-dep from pyproject.toml. +func (b *pythonBuilder) buildVenv(ctx context.Context, c BuildContext) ([]byte, error) { + fnFS := c.FunctionFS() + // Exclude any venv the user might have created in the function directory + // for local development, since (a) we don't need it, and (b) it will + // contain symlinks, which we can't tar up. + fnTar, err := filesystem.FSToTar(fnFS, c.FunctionPath, filesystem.WithExcludePrefix(".venv")) + if err != nil { + return nil, errors.Wrap(err, "failed to tar function source") + } + + pySchemasRel := path.Join(c.SchemasPath, "python") + pySchemasFS := afero.NewBasePathFs(c.ProjectFS, pySchemasRel) + hasPySchemas, _ := afero.DirExists(pySchemasFS, ".") + var schemasTar []byte + if hasPySchemas { + schemasTar, err = filesystem.FSToTar(pySchemasFS, pySchemasRel) + if err != nil { + return nil, errors.Wrap(err, "failed to tar python schemas") + } + } + + buildImage := b.buildImage + _, rewritten, err := b.configStore.RewritePath(ctx, b.buildImage) + if err != nil { + return nil, errors.Wrap(err, "failed to rewrite build image") + } + if rewritten != "" { + buildImage = rewritten + } + + opts := []docker.StartContainerOption{ + docker.StartWithCopyFiles(fnTar, "/"), + docker.StartWithCommand([]string{"sh", "-c", pythonBuildScript}), + docker.StartWithWorkingDirectory("/" + filepath.ToSlash(c.FunctionPath)), + } + if schemasTar != nil { + opts = append(opts, docker.StartWithCopyFiles(schemasTar, "/")) + } + + cid, err := docker.StartContainer(ctx, "", buildImage, opts...) + if err != nil { + return nil, errors.Wrap(err, "failed to start python build container") + } + defer func() { + _ = docker.StopContainerByID(ctx, cid) + }() + + if err := docker.WaitForContainerByID(ctx, cid); err != nil { + return nil, errors.Wrap(err, "python build container failed") + } + + return docker.TarFromContainer(ctx, cid, "/fn") +} + +// configurePythonImage sets the runtime configuration on the final image to +// match function-template-python: nonroot user, the function entrypoint, and +// the gRPC port. +func configurePythonImage(img v1.Image) (v1.Image, error) { + cfgFile, err := img.ConfigFile() + if err != nil { + return nil, errors.Wrap(err, "failed to get config file") + } + cfg := cfgFile.Config + + cfg.Entrypoint = []string{"/fn/bin/function"} + cfg.Cmd = nil + cfg.WorkingDir = "/" + cfg.User = "nonroot:nonroot" + if cfg.ExposedPorts == nil { + cfg.ExposedPorts = map[string]struct{}{} + } + cfg.ExposedPorts["9443/tcp"] = struct{}{} + + return mutate.Config(img, cfg) +} + +func newPythonBuilder(imageConfigs []pkgv1beta1.ImageConfig) *pythonBuilder { + return &pythonBuilder{ + buildImage: pythonBuildImage, + runtimeImage: pythonRuntimeImage, + transport: http.DefaultTransport, + configStore: clixpkg.NewStaticImageConfigStore(imageConfigs), + } +} diff --git a/internal/project/functions/testdata/go-templating-function/resource1.yaml.gotmpl b/internal/project/functions/testdata/go-templating-function/resource1.yaml.gotmpl new file mode 100644 index 0000000..34b88cd --- /dev/null +++ b/internal/project/functions/testdata/go-templating-function/resource1.yaml.gotmpl @@ -0,0 +1,26 @@ +{{ $xr := getCompositeResource . }} + +apiVersion: nop.crossplane.io/v1alpha1 +kind: NopResource +metadata: + annotations: + {{ setResourceNameAnnotation "resource1" }} + spec: + forProvider: + conditionAfter: + {{ if $xr.spec.parameters.networkRef.name }} + conditionStatus: "True" + conditionType: "Ready" + time: "5s" + {{ else }} + conditionStatus: "False" + conditionType: "Ready" + conditionReason: "Network reference is missing" + time: "0s" + {{ end }} + fields: + initialNodeCount: {{ $xr.spec.parameters.initialNodeCount }} + networkRef: {{ $xr.spec.parameters.networkRef }} + subnetworkRef: {{ $xr.spec.parameters.subnetworkRef }} + project: {{ $xr.spec.parameters.project }} + location: {{ $xr.spec.parameters.location }} diff --git a/internal/project/functions/testdata/go-templating-function/resource2.yaml.tmpl b/internal/project/functions/testdata/go-templating-function/resource2.yaml.tmpl new file mode 100644 index 0000000..4561afc --- /dev/null +++ b/internal/project/functions/testdata/go-templating-function/resource2.yaml.tmpl @@ -0,0 +1,12 @@ +{{ $xr := getCompositeResource . }} + +apiVersion: nop.crossplane.io/v1alpha1 +kind: NopResource +metadata: + annotations: + {{ setResourceNameAnnotation "resource2" }} + spec: + forProvider: + fields: + project: {{ $xr.spec.parameters.project }} + location: {{ $xr.spec.parameters.location }} diff --git a/internal/project/functions/testdata/kcl-function/kcl.mod b/internal/project/functions/testdata/kcl-function/kcl.mod new file mode 100644 index 0000000..50682d9 --- /dev/null +++ b/internal/project/functions/testdata/kcl-function/kcl.mod @@ -0,0 +1,6 @@ +[package] +name = "xcluster" +edition = "v0.9.0" +version = "0.0.1" + + diff --git a/internal/project/functions/testdata/kcl-function/kcl.mod.lock b/internal/project/functions/testdata/kcl-function/kcl.mod.lock new file mode 100644 index 0000000..e69de29 diff --git a/internal/project/functions/testdata/kcl-function/main.k b/internal/project/functions/testdata/kcl-function/main.k new file mode 100644 index 0000000..609ded5 --- /dev/null +++ b/internal/project/functions/testdata/kcl-function/main.k @@ -0,0 +1,32 @@ +oxr = option("params").oxr +dxr = { + **oxr + status.dummy = "cool-status" +} +readyCondition = { + conditionStatus: "True" + conditionType: "Ready" + time: "5s" +} if (oxr.spec.parameters.networkRef.name) else {} +statusCondition = { + conditionStatus: "False" + conditionType: "Ready" + conditionReason: "Network reference is missing" + time: "0s" +} if not (oxr.spec.parameters.networkRef.name) else {} +items = [{ + apiVersion: "nop.crossplane.io/v1alpha1" + kind: "NopResource" + metadata.name = oxr.metadata.name + spec.forProvider = { + conditionAfter = [readyCondition] if readyCondition else [statusCondition] + fields = { + initialNodeCount: oxr.spec.parameters.initialNodeCount + networkRef: oxr.spec.parameters.networkRef + subnetworkRef: oxr.spec.parameters.subnetworkRef + project: oxr.spec.parameters.project + location: oxr.spec.parameters.location + } + } +}] + diff --git a/internal/project/helm/helm.go b/internal/project/helm/helm.go new file mode 100644 index 0000000..f41dd5b --- /dev/null +++ b/internal/project/helm/helm.go @@ -0,0 +1,233 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package helm implements a helm chart installer. +package helm + +import ( + "fmt" + "os" + "path/filepath" + "strings" + "time" + + "github.com/spf13/afero" + "helm.sh/helm/v3/pkg/action" + "helm.sh/helm/v3/pkg/chart" + "helm.sh/helm/v3/pkg/chart/loader" + "helm.sh/helm/v3/pkg/cli" + "helm.sh/helm/v3/pkg/release" + "helm.sh/helm/v3/pkg/storage/driver" + "k8s.io/client-go/rest" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/logging" +) + +const ( + helmDriverSecret = "secret" + defaultCacheDir = ".cache/crossplane/charts" + allVersions = ">0.0.0-0" + waitTimeout = 10 * time.Minute +) + +// Manager installs and manages Helm charts in a Kubernetes cluster. +type Manager struct { + repoURL string + chartRef string + chartName string + releaseName string + namespace string + cacheDir string + wait bool + log logging.Logger + fs afero.Fs + + pullClient *puller + getClient helmGetter + installClient helmInstaller +} + +type helmGetter interface { + Run(ref string) (*release.Release, error) +} + +type helmInstaller interface { + Run(ch *chart.Chart, values map[string]any) (*release.Release, error) +} + +// ManagerOption configures a Manager. +type ManagerOption func(*Manager) + +// Wait configures the manager to wait for operations to complete. +func Wait() ManagerOption { + return func(m *Manager) { + m.wait = true + } +} + +// WithLogger sets the logger for the manager. +func WithLogger(l logging.Logger) ManagerOption { + return func(m *Manager) { + m.log = l + } +} + +type puller struct { + *action.Pull +} + +// NewManager builds a helm install manager. +func NewManager(config *rest.Config, chartName, repoURL, namespace string, opts ...ManagerOption) (*Manager, error) { + m := &Manager{ + repoURL: repoURL, + chartRef: chartName, + chartName: chartName, + releaseName: chartName, + namespace: namespace, + log: logging.NewNopLogger(), + fs: afero.NewOsFs(), + } + for _, o := range opts { + o(m) + } + + home, err := os.UserHomeDir() + if err != nil { + return nil, err + } + m.cacheDir = filepath.Join(home, defaultCacheDir) + + actionConfig := new(action.Configuration) + if err := actionConfig.Init(newRESTClientGetter(config, namespace), namespace, helmDriverSecret, func(format string, v ...any) { + m.log.Debug(fmt.Sprintf(format, v...)) + }); err != nil { + return nil, err + } + + if _, err := m.fs.Stat(m.cacheDir); err != nil { + if !os.IsNotExist(err) { + return nil, err + } + if err := m.fs.MkdirAll(m.cacheDir, 0o755); err != nil { + return nil, err + } + } + + // Pull Client + p := action.NewPullWithOpts(action.WithConfig(&action.Configuration{})) + p.DestDir = m.cacheDir + p.Devel = true + p.Settings = &cli.EnvSettings{} + p.RepoURL = repoURL + m.pullClient = &puller{Pull: p} + + // Get Client + m.getClient = action.NewGet(actionConfig) + + // Install Client + ic := action.NewInstall(actionConfig) + ic.Namespace = namespace + ic.CreateNamespace = false + ic.ReleaseName = chartName + ic.Wait = m.wait + ic.Timeout = waitTimeout + m.installClient = ic + + return m, nil +} + +// GetCurrentVersion gets the current version of the chart in the cluster. +func (m *Manager) GetCurrentVersion() (string, error) { + r, err := m.getClient.Run(m.chartName) + if err != nil { + return "", errors.Wrapf(err, "could not identify installed release for %s in namespace %s", m.chartName, m.namespace) + } + if r == nil || r.Chart == nil || r.Chart.Metadata == nil { + return "", errors.New("could not identify current version") + } + return r.Chart.Metadata.Version, nil +} + +// Install installs the chart in the cluster. +func (m *Manager) Install(version string, parameters map[string]any) error { + // Make sure no version is already installed. + current, err := m.GetCurrentVersion() + if err == nil { + return errors.Errorf("chart already installed with version %s", current) + } + if !errors.Is(err, driver.ErrReleaseNotFound) { + // Some other error getting the current version - check if it's because + // the release wasn't found. + if !strings.Contains(err.Error(), "not found") { + return errors.Wrap(err, "could not verify that chart is not already installed") + } + } + + helmChart, err := m.pullAndLoad(version) + if err != nil { + return err + } + + _, err = m.installClient.Run(helmChart, parameters) + return err +} + +func (m *Manager) pullAndLoad(version string) (*chart.Chart, error) { + if version != "" { + fileName := filepath.Join(m.cacheDir, fmt.Sprintf("%s-%s.tgz", m.chartName, version)) + if _, err := m.fs.Stat(fileName); err != nil { + m.pullClient.DestDir = m.cacheDir + m.pullClient.Version = version + if _, err := m.pullClient.Run(m.chartRef); err != nil { + return nil, errors.Wrap(err, "could not pull chart") + } + } + return loader.Load(fileName) + } + + tmp, err := afero.TempDir(m.fs, m.cacheDir, "") + if err != nil { + return nil, err + } + defer func() { + if err := m.fs.RemoveAll(tmp); err != nil { + m.log.Debug("failed to clean up temporary directory", "error", err) + } + }() + m.pullClient.DestDir = tmp + m.pullClient.Version = allVersions + if _, err := m.pullClient.Run(m.chartRef); err != nil { + return nil, errors.Wrap(err, "could not pull chart") + } + files, err := afero.ReadDir(m.fs, tmp) + if err != nil { + return nil, errors.Wrap(err, "could not identify chart pulled as latest") + } + if len(files) != 1 { + return nil, errors.Errorf("corrupt chart tmp directory, consider removing cache (%s)", m.cacheDir) + } + tmpFileName := filepath.Join(tmp, files[0].Name()) + c, err := loader.Load(tmpFileName) + if err != nil { + return nil, err + } + fileName := filepath.Join(m.cacheDir, fmt.Sprintf("%s-%s.tgz", m.chartName, c.Metadata.Version)) + if err := m.fs.Rename(tmpFileName, fileName); err != nil { + return nil, errors.Wrap(err, "could not move latest pulled chart to cache") + } + return c, nil +} diff --git a/internal/project/helm/restclientgetter.go b/internal/project/helm/restclientgetter.go new file mode 100644 index 0000000..2f31f4e --- /dev/null +++ b/internal/project/helm/restclientgetter.go @@ -0,0 +1,78 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package helm + +import ( + "k8s.io/apimachinery/pkg/api/meta" + "k8s.io/client-go/discovery" + "k8s.io/client-go/discovery/cached/memory" + "k8s.io/client-go/rest" + "k8s.io/client-go/restmapper" + "k8s.io/client-go/tools/clientcmd" +) + +type restClientGetter struct { + namespace string + config *rest.Config +} + +func newRESTClientGetter(config *rest.Config, namespace string) *restClientGetter { + return &restClientGetter{ + namespace: namespace, + config: config, + } +} + +// ToRESTConfig returns the underlying REST config. +func (c *restClientGetter) ToRESTConfig() (*rest.Config, error) { + return c.config, nil +} + +// ToDiscoveryClient builds a new discovery client. +func (c *restClientGetter) ToDiscoveryClient() (discovery.CachedDiscoveryInterface, error) { + config, err := c.ToRESTConfig() + if err != nil { + return nil, err + } + config.Burst = 300 + config.QPS = 50 + discoveryClient, err := discovery.NewDiscoveryClientForConfig(config) + if err != nil { + return nil, err + } + return memory.NewMemCacheClient(discoveryClient), nil +} + +// ToRESTMapper builds a new REST mapper. +func (c *restClientGetter) ToRESTMapper() (meta.RESTMapper, error) { + discoveryClient, err := c.ToDiscoveryClient() + if err != nil { + return nil, err + } + mapper := restmapper.NewDeferredDiscoveryRESTMapper(discoveryClient) + expander := restmapper.NewShortcutExpander(mapper, discoveryClient, nil) + return expander, nil +} + +// ToRawKubeConfigLoader loads a new raw kubeconfig. +func (c *restClientGetter) ToRawKubeConfigLoader() clientcmd.ClientConfig { + loadingRules := clientcmd.NewDefaultClientConfigLoadingRules() + loadingRules.DefaultClientConfig = &clientcmd.DefaultClientConfig + overrides := &clientcmd.ConfigOverrides{ClusterDefaults: clientcmd.ClusterDefaults} + overrides.Context.Namespace = c.namespace + return clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, overrides) +} diff --git a/internal/project/image.go b/internal/project/image.go new file mode 100644 index 0000000..bc517b7 --- /dev/null +++ b/internal/project/image.go @@ -0,0 +1,140 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package project + +import ( + "slices" + "strings" + + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/empty" + "github.com/google/go-containerregistry/pkg/v1/mutate" + "github.com/google/go-containerregistry/pkg/v1/types" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg" +) + +// AnnotateImage reads in the layers of the given v1.Image and annotates the +// xpkg layers with their corresponding annotations, returning a new v1.Image +// containing the annotation details. +func AnnotateImage(i v1.Image) (v1.Image, error) { + cfgFile, err := i.ConfigFile() + if err != nil { + return nil, err + } + + layers, err := i.Layers() + if err != nil { + return nil, err + } + + addendums := make([]mutate.Addendum, 0) + + for _, l := range layers { + d, err := l.Digest() + if err != nil { + return nil, err + } + if annotation, ok := cfgFile.Config.Labels[xpkg.Label(d.String())]; ok { + addendums = append(addendums, mutate.Addendum{ + Layer: l, + MediaType: types.DockerLayer, + Annotations: map[string]string{ + xpkg.AnnotationKey: annotation, + }, + }) + continue + } + addendums = append(addendums, mutate.Addendum{ + Layer: l, + MediaType: types.DockerLayer, + }) + } + + if len(addendums) == 0 { + return i, nil + } + + img := empty.Image + for _, a := range addendums { + img, err = mutate.Append(img, a) + if err != nil { + return nil, errors.Wrap(err, "failed to build annotated image") + } + } + + img, err = mutate.ConfigFile(img, cfgFile) + if err != nil { + return nil, err + } + + img = mutate.MediaType(img, types.DockerManifestSchema2) + img = mutate.ConfigMediaType(img, types.DockerConfigJSON) + + return img, nil +} + +// BuildIndex applies annotations to each of the given images and then generates +// an index for them. The annotated images are returned so that a caller can +// push them before pushing the index, since the passed images may not match the +// annotated images. +func BuildIndex(imgs ...v1.Image) (v1.ImageIndex, []v1.Image, error) { + adds := make([]mutate.IndexAddendum, 0, len(imgs)) + images := make([]v1.Image, 0, len(imgs)) + for _, img := range imgs { + aimg, err := AnnotateImage(img) + if err != nil { + return nil, nil, err + } + images = append(images, aimg) + mt, err := aimg.MediaType() + if err != nil { + return nil, nil, err + } + + conf, err := aimg.ConfigFile() + if err != nil { + return nil, nil, err + } + + adds = append(adds, mutate.IndexAddendum{ + Add: aimg, + Descriptor: v1.Descriptor{ + MediaType: mt, + Platform: &v1.Platform{ + Architecture: conf.Architecture, + OS: conf.OS, + OSVersion: conf.OSVersion, + }, + }, + }) + } + + var sortErr error + slices.SortFunc(adds, func(a, b mutate.IndexAddendum) int { + dgstA, errA := a.Add.Digest() + dgstB, errB := b.Add.Digest() + sortErr = errors.Join(errA, errB) + return strings.Compare(dgstA.String(), dgstB.String()) + }) + if sortErr != nil { + return nil, nil, sortErr + } + + return mutate.AppendManifests(empty.Index, adds...), images, nil +} diff --git a/internal/project/install.go b/internal/project/install.go new file mode 100644 index 0000000..f91231b --- /dev/null +++ b/internal/project/install.go @@ -0,0 +1,346 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package project + +import ( + "context" + "encoding/json" + "math" + "time" + + "github.com/Masterminds/semver/v3" + "github.com/google/go-containerregistry/pkg/name" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/wait" + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/logging" + "github.com/crossplane/crossplane-runtime/v2/pkg/resource" + + xpv2 "github.com/crossplane/crossplane/apis/v2/core/v2" + xpkgv1 "github.com/crossplane/crossplane/apis/v2/pkg/v1" + xpkgv1beta1 "github.com/crossplane/crossplane/apis/v2/pkg/v1beta1" +) + +// InstallConfiguration installs a Configuration package on the target control +// plane and waits for it and all its dependencies to become healthy. +func InstallConfiguration(ctx context.Context, cl client.Client, cfgName string, tag name.Tag, logger logging.Logger) error { + pkgSource := tag.String() + cfg := &xpkgv1.Configuration{ + TypeMeta: metav1.TypeMeta{ + APIVersion: xpkgv1.SchemeGroupVersion.String(), + Kind: xpkgv1.ConfigurationKind, + }, + ObjectMeta: metav1.ObjectMeta{ + Name: cfgName, + }, + Spec: xpkgv1.ConfigurationSpec{ + PackageSpec: xpkgv1.PackageSpec{ + Package: pkgSource, + }, + }, + } + + logger.Debug("Installing configuration package") + + err := retryWithBackoff(ctx, 2*time.Second, func(ctx context.Context) (bool, error) { + //nolint:staticcheck // TODO(adamwg): Migrate to cl.Apply. + err := cl.Patch(ctx, cfg, client.Apply, client.ForceOwnership, client.FieldOwner("crossplane-cli")) + if err != nil { + if isRetryableServerError(err) { + return false, nil + } + return false, err + } + return true, nil + }) + if err != nil { + return err + } + + logger.Debug("Waiting for packages to be ready") + return waitForPackagesReady(ctx, cl, cfg) +} + +func isRetryableServerError(err error) bool { + if apierrors.IsTimeout(err) || + apierrors.IsInternalError(err) || + apierrors.IsServerTimeout(err) { + return true + } + + var statusErr *apierrors.StatusError + if errors.As(err, &statusErr) { + reason := statusErr.ErrStatus.Reason + if reason == metav1.StatusReasonServiceUnavailable { + return true + } + } + + return false +} + +func waitForPackagesReady(ctx context.Context, cl client.Client, cfg *xpkgv1.Configuration) error { + nn := types.NamespacedName{ + Name: "lock", + } + var lock xpkgv1beta1.Lock + + return retryWithBackoff(ctx, 5*time.Second, func(ctx context.Context) (bool, error) { + cfgRev, revFound, err := getCurrentRevision(ctx, cl, cfg) + if err != nil { + return false, err + } + if !revFound { + return false, nil + } + + if cfgRev.GetSource() != cfg.GetSource() { + return false, nil + } + + if !packageHasHealthyConditions(cfgRev) { + return false, nil + } + + if err := cl.Get(ctx, nn, &lock); err != nil { + if apierrors.IsNotFound(err) { + return false, nil + } + return false, errors.Wrap(err, "failed to get lock") + } + + var cfgPkg *xpkgv1beta1.LockPackage + for _, pkg := range lock.Packages { + if pkg.Name == cfgRev.Name { + cfgPkg = &pkg + break + } + } + if cfgPkg == nil { + return false, nil + } + + healthy, err := allDepsHealthy(ctx, cl, lock, *cfgPkg) + if err != nil { + return false, err + } + + return healthy, nil + }) +} + +func getCurrentRevision(ctx context.Context, cl client.Client, cfg *xpkgv1.Configuration) (*xpkgv1.ConfigurationRevision, bool, error) { + cfgNN := types.NamespacedName{ + Name: cfg.Name, + } + if err := cl.Get(ctx, cfgNN, cfg); err != nil { + return nil, false, errors.Wrap(err, "failed to get configuration") + } + + if cfg.Status.CurrentRevision == "" { + return nil, false, nil + } + + revNN := types.NamespacedName{ + Name: cfg.Status.CurrentRevision, + } + var cfgRev xpkgv1.ConfigurationRevision + if err := cl.Get(ctx, revNN, &cfgRev); err != nil { + if apierrors.IsNotFound(err) { + return nil, false, nil + } + return nil, false, errors.Wrap(err, "failed to get configuration revision") + } + + return &cfgRev, true, nil +} + +func allDepsHealthy(ctx context.Context, cl client.Client, lock xpkgv1beta1.Lock, pkg xpkgv1beta1.LockPackage) (bool, error) { + for _, dep := range pkg.Dependencies { + depPkg, found := lookupLockPackage(lock.Packages, dep.Package, dep.Constraints) + if !found { + return false, nil + } + healthy, err := packageIsHealthy(ctx, cl, depPkg) + if err != nil { + return false, err + } + if !healthy { + return false, nil + } + } + + return true, nil +} + +func lookupLockPackage(pkgs []xpkgv1beta1.LockPackage, source, constraint string) (xpkgv1beta1.LockPackage, bool) { + for _, pkg := range pkgs { + if !sourcesEqual(pkg.Source, source) { + continue + } + + vc, err := semver.NewConstraint(constraint) + if err != nil { + if pkg.Version == constraint { + return pkg, true + } + } + pv, err := semver.NewVersion(pkg.Version) + if err != nil { + continue + } + if vc.Check(pv) { + return pkg, true + } + } + return xpkgv1beta1.LockPackage{}, false +} + +func sourcesEqual(a, b string) bool { + ra, err := name.NewRepository(a, name.StrictValidation) + if err != nil { + return false + } + rb, err := name.NewRepository(b, name.StrictValidation) + if err != nil { + return false + } + + return ra.String() == rb.String() +} + +func packageIsHealthy(ctx context.Context, cl client.Client, lpkg xpkgv1beta1.LockPackage) (bool, error) { + var pkg xpkgv1.PackageRevision + + if lpkg.Kind != nil { + switch *lpkg.Kind { + case xpkgv1.ConfigurationKind: + pkg = &xpkgv1.ConfigurationRevision{} + case xpkgv1.ProviderKind: + pkg = &xpkgv1.ProviderRevision{} + case xpkgv1.FunctionKind: + pkg = &xpkgv1.FunctionRevision{} + } + } + + if lpkg.Type != nil { + switch *lpkg.Type { + case xpkgv1beta1.ConfigurationPackageType: + pkg = &xpkgv1.ConfigurationRevision{} + case xpkgv1beta1.ProviderPackageType: + pkg = &xpkgv1.ProviderRevision{} + case xpkgv1beta1.FunctionPackageType: + pkg = &xpkgv1.FunctionRevision{} + } + } + + err := cl.Get(ctx, types.NamespacedName{Name: lpkg.Name}, pkg) + if err != nil { + return false, err + } + + return packageHasHealthyConditions(pkg), nil +} + +func packageHasHealthyConditions(pkg xpkgv1.PackageRevision) bool { + v1Healthy := resource.IsConditionTrue(pkg.GetCondition(xpv2.TypeHealthy)) + v2Healthy := resource.IsConditionTrue(pkg.GetCondition(xpkgv1.TypeRevisionHealthy)) + + if _, ok := pkg.(xpkgv1.PackageRevisionWithRuntime); ok { + v2Healthy = v2Healthy && resource.IsConditionTrue(pkg.GetCondition(xpkgv1.TypeRuntimeHealthy)) + } + + return v1Healthy || v2Healthy +} + +// ApplyResources installs arbitrary resources to the target control plane. +func ApplyResources(ctx context.Context, cl client.Client, resources []runtime.RawExtension) error { + for _, raw := range resources { + if len(raw.Raw) == 0 { + return errors.New("encountered an invalid or empty raw resource") + } + + obj := &unstructured.Unstructured{} + if err := json.Unmarshal(raw.Raw, obj); err != nil { + return errors.Wrap(err, "failed to unmarshal resource") + } + + if err := retryWithBackoff(ctx, 2*time.Second, func(ctx context.Context) (bool, error) { + //nolint:staticcheck // TODO(adamwg): Migrate to cl.Apply. + err := cl.Patch(ctx, obj, client.Apply, client.ForceOwnership, client.FieldOwner("crossplane-cli")) + if err != nil { + if isPermanentError(err) { + return false, err + } + return false, nil + } + return true, nil + }); err != nil { + return errors.Wrapf(err, "failed to apply resource %s/%s", + obj.GetKind(), obj.GetName()) + } + } + return nil +} + +func isPermanentError(err error) bool { + if apierrors.IsBadRequest(err) || + apierrors.IsInvalid(err) || + apierrors.IsMethodNotSupported(err) || + apierrors.IsNotAcceptable(err) || + apierrors.IsUnsupportedMediaType(err) || + apierrors.IsUnauthorized(err) || + apierrors.IsForbidden(err) || + apierrors.IsRequestEntityTooLargeError(err) { + return true + } + + return false +} + +func retryWithBackoff(ctx context.Context, maxWait time.Duration, fn func(ctx context.Context) (bool, error)) error { + backoff := wait.Backoff{ + Duration: 500 * time.Millisecond, + Factor: 2.0, + Jitter: 0.1, + Cap: maxWait, + Steps: math.MaxInt32, + } + + for { + done, err := fn(ctx) + if err != nil { + return err + } + if done { + return nil + } + + sleep := backoff.Step() + select { + case <-ctx.Done(): + return ctx.Err() + case <-time.After(sleep): + } + } +} diff --git a/internal/project/install_test.go b/internal/project/install_test.go new file mode 100644 index 0000000..8dc6d7c --- /dev/null +++ b/internal/project/install_test.go @@ -0,0 +1,268 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package project + +import ( + "context" + "encoding/json" + "testing" + + "github.com/google/go-cmp/cmp" + corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + + xpkgv1beta1 "github.com/crossplane/crossplane/apis/v2/pkg/v1beta1" +) + +func newFakeClient(t *testing.T, objs ...client.Object) client.Client { + t.Helper() + scheme := runtime.NewScheme() + if err := corev1.AddToScheme(scheme); err != nil { + t.Fatal(err) + } + return fake.NewClientBuilder(). + WithScheme(scheme). + WithObjects(objs...). + Build() +} + +func TestApplyResources(t *testing.T) { + t.Parallel() + + configMapJSON := func(name string) []byte { + cm := &corev1.ConfigMap{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "v1", + Kind: "ConfigMap", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: "default", + }, + Data: map[string]string{"key": "value"}, + } + bs, err := json.Marshal(cm) + if err != nil { + t.Fatal(err) + } + return bs + } + + t.Run("AppliesConfigMaps", func(t *testing.T) { + t.Parallel() + + cl := newFakeClient(t) + resources := []runtime.RawExtension{ + {Raw: configMapJSON("one")}, + {Raw: configMapJSON("two")}, + } + + if err := ApplyResources(t.Context(), cl, resources); err != nil { + t.Fatalf("ApplyResources: %v", err) + } + + for _, name := range []string{"one", "two"} { + var got corev1.ConfigMap + if err := cl.Get(t.Context(), types.NamespacedName{Name: name, Namespace: "default"}, &got); err != nil { + t.Errorf("configmap %q not found: %v", name, err) + } + } + }) + + t.Run("IdempotentOnExisting", func(t *testing.T) { + t.Parallel() + + cl := newFakeClient(t) + resources := []runtime.RawExtension{{Raw: configMapJSON("repeated")}} + + if err := ApplyResources(t.Context(), cl, resources); err != nil { + t.Fatalf("first ApplyResources: %v", err) + } + if err := ApplyResources(t.Context(), cl, resources); err != nil { + t.Fatalf("second ApplyResources: %v", err) + } + }) + + t.Run("EmptyRawErrors", func(t *testing.T) { + t.Parallel() + + cl := newFakeClient(t) + err := ApplyResources(t.Context(), cl, []runtime.RawExtension{{}}) + if err == nil { + t.Fatal("expected error for empty raw, got nil") + } + }) +} + +func TestLookupLockPackage(t *testing.T) { + t.Parallel() + + pkgs := []xpkgv1beta1.LockPackage{ + { + Name: "function-auto-ready", + Source: "xpkg.crossplane.io/crossplane-contrib/function-auto-ready", + Version: "v0.3.0", + }, + { + Name: "provider-nop", + Source: "xpkg.crossplane.io/crossplane-contrib/provider-nop", + Version: "v0.2.1", + }, + } + + tcs := map[string]struct { + source string + constraint string + wantName string + wantFound bool + }{ + "ExactMatch": { + source: "xpkg.crossplane.io/crossplane-contrib/function-auto-ready", + constraint: "v0.3.0", + wantName: "function-auto-ready", + wantFound: true, + }, + "SemverMatch": { + source: "xpkg.crossplane.io/crossplane-contrib/provider-nop", + constraint: ">=v0.2.0", + wantName: "provider-nop", + wantFound: true, + }, + "SemverMiss": { + source: "xpkg.crossplane.io/crossplane-contrib/provider-nop", + constraint: ">=v1.0.0", + wantFound: false, + }, + "SourceMiss": { + source: "xpkg.crossplane.io/other/thing", + constraint: ">=v0.0.0", + wantFound: false, + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + got, found := lookupLockPackage(pkgs, tc.source, tc.constraint) + if diff := cmp.Diff(tc.wantFound, found); diff != "" { + t.Errorf("found (-want +got):\n%s", diff) + } + if !tc.wantFound { + return + } + if diff := cmp.Diff(tc.wantName, got.Name); diff != "" { + t.Errorf("name (-want +got):\n%s", diff) + } + }) + } +} + +func TestSourcesEqual(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + a, b string + want bool + }{ + "Equal": {"xpkg.crossplane.io/org/pkg", "xpkg.crossplane.io/org/pkg", true}, + "WithRegistry": {"index.docker.io/library/nginx", "index.docker.io/library/nginx", true}, + "DifferentPath": {"xpkg.crossplane.io/org/one", "xpkg.crossplane.io/org/two", false}, + "InvalidA": {"not a valid ref", "xpkg.crossplane.io/org/pkg", false}, + "InvalidB": {"xpkg.crossplane.io/org/pkg", "not a valid ref", false}, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + got := sourcesEqual(tc.a, tc.b) + if diff := cmp.Diff(tc.want, got); diff != "" { + t.Errorf("(-want +got):\n%s", diff) + } + }) + } +} + +func TestIsPermanentError(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + err error + want bool + }{ + "Nil": {nil, false}, + "BadRequest": {apierrors.NewBadRequest("bad"), true}, + "Unauthorized": {apierrors.NewUnauthorized("nope"), true}, + "Forbidden": {apierrors.NewForbidden(schemaGR(), "x", nil), true}, + "Timeout": {apierrors.NewTimeoutError("slow", 1), false}, + "NotFound": {apierrors.NewNotFound(schemaGR(), "x"), false}, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + got := isPermanentError(tc.err) + if diff := cmp.Diff(tc.want, got); diff != "" { + t.Errorf("(-want +got):\n%s", diff) + } + }) + } +} + +func TestIsRetryableServerError(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + err error + want bool + }{ + "Nil": {nil, false}, + "Timeout": {apierrors.NewTimeoutError("slow", 1), true}, + "ServerTimeout": {apierrors.NewServerTimeout(schemaGR(), "x", 1), true}, + "InternalError": {apierrors.NewInternalError(errExample()), true}, + "BadRequest": {apierrors.NewBadRequest("bad"), false}, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + got := isRetryableServerError(tc.err) + if diff := cmp.Diff(tc.want, got); diff != "" { + t.Errorf("(-want +got):\n%s", diff) + } + }) + } +} + +// Helpers. + +func schemaGR() schema.GroupResource { + return schema.GroupResource{Group: "", Resource: "configmaps"} +} + +func errExample() error { + return context.DeadlineExceeded +} diff --git a/internal/project/projectfile/projectfile.go b/internal/project/projectfile/projectfile.go new file mode 100644 index 0000000..7e86213 --- /dev/null +++ b/internal/project/projectfile/projectfile.go @@ -0,0 +1,99 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package projectfile reads and writes Crossplane project files. +package projectfile + +import ( + "github.com/spf13/afero" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/yaml" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + + "github.com/crossplane/cli/v2/apis/dev/v1alpha1" +) + +const ( + // APIVersion is the supported API version for project files. + APIVersion = "dev.crossplane.io/v1alpha1" + // Kind is the supported Kind for project files. + Kind = "Project" +) + +// Parse parses and validates the project file, returning a Project with +// defaults applied. +func Parse(projFS afero.Fs, projFilePath string) (*v1alpha1.Project, error) { + proj, err := ParseWithoutDefaults(projFS, projFilePath) + if err != nil { + return nil, err + } + + proj.Default() + + return proj, nil +} + +// ParseWithoutDefaults parses and validates the project file without applying +// defaults. Use this when reading a project file that will be modified and +// written back, to avoid persisting default values the user omitted. +func ParseWithoutDefaults(projFS afero.Fs, projFilePath string) (*v1alpha1.Project, error) { + bs, err := afero.ReadFile(projFS, projFilePath) + if err != nil { + return nil, errors.Wrapf(err, "failed to read project file %q", projFilePath) + } + + var tm metav1.TypeMeta + if err := yaml.Unmarshal(bs, &tm); err != nil { + return nil, errors.Wrap(err, "failed to parse project file") + } + + if tm.APIVersion != APIVersion { + return nil, errors.Errorf("unsupported project apiVersion %q, expected %q", tm.APIVersion, APIVersion) + } + if tm.Kind != Kind { + return nil, errors.Errorf("unsupported project kind %q, expected %q", tm.Kind, Kind) + } + + var proj v1alpha1.Project + if err := yaml.Unmarshal(bs, &proj); err != nil { + return nil, errors.Wrap(err, "failed to parse project file") + } + + if err := proj.Validate(); err != nil { + return nil, errors.Wrap(err, "invalid project file") + } + + return &proj, nil +} + +// Update reads a project file without applying defaults, applies the given +// mutation function, and writes the result back. This allows the project to be +// updated on disk without injecting defaults. Note that the file will be +// reformatted by the YAML serializer (fields will be re-ordered and comments +// will be lost). +func Update(projFS afero.Fs, projFile string, fn func(*v1alpha1.Project)) error { + proj, err := ParseWithoutDefaults(projFS, projFile) + if err != nil { + return err + } + fn(proj) + bs, err := yaml.Marshal(proj) + if err != nil { + return errors.Wrap(err, "failed to marshal project") + } + return afero.WriteFile(projFS, projFile, bs, 0o644) +} diff --git a/internal/project/projectfile/projectfile_test.go b/internal/project/projectfile/projectfile_test.go new file mode 100644 index 0000000..0db9255 --- /dev/null +++ b/internal/project/projectfile/projectfile_test.go @@ -0,0 +1,299 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package projectfile + +import ( + "os" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/spf13/afero" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/yaml" + + "github.com/crossplane/cli/v2/apis/dev/v1alpha1" +) + +func TestParse(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + setupFs func(t *testing.T, fs afero.Fs) + projectFile string + expectErr bool + expectedPaths *v1alpha1.ProjectPaths + }{ + { + name: "ValidProjectFileAllPaths", + setupFs: func(t *testing.T, fs afero.Fs) { + t.Helper() + yamlContent := ` +apiVersion: dev.crossplane.io/v1alpha1 +kind: Project +metadata: + name: ValidProjectFileAllPaths +spec: + repository: xpkg.crossplane.io/test/test + paths: + apis: "test" + examples: "example" + functions: "funcs" +` + if err := afero.WriteFile(fs, "/project.yaml", []byte(yamlContent), os.ModePerm); err != nil { + t.Fatal(err) + } + }, + projectFile: "/project.yaml", + // Defaults fill in tests, operations, schemas; user-set paths win. + expectedPaths: &v1alpha1.ProjectPaths{ + APIs: "test", + Functions: "funcs", + Examples: "example", + Tests: "tests", + Operations: "operations", + Schemas: "schemas", + }, + }, + { + name: "ValidProjectFileSomePaths", + setupFs: func(t *testing.T, fs afero.Fs) { + t.Helper() + yamlContent := ` +apiVersion: dev.crossplane.io/v1alpha1 +kind: Project +metadata: + name: ValidProjectFileSomePaths +spec: + repository: xpkg.crossplane.io/test/test + paths: + functions: "funcs" +` + if err := afero.WriteFile(fs, "/project.yaml", []byte(yamlContent), os.ModePerm); err != nil { + t.Fatal(err) + } + }, + projectFile: "/project.yaml", + expectedPaths: &v1alpha1.ProjectPaths{ + APIs: "apis", + Functions: "funcs", + Examples: "examples", + Tests: "tests", + Operations: "operations", + Schemas: "schemas", + }, + }, + { + name: "InvalidProjectFileYAML", + setupFs: func(t *testing.T, fs afero.Fs) { + t.Helper() + if err := afero.WriteFile(fs, "/project.yaml", []byte("invalid yaml content"), os.ModePerm); err != nil { + t.Fatal(err) + } + }, + projectFile: "/project.yaml", + expectErr: true, + }, + { + name: "ProjectFileWithNoPaths", + setupFs: func(t *testing.T, fs afero.Fs) { + t.Helper() + yamlContent := ` +apiVersion: dev.crossplane.io/v1alpha1 +kind: Project +metadata: + name: ProjectFileWithNoPaths +spec: + repository: xpkg.crossplane.io/test/test +` + if err := afero.WriteFile(fs, "/project.yaml", []byte(yamlContent), os.ModePerm); err != nil { + t.Fatal(err) + } + }, + projectFile: "/project.yaml", + // All defaults applied. + expectedPaths: &v1alpha1.ProjectPaths{ + APIs: "apis", + Functions: "functions", + Examples: "examples", + Tests: "tests", + Operations: "operations", + Schemas: "schemas", + }, + }, + { + name: "ProjectFileNotFound", + setupFs: func(_ *testing.T, _ afero.Fs) { + }, + projectFile: "/nonexistent.yaml", + expectErr: true, + }, + { + name: "WrongAPIVersion", + setupFs: func(t *testing.T, fs afero.Fs) { + t.Helper() + yamlContent := ` +apiVersion: foo.example.com/v1 +kind: Project +metadata: + name: WrongAPIVersion +spec: + repository: xpkg.crossplane.io/test/test +` + if err := afero.WriteFile(fs, "/project.yaml", []byte(yamlContent), os.ModePerm); err != nil { + t.Fatal(err) + } + }, + projectFile: "/project.yaml", + expectErr: true, + }, + { + name: "MissingRepository", + setupFs: func(t *testing.T, fs afero.Fs) { + t.Helper() + yamlContent := ` +apiVersion: dev.crossplane.io/v1alpha1 +kind: Project +metadata: + name: MissingRepository +spec: {} +` + if err := afero.WriteFile(fs, "/project.yaml", []byte(yamlContent), os.ModePerm); err != nil { + t.Fatal(err) + } + }, + projectFile: "/project.yaml", + expectErr: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + fs := afero.NewMemMapFs() + tt.setupFs(t, fs) + + proj, err := Parse(fs, tt.projectFile) + + if tt.expectErr { + if err == nil { + t.Fatal("expected error, got nil") + } + return + } + if err != nil { + t.Fatal(err) + } + + if diff := cmp.Diff(tt.expectedPaths, proj.Spec.Paths); diff != "" { + t.Errorf("paths (-want +got):\n%s", diff) + } + }) + } +} + +func TestParseWithoutDefaults(t *testing.T) { + t.Parallel() + + yamlContent := ` +apiVersion: dev.crossplane.io/v1alpha1 +kind: Project +metadata: + name: NoDefaults +spec: + repository: xpkg.crossplane.io/test/test +` + fs := afero.NewMemMapFs() + if err := afero.WriteFile(fs, "/project.yaml", []byte(yamlContent), 0o644); err != nil { + t.Fatal(err) + } + + proj, err := ParseWithoutDefaults(fs, "/project.yaml") + if err != nil { + t.Fatal(err) + } + + // Defaults must NOT be applied — Update relies on this so user-omitted + // fields aren't persisted back to disk. + if proj.Spec.Paths != nil { + t.Errorf("Spec.Paths = %+v, want nil", proj.Spec.Paths) + } + if len(proj.Spec.Architectures) != 0 { + t.Errorf("Spec.Architectures = %v, want empty", proj.Spec.Architectures) + } +} + +func TestUpdate(t *testing.T) { + t.Parallel() + + proj := &v1alpha1.Project{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "dev.crossplane.io/v1alpha1", + Kind: "Project", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-project", + }, + Spec: v1alpha1.ProjectSpec{ + Repository: "xpkg.crossplane.io/foo/bar", + }, + } + bs, err := yaml.Marshal(proj) + if err != nil { + t.Fatal(err) + } + projFS := afero.NewMemMapFs() + if err := afero.WriteFile(projFS, "crossplane-project.yaml", bs, 0o644); err != nil { + t.Fatal(err) + } + + var want []byte + err = Update(projFS, "crossplane-project.yaml", func(p *v1alpha1.Project) { + p.Spec.Architectures = []string{"arch1", "arch2"} + p.Spec.Paths = &v1alpha1.ProjectPaths{ + APIs: "my-cool-apis", + Functions: "my-cool-functions", + Examples: "my-cool-examples", + Tests: "my-cool-tests", + } + p.Spec.Dependencies = []v1alpha1.Dependency{{ + Type: v1alpha1.DependencyTypeXpkg, + Xpkg: &v1alpha1.XpkgDependency{ + APIVersion: "pkg.crossplane.io/v1", + Kind: "Provider", + Package: "xpkg.crossplane.io/crossplane-contrib/provider-nop", + Version: "v0.2.1", + }, + }} + want, err = yaml.Marshal(p) + if err != nil { + t.Fatal(err) + } + }) + if err != nil { + t.Fatal(err) + } + + got, err := afero.ReadFile(projFS, "crossplane-project.yaml") + if err != nil { + t.Fatal(err) + } + if diff := cmp.Diff(want, got); diff != "" { + t.Errorf("on-disk contents (-want +got):\n%s", diff) + } +} diff --git a/internal/project/push.go b/internal/project/push.go new file mode 100644 index 0000000..cd72d03 --- /dev/null +++ b/internal/project/push.go @@ -0,0 +1,215 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package project + +import ( + "context" + "fmt" + "net/http" + "time" + + "github.com/google/go-containerregistry/pkg/authn" + "github.com/google/go-containerregistry/pkg/name" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/remote" + "golang.org/x/sync/errgroup" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + + devv1alpha1 "github.com/crossplane/cli/v2/apis/dev/v1alpha1" + "github.com/crossplane/cli/v2/internal/async" +) + +// Pusher is able to push a set of packages built from a project to a registry. +type Pusher interface { + // Push pushes a set of packages built from a project to a registry and + // returns the tag to which the configuration package was pushed. + Push(ctx context.Context, project *devv1alpha1.Project, imgMap ImageTagMap, opts ...PushOption) (name.Tag, error) +} + +// PusherOption configures a pusher. +type PusherOption func(p *realPusher) + +// PushWithTransport sets the HTTP transport to be used by the pusher. +func PushWithTransport(t http.RoundTripper) PusherOption { + return func(p *realPusher) { + p.transport = t + } +} + +// PushWithMaxConcurrency sets the maximum concurrency for pushing packages. +func PushWithMaxConcurrency(n uint) PusherOption { + return func(p *realPusher) { + p.maxConcurrency = n + } +} + +// PushWithAuthKeychain provides a registry credential source to be used by the +// push. +func PushWithAuthKeychain(kc authn.Keychain) PusherOption { + return func(p *realPusher) { + p.keychain = kc + } +} + +// PushOption configures a push. +type PushOption func(o *pushOptions) + +type pushOptions struct { + eventChan async.EventChannel + tag string +} + +// PushWithEventChannel provides a channel to which progress updates will be +// written during the push. It is the caller's responsibility to manage the +// lifecycle of this channel. +func PushWithEventChannel(ch async.EventChannel) PushOption { + return func(o *pushOptions) { + o.eventChan = ch + } +} + +// PushWithTag sets the tag to be used for the pushed packages. +func PushWithTag(tag string) PushOption { + return func(o *pushOptions) { + o.tag = tag + } +} + +type realPusher struct { + keychain authn.Keychain + transport http.RoundTripper + maxConcurrency uint +} + +// Push implements the Pusher interface. +func (p *realPusher) Push(ctx context.Context, project *devv1alpha1.Project, imgMap ImageTagMap, opts ...PushOption) (name.Tag, error) { + os := &pushOptions{ + tag: fmt.Sprintf("v0.0.0-%d", time.Now().Unix()), + } + for _, opt := range opts { + opt(os) + } + + imgTag, err := name.NewTag(fmt.Sprintf("%s:%s", project.Spec.Repository, os.tag), name.StrictValidation) + if err != nil { + return imgTag, errors.Wrap(err, "failed to construct image tag") + } + + cfgImage, fnImages, err := SortImages(imgMap, project.Spec.Repository) + if err != nil { + return imgTag, err + } + + // Push all the function packages in parallel. + eg, egCtx := errgroup.WithContext(ctx) + sem := make(chan struct{}, p.maxConcurrency) + for repo, images := range fnImages { + eg.Go(func() error { + sem <- struct{}{} + defer func() { + <-sem + }() + + stage := fmt.Sprintf("Pushing function package %s", repo) + os.eventChan.SendEvent(stage, async.EventStatusStarted) + + tag := repo.Tag(os.tag) + if err := p.pushIndex(egCtx, tag, images...); err != nil { + os.eventChan.SendEvent(stage, async.EventStatusFailure) + return errors.Wrapf(err, "failed to push function %q", repo) + } + os.eventChan.SendEvent(stage, async.EventStatusSuccess) + return nil + }) + } + + if err := eg.Wait(); err != nil { + return imgTag, err + } + + // Once the functions are pushed, push the configuration package. + stage := fmt.Sprintf("Pushing configuration image %s", imgTag) + os.eventChan.SendEvent(stage, async.EventStatusStarted) + if err := p.pushImage(ctx, imgTag, cfgImage); err != nil { + os.eventChan.SendEvent(stage, async.EventStatusFailure) + return imgTag, errors.Wrap(err, "failed to push configuration package") + } + os.eventChan.SendEvent(stage, async.EventStatusSuccess) + + return imgTag, nil +} + +func (p *realPusher) pushIndex(ctx context.Context, tag name.Tag, imgs ...v1.Image) error { + // Build an index. This is a little superfluous if there's only one image + // (single architecture), but we generate configuration dependencies on + // embedded functions assuming there's an index, so we push an index + // regardless of whether we really need one. + idx, imgs, err := BuildIndex(imgs...) + if err != nil { + return err + } + + // Push the images by digest. + repo := tag.Repository + for _, img := range imgs { + dgst, err := img.Digest() + if err != nil { + return err + } + if err := p.pushImage(ctx, repo.Digest(dgst.String()), img); err != nil { + return err + } + } + + // Tag the function the same as the configuration. The configuration depends + // on it by digest, so this isn't necessary for things to work correctly, + // but it makes the user experience more intuitive. + return remote.WriteIndex(tag, idx, + remote.WithAuthFromKeychain(p.keychain), + remote.WithContext(ctx), + remote.WithTransport(p.transport), + ) +} + +func (p *realPusher) pushImage(ctx context.Context, ref name.Reference, img v1.Image) error { + img, err := AnnotateImage(img) + if err != nil { + return err + } + + return remote.Write(ref, img, + remote.WithAuthFromKeychain(p.keychain), + remote.WithContext(ctx), + remote.WithTransport(p.transport), + ) +} + +// NewPusher returns a new project Pusher. +func NewPusher(opts ...PusherOption) Pusher { + p := &realPusher{ + transport: http.DefaultTransport, + maxConcurrency: 8, + keychain: authn.DefaultKeychain, + } + + for _, opt := range opts { + opt(p) + } + + return p +} diff --git a/internal/project/push_test.go b/internal/project/push_test.go new file mode 100644 index 0000000..5808076 --- /dev/null +++ b/internal/project/push_test.go @@ -0,0 +1,162 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package project + +import ( + "fmt" + "strings" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-containerregistry/pkg/authn" + "github.com/google/go-containerregistry/pkg/name" + "github.com/google/go-containerregistry/pkg/registry" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/mutate" + "github.com/google/go-containerregistry/pkg/v1/random" + "github.com/google/go-containerregistry/pkg/v1/remote" + + devv1alpha1 "github.com/crossplane/cli/v2/apis/dev/v1alpha1" +) + +func TestPusherPush(t *testing.T) { + t.Parallel() + + regSrv, err := registry.TLS("localhost") + if err != nil { + t.Fatalf("failed to start test registry: %v", err) + } + t.Cleanup(regSrv.Close) + transport := regSrv.Client().Transport + regHost := strings.TrimPrefix(regSrv.URL, "https://") + + cases := map[string]struct { + repo string + functionNames []string + archs []string + }{ + "ConfigurationOnly": { + repo: regHost + "/unittest/demo-project", + functionNames: nil, + archs: []string{"amd64", "arm64"}, + }, + "EmbeddedFunctions": { + repo: regHost + "/unittest/embedded-functions", + functionNames: []string{"fn"}, + archs: []string{"amd64", "arm64"}, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + t.Parallel() + + imgMap := make(ImageTagMap) + + cfgTag := mustTag(t, fmt.Sprintf("%s:%s", tc.repo, ConfigurationTag)) + imgMap[cfgTag] = mustRandomImage(t, "amd64", "linux") + + for _, fnName := range tc.functionNames { + fnRepo := fmt.Sprintf("%s_%s", tc.repo, fnName) + for _, arch := range tc.archs { + imgMap[mustTag(t, fmt.Sprintf("%s:%s", fnRepo, arch))] = mustRandomImage(t, arch, "linux") + } + } + + proj := &devv1alpha1.Project{ + Spec: devv1alpha1.ProjectSpec{ + Repository: tc.repo, + }, + } + + pusher := NewPusher( + PushWithTransport(transport), + PushWithAuthKeychain(anonymousKeychain{}), + PushWithMaxConcurrency(2), + ) + + gotTag, err := pusher.Push(t.Context(), proj, imgMap, PushWithTag("v0.0.3")) + if err != nil { + t.Fatalf("Push: %v", err) + } + + wantTag := mustTag(t, fmt.Sprintf("%s:%s", tc.repo, "v0.0.3")) + if diff := cmp.Diff(wantTag.String(), gotTag.String()); diff != "" { + t.Errorf("Push returned unexpected tag (-want +got):\n%s", diff) + } + + if _, err := remote.Image(wantTag, remote.WithTransport(transport)); err != nil { + t.Errorf("failed to pull configuration tag %s: %v", wantTag, err) + } + + for _, fnName := range tc.functionNames { + fnTag := mustTag(t, fmt.Sprintf("%s_%s:%s", tc.repo, fnName, "v0.0.3")) + idx, err := remote.Index(fnTag, remote.WithTransport(transport)) + if err != nil { + t.Errorf("failed to pull function index %s: %v", fnTag, err) + continue + } + mfst, err := idx.IndexManifest() + if err != nil { + t.Errorf("failed to read index manifest for %s: %v", fnTag, err) + continue + } + if diff := cmp.Diff(len(tc.archs), len(mfst.Manifests)); diff != "" { + t.Errorf("unexpected manifest count for %s (-want +got):\n%s", fnTag, diff) + } + } + }) + } +} + +// anonymousKeychain returns authn.Anonymous for every request. Using a real +// keychain in tests would consult the host's docker config; we want to avoid +// that. +type anonymousKeychain struct{} + +func (anonymousKeychain) Resolve(authn.Resource) (authn.Authenticator, error) { + return authn.Anonymous, nil +} + +func mustTag(t *testing.T, ref string) name.Tag { + t.Helper() + tag, err := name.NewTag(ref, name.StrictValidation) + if err != nil { + t.Fatalf("failed to parse tag %q: %v", ref, err) + } + return tag +} + +func mustRandomImage(t *testing.T, arch, os string) v1.Image { + t.Helper() + img, err := random.Image(256, 1) + if err != nil { + t.Fatalf("failed to build random image: %v", err) + } + cfg, err := img.ConfigFile() + if err != nil { + t.Fatalf("failed to read config file: %v", err) + } + cfg = cfg.DeepCopy() + cfg.Architecture = arch + cfg.OS = os + img, err = mutate.ConfigFile(img, cfg) + if err != nil { + t.Fatalf("failed to set config file: %v", err) + } + return img +} diff --git a/internal/project/sort.go b/internal/project/sort.go new file mode 100644 index 0000000..cd38d42 --- /dev/null +++ b/internal/project/sort.go @@ -0,0 +1,53 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package project + +import ( + "fmt" + + "github.com/google/go-containerregistry/pkg/name" + v1 "github.com/google/go-containerregistry/pkg/v1" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" +) + +// SortImages analyzes an image map produced by the project builder and picks +// out the configuration and function images from it. The function images are +// grouped together by function, so that multi-arch indexes can be produced +// based on the returned map. +func SortImages(imgMap ImageTagMap, repo string) (cfgImage v1.Image, fnImages map[name.Repository][]v1.Image, err error) { + cfgTag, err := name.NewTag(fmt.Sprintf("%s:%s", repo, ConfigurationTag), name.StrictValidation) + if err != nil { + return nil, nil, errors.Wrap(err, "failed to construct configuration tag") + } + + fnImages = make(map[name.Repository][]v1.Image) + for tag, image := range imgMap { + if tag == cfgTag { + cfgImage = image + continue + } + + fnImages[tag.Repository] = append(fnImages[tag.Repository], image) + } + + if cfgImage == nil { + return nil, nil, errors.New("failed to find configuration image") + } + + return cfgImage, fnImages, nil +} diff --git a/internal/schemas/generator/go.go b/internal/schemas/generator/go.go new file mode 100644 index 0000000..9e58f90 --- /dev/null +++ b/internal/schemas/generator/go.go @@ -0,0 +1,1374 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package generator + +import ( + "bytes" + "context" + "encoding/json" + "go/ast" + "go/format" + "go/parser" + "go/printer" + "go/token" + "io/fs" + "maps" + "path/filepath" + "slices" + "strings" + "sync" + + "github.com/getkin/kin-openapi/openapi3" + "github.com/gobuffalo/flect" + "github.com/oapi-codegen/oapi-codegen/v2/pkg/codegen" + "github.com/spf13/afero" + "golang.org/x/tools/go/ast/astutil" + extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/kube-openapi/pkg/spec3" + "k8s.io/kube-openapi/pkg/validation/spec" + "sigs.k8s.io/yaml" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + + xpv1 "github.com/crossplane/crossplane/apis/v2/apiextensions/v1" + + "github.com/crossplane/cli/v2/internal/crd" + "github.com/crossplane/cli/v2/internal/schemas/runner" +) + +// K8s package constants. +const ( + k8sPkgMetaV1 = "io.k8s.apimachinery.pkg.apis.meta.v1" + k8sPkgRuntime = "io.k8s.apimachinery.pkg.runtime" + k8sPkgCoreV1 = "io.k8s.api.core.v1" + k8sPkgIntStr = "io.k8s.apimachinery.pkg.util.intstr" + k8sPkgResource = "io.k8s.apimachinery.pkg.api.resource" + k8sPkgAutoscalingV1 = "io.k8s.api.autoscaling.v1" + + k8sPkgNameAutoscaling = "autoscaling" +) + +// goModContents is the contents of the go.mod we write for our generated models +// module. All generated models share the same module so that we can generate a +// single dependency from embedded Go functions. We always resolve this +// dependency via a replace statement, so `dev.crossplane.io/models` is never +// actually used as a URL, just an identifier. +const goModContents = `module dev.crossplane.io/models + +go 1.23 + +require github.com/oapi-codegen/runtime v1.1.0 + +require ( + github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect + github.com/google/uuid v1.4.0 // indirect +) +` + +// goSumContents is the contents of the go.sum we write for our generated models +// module alongside the go.mod. +const goSumContents = `github.com/RaveNoX/go-jsoncommentstrip v1.0.0/go.mod h1:78ihd09MekBnJnxpICcwzCMzGrKSKYe4AqU6PDYYpjk= +github.com/apapsch/go-jsonmerge/v2 v2.0.0 h1:axGnT1gRIfimI7gJifB699GoE/oq+F2MU7Dml6nw9rQ= +github.com/apapsch/go-jsonmerge/v2 v2.0.0/go.mod h1:lvDnEdqiQrp0O42VQGgmlKpxL1AP2+08jFMw88y4klk= +github.com/bmatcuk/doublestar v1.1.1/go.mod h1:UD6OnuiIn0yFxxA2le/rnRU1G4RaI4UvFv1sNto9p6w= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= +github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/juju/gnuflag v0.0.0-20171113085948-2ce1bb71843d/go.mod h1:2PavIy+JPciBPrBUjwbNvtwB6RQlve+hkpll6QSNmOE= +github.com/oapi-codegen/runtime v1.1.0 h1:rJpoNUawn5XTvekgfkvSZr0RqEnoYpFkyvrzfWeFKWM= +github.com/oapi-codegen/runtime v1.1.0/go.mod h1:BeSfBkWWWnAnGdyS+S/GnlbmHKzf8/hwkvelJZDeKA8= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/spkg/bom v0.0.0-20160624110644-59b7046e48ad/go.mod h1:qLr4V1qq6nMqFKkMo8ZTx3f+BZEkzsRUY10Xsm2mwU0= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +` + +// goImportsTemplate replaces the default import template for oapi-codegen, +// since it contains many imports we don't use and will thus result in code that +// doesn't compile. +const goImportsTemplate = `// Package {{.PackageName}} contains generated models. +// +// Code generated by {{.ModuleName}} version {{.Version}} DO NOT EDIT. +package {{.PackageName}} + +import ( + "encoding/json" + "fmt" + "time" + + "github.com/oapi-codegen/runtime" + + {{- range .ExternalImports}} + {{ . }} + {{- end}} + {{- range .AdditionalImports}} + {{.Alias}} "{{.Package}}" + {{- end}} +) + +// Use the following to avoid unused import errors. +var ( + _ *time.Time = nil + _ json.RawMessage = nil + _ = fmt.Errorf + _ = runtime.JSONMerge +) +` + +type goGenerator struct{} + +func (goGenerator) Language() string { + return "go" +} + +// GenerateFromCRD generates Go schemas for the CRDs in the given filesystem. +func (goGenerator) GenerateFromCRD(_ context.Context, fromFS afero.Fs, _ runner.SchemaRunner) (afero.Fs, error) { + openAPIs, err := goCollectOpenAPIs(fromFS) + if err != nil { + return nil, err + } + + if len(openAPIs) == 0 { + // Return nil if no specs were generated + return nil, nil + } + + // Initialize the schema filesystem + schemaFS, err := initializeSchemaFS() + if err != nil { + return nil, err + } + + // Extract shared k8s schemas and generate separate files for each package. + // We have to do this before generating the other models below because + // the code below replaces the k8s models with references to these shared + // ones in-place in the spec. + k8sSchemasByPackage := make(map[string]map[string]*spec.Schema) + + // Collect all K8s schemas from all OpenAPI specs, grouped by package + for _, oapi := range openAPIs { + packagedSchemas := goExtractK8sSchemas(oapi.spec) + for pkg, schemas := range packagedSchemas { + if k8sSchemasByPackage[pkg] == nil { + k8sSchemasByPackage[pkg] = make(map[string]*spec.Schema) + } + maps.Copy(k8sSchemasByPackage[pkg], schemas) + } + } + + // Generate separate files for each K8s package + for pkg, schemas := range k8sSchemasByPackage { + if len(schemas) == 0 { + continue + } + + // Create a spec for this package + pkgSpec := &spec3.OpenAPI{ + Version: "3.0.0", + Components: &spec3.Components{ + Schemas: schemas, + }, + } + + // Determine the group, kind, and version from the package name + var group, kind, version string + switch pkg { + case k8sPkgMetaV1: + group = "meta.k8s.io" + kind = "meta" + version = "v1" + case k8sPkgAutoscalingV1: + group = k8sPkgNameAutoscaling + kind = k8sPkgNameAutoscaling + version = "v1" + } + + // For K8s packages that reference meta.v1, we need to use the correct + // meta import path. The meta.v1 package uses goReferenceK8sTypes (core + // path) because self-references get stripped. Other packages like + // autoscaling use goReferenceK8sTypesForCRDs (non-core path) to + // reference the CRD meta.v1 package at + // dev.crossplane.io/models/io/k8s/meta/v1. + refMutator := goReferenceK8sTypes + if pkg != k8sPkgMetaV1 { + refMutator = goReferenceK8sTypesForCRDs + } + + code, err := generateGo(pkgSpec, version, + goRenameTypes, + goRenameEnums, + goReplaceNumberWithInt, + goRemoveRequired, + refMutator, + ) + if err != nil { + return nil, err + } + + // shorten the auto‑generated K8s type names + code, err = fixK8sTypeNames(code) + if err != nil { + return nil, err + } + + // remove the self‑import (e.g. meta/v1 importing itself) + code, err = removeSelfImports(code, pkg) + if err != nil { + return nil, err + } + + if err := writeGoCode(schemaFS, group, kind, version, code); err != nil { + return nil, err + } + } + + // Generate models for the non-k8s schemas. + for _, oapi := range openAPIs { + code, err := generateGo(oapi.spec, oapi.version, + goRenameTypes, + goRenameEnums, + goReplaceNumberWithInt, + goRemoveRequired, + goReferenceK8sTypesForCRDs, + goRemoveK8s, + goKeepOnlyComponents, + ) + if err != nil { + return nil, err + } + + if err := writeGoCode(schemaFS, oapi.crd.Spec.Group, oapi.crd.Spec.Names.Kind, oapi.version, code); err != nil { + return nil, err + } + } + + return schemaFS, nil +} + +type goOpenAPI struct { + crd *extv1.CustomResourceDefinition + version string + spec *spec3.OpenAPI +} + +func goCollectOpenAPIs(fromFS afero.Fs) ([]goOpenAPI, error) { //nolint:gocognit // Hard to split this up, and it's not too long to read. + crdFS := afero.NewMemMapFs() + baseFolder := "workdir" + + if err := crdFS.MkdirAll(baseFolder, 0o755); err != nil { + return nil, err + } + + var openAPIs []goOpenAPI + return openAPIs, afero.Walk(fromFS, "", func(path string, info fs.FileInfo, err error) error { + if err != nil { + return err + } + + if info.IsDir() { + return nil + } + // Ignore files without yaml extensions. + ext := filepath.Ext(path) + if ext != ".yaml" && ext != ".yml" { + return nil + } + + var u metav1.TypeMeta + bs, err := afero.ReadFile(fromFS, path) + if err != nil { + return errors.Wrapf(err, "failed to read file %q", path) + } + err = yaml.Unmarshal(bs, &u) + if err != nil { + return errors.Wrapf(err, "failed to parse file %q", path) + } + + switch u.GroupVersionKind().Kind { + case xpv1.CompositeResourceDefinitionKind: + // Process the XRD and get the paths + xrPath, claimPath, err := crd.ProcessXRD(crdFS, bs, path, baseFolder) + if err != nil { + return err + } + + if xrPath != "" { + bs, err := afero.ReadFile(crdFS, xrPath) + if err != nil { + return errors.Wrapf(err, "failed to read file %q", xrPath) + } + + var c extv1.CustomResourceDefinition + if err := yaml.Unmarshal(bs, &c); err != nil { + return errors.Wrapf(err, "failed to unmarshal CRD file %q", xrPath) + } + + oapis, err := crd.ToOpenAPI(&c) + if err != nil { + return err + } + for version, oapi := range oapis { + openAPIs = append(openAPIs, goOpenAPI{spec: oapi, version: version, crd: &c}) + } + } + if claimPath != "" { + bs, err := afero.ReadFile(crdFS, claimPath) + if err != nil { + return errors.Wrapf(err, "failed to read file %q", claimPath) + } + + var c extv1.CustomResourceDefinition + if err := yaml.Unmarshal(bs, &c); err != nil { + return errors.Wrapf(err, "failed to unmarshal CRD file %q", claimPath) + } + + oapis, err := crd.ToOpenAPI(&c) + if err != nil { + return err + } + for version, oapi := range oapis { + openAPIs = append(openAPIs, goOpenAPI{spec: oapi, version: version, crd: &c}) + } + } + + case "CustomResourceDefinition": + var c extv1.CustomResourceDefinition + if err := yaml.Unmarshal(bs, &c); err != nil { + return errors.Wrapf(err, "failed to unmarshal CRD file %q", path) + } + + oapis, err := crd.ToOpenAPI(&c) + if err != nil { + return err + } + for version, oapi := range oapis { + openAPIs = append(openAPIs, goOpenAPI{spec: oapi, version: version, crd: &c}) + } + } + return nil + }) +} + +// generateGoMutex prevents concurrent calls to `codegen.Generate` in +// `generateGo`, since `codegen.Generate` is not concurrency safe. +var generateGoMutex sync.Mutex //nolint:gochecknoglobals // Must be global. + +func generateGo(s *spec3.OpenAPI, version string, mutators ...func(*spec3.OpenAPI)) (string, error) { + for _, mut := range mutators { + mut(s) + } + + // Round-trip through JSON to convert the spec to the kin library used by + // oapi-codegen. + bs, err := json.Marshal(s) + if err != nil { + return "", errors.Wrap(err, "failed to marshal OpenAPI spec") + } + ld := openapi3.NewLoader() + oapiInput, err := ld.LoadFromData(bs) + if err != nil { + return "", errors.Wrap(err, "failed to parse OpenAPI spec") + } + + // Generate code! + generateGoMutex.Lock() + defer generateGoMutex.Unlock() + goCode, err := codegen.Generate(oapiInput, codegen.Configuration{ + PackageName: version, + Generate: codegen.GenerateOptions{ + Models: true, + }, + OutputOptions: codegen.OutputOptions{ + SkipPrune: true, + NameNormalizer: string(codegen.NameNormalizerFunctionToCamelCaseWithInitialisms), + SkipFmt: true, + UserTemplates: map[string]string{ + "imports.tmpl": goImportsTemplate, + }, + }, + }) + if err != nil { + return "", errors.Wrap(err, "failed to generate go code from OpenAPI schema") + } + + // Post-process to fix missing imports for map value types + goCode, err = fixMissingImports(goCode) + if err != nil { + return "", errors.Wrap(err, "failed to fix missing imports") + } + + goCodeBytes, err := format.Source([]byte(goCode)) + if err != nil { + return "", errors.Wrap(err, "failed to format go code") + } + + return string(goCodeBytes), nil +} + +// goExtractK8sSchemas returns all k8s schemas from the given OpenAPI +// spec, grouped by their package. +func goExtractK8sSchemas(s *spec3.OpenAPI) map[string]map[string]*spec.Schema { + ret := make(map[string]map[string]*spec.Schema) + + // Define the K8s packages we want to extract + k8sPackages := []string{ + k8sPkgMetaV1, + k8sPkgRuntime, + k8sPkgCoreV1, + k8sPkgIntStr, + k8sPkgResource, + k8sPkgAutoscalingV1, + } + + // Initialize the map for each package + for _, pkg := range k8sPackages { + ret[pkg] = make(map[string]*spec.Schema) + } + + // Group schemas by their package + for name, schema := range s.Components.Schemas { + for _, pkg := range k8sPackages { + if strings.Contains(name, pkg) { + ret[pkg][name] = schema + break + } + } + } + + // Remove empty groups + for pkg := range ret { + if len(ret[pkg]) == 0 { + delete(ret, pkg) + } + } + + return ret +} + +func writeGoCode(schemaFS afero.Fs, group, kind, version, code string) error { + goPath := filepath.Join("models", goSchemaPath(group, kind, version)) + dir := filepath.Dir(goPath) + if err := schemaFS.MkdirAll(dir, 0o755); err != nil { + return errors.Wrap(err, "failed to create directory for schemas") + } + + f, err := schemaFS.Create(goPath) + if err != nil { + return errors.Wrap(err, "failed to create go schema file") + } + if _, err := f.WriteString(code); err != nil { + return errors.Wrap(err, "failed to write go code to file") + } + _ = f.Close() + + return nil +} + +func goSchemaPath(group, kind, version string) string { + // Our Go files will live in directories based on the CRD group and + // version. The filename is the singular kind of the CRD. + // + // Example: Kind "Bucket" in group "platform.example.com/v1alpha1" becomes + // com/example/platform/v1alpha1/bucket.go. + // Special case: meta.core.k8s.io becomes io/k8s/core/meta/v1 for built-in K8s types + if group == "meta.core.k8s.io" { + return filepath.Join("io", "k8s", "core", "meta", version, strings.ToLower(kind)+".go") + } + + // Handle specific K8s groups that should be under io/k8s/ + switch group { + case "apps", k8sPkgNameAutoscaling, "batch", "policy": + return filepath.Join("io", "k8s", group, version, strings.ToLower(kind)+".go") + } + + path := strings.Split(group, ".") + slices.Reverse(path) + path = append(path, version, strings.ToLower(kind)+".go") + + return filepath.Join(path...) +} + +// goRenameTypes adds annotations to schemas to cause oapi-codegen to generate +// nice type names. +func goRenameTypes(s *spec3.OpenAPI) { + for name, schema := range s.Components.Schemas { + goName := goFixName(name) + if goName == "" { + delete(s.Components.Schemas, name) + continue + } + goRenameSchemaType(goName, schema) + goRenamePropertyTypes(goName, schema.Properties) + } +} + +func goRenamePropertyTypes(baseName string, props map[string]spec.Schema) { + for name, prop := range props { + goName := goFixName(baseName + flect.Capitalize(name)) + + goRenameSchemaType(goName, &prop) + goRenamePropertyTypes(goName, prop.Properties) + + if prop.Items != nil { + goRenameSchemaType(goName+"Item", prop.Items.Schema) + goRenamePropertyTypes(goName+"Item", prop.Items.Schema.Properties) + } + + props[name] = prop + } +} + +func goFixName(name string) string { + generateGoMutex.Lock() + defer generateGoMutex.Unlock() + + lastDot := strings.LastIndex(name, ".") + if lastDot == -1 { + return codegen.ToCamelCaseWithInitialisms(name) + } + genName := codegen.SchemaNameToTypeName(name) + prefix := codegen.SchemaNameToTypeName(name[:lastDot]) + return codegen.ToCamelCaseWithInitialisms(strings.TrimPrefix(genName, prefix)) +} + +func goRenameSchemaType(name string, schema *spec.Schema) { + schema.AddExtension("x-go-type-name", name) + schema.AddExtension("x-oapi-codegen-only-honour-go-name", true) +} + +// goRenameEnums names enum values unambiguously so different generated models +// can live in the same package. +func goRenameEnums(s *spec3.OpenAPI) { + for name, schema := range s.Components.Schemas { + goName := goFixName(name) + if goName == "" { + delete(s.Components.Schemas, name) + continue + } + goRenameEnumValues(goName, schema) + goRenamePropertyEnums(goName, schema.Properties) + } +} + +func goRenamePropertyEnums(baseName string, props map[string]spec.Schema) { + for name, prop := range props { + goName := goFixName(baseName + flect.Capitalize(name)) + + goRenameEnumValues(goName, &prop) + goRenamePropertyEnums(goName, prop.Properties) + + if prop.Items != nil { + goRenameEnumValues(goName+"Item", prop.Items.Schema) + goRenamePropertyEnums(goName+"Item", prop.Items.Schema.Properties) + } + + props[name] = prop + } +} + +func goRenameEnumValues(typeName string, schema *spec.Schema) { + if schema.Enum == nil { + return + } + + newNames := make([]string, len(schema.Enum)) + for i, oldName := range schema.Enum { + s, ok := oldName.(string) + if !ok { + // This should always be true, but we'd rather not panic, so ignore + // any non-string enums. + continue + } + newNames[i] = typeName + flect.Capitalize(s) + } + + schema.AddExtension("x-enum-varnames", newNames) +} + +// goReplaceNumberWithInt adds annotations to schemas to cause oapi-codegen to +// generate int type fields instead of floats for numbers. +func goReplaceNumberWithInt(s *spec3.OpenAPI) { + for _, schema := range s.Components.Schemas { + goRetypeSchema(schema, "number", "int") + goRetypeProperties(schema.Properties, "number", "int") + } +} + +func goRetypeProperties(props map[string]spec.Schema, oldType, newType string) { + for name, prop := range props { + goRetypeSchema(&prop, oldType, newType) + if prop.Items != nil { + goRetypeSchema(prop.Items.Schema, oldType, newType) + goRetypeProperties(prop.Items.Schema.Properties, oldType, newType) + } + props[name] = prop + } +} + +func goRetypeSchema(schema *spec.Schema, oldType, newType string) { + if schema.Type.Contains(oldType) { + schema.AddExtension("x-go-type", newType) + } +} + +// goRemoveRequired removes the required fields from schemas. We want all fields +// in our generated models to be optional (so functions can set only the fields +// they wish to own). +func goRemoveRequired(s *spec3.OpenAPI) { + for _, schema := range s.Components.Schemas { + schema.Required = nil + goRemovePropertiesRequired(schema.Properties) + if schema.Items != nil { + goRemovePropertiesRequired(schema.Items.Schema.Properties) + } + } +} + +func goRemovePropertiesRequired(props map[string]spec.Schema) { + for name, prop := range props { + prop.Required = nil + goRemovePropertiesRequired(prop.Properties) + if prop.Items != nil { + prop.Items.Schema.Required = nil + goRemovePropertiesRequired(prop.Items.Schema.Properties) + } + + props[name] = prop + } +} + +// goReferenceK8sTypes converts all references to k8s meta/v1 schemas in the +// given spec to references to the shared Go models we generate for the k8s +// schemas. +func goReferenceK8sTypes(s *spec3.OpenAPI) { + for _, schema := range s.Components.Schemas { + goReferenceK8sType(schema) + goReferenceK8sTypesProperties(schema.Properties) + } +} + +// goReferenceK8sTypesForCRDs is like goReferenceK8sTypes but uses different +// import paths appropriate for CRDs. For CRDs, we only need to handle meta.v1 +// differently since CRDs might use meta.k8s.io group. +func goReferenceK8sTypesForCRDs(s *spec3.OpenAPI) { + for _, schema := range s.Components.Schemas { + goReferenceK8sTypeWithMetaPath(schema, false) + goReferenceK8sTypesPropertiesWithMetaPath(schema.Properties, false) + } +} + +func goReferenceK8sType(schema *spec.Schema) { + goReferenceK8sTypeWithMetaPath(schema, true) +} + +func goReferenceK8sTypeWithMetaPath(schema *spec.Schema, useCorePath bool) { + // Helper function to check if a reference is a k8s type + isK8sRef := func(ref string) bool { + return strings.Contains(ref, k8sPkgMetaV1) || + strings.Contains(ref, k8sPkgCoreV1) || + strings.Contains(ref, k8sPkgRuntime) || + strings.Contains(ref, k8sPkgIntStr) || + strings.Contains(ref, k8sPkgResource) || + strings.Contains(ref, k8sPkgAutoscalingV1) + } + + // Handle direct reference + ref := schema.Ref.String() + if isK8sRef(ref) { + tryReplaceK8sTypeWithMetaPath(schema, ref, useCorePath) + // Clear the original reference after replacement + schema.Ref = spec.Ref{} + } + + // Handle AllOf - if all schemas in AllOf are k8s refs, we can replace the whole schema + allK8s := true + for _, one := range schema.AllOf { + if one.Ref.String() == "" || !isK8sRef(one.Ref.String()) { + allK8s = false + break + } + } + + if allK8s && len(schema.AllOf) > 0 { + // Use the first AllOf ref for the replacement + ref := schema.AllOf[0].Ref.String() + tryReplaceK8sTypeWithMetaPath(schema, ref, useCorePath) + schema.AllOf = nil + } else { + // Process each AllOf individually + for i := range schema.AllOf { + goReferenceK8sTypeWithMetaPath(&schema.AllOf[i], useCorePath) + } + } + + // Also check OneOf and AnyOf + for i := range schema.OneOf { + goReferenceK8sTypeWithMetaPath(&schema.OneOf[i], useCorePath) + } + for i := range schema.AnyOf { + goReferenceK8sTypeWithMetaPath(&schema.AnyOf[i], useCorePath) + } +} + +func goReferenceK8sTypesProperties(props map[string]spec.Schema) { + goReferenceK8sTypesPropertiesWithMetaPath(props, true) +} + +func goReferenceK8sTypesPropertiesWithMetaPath(props map[string]spec.Schema, useCorePath bool) { + for name, prop := range props { + goReferenceK8sTypeWithMetaPath(&prop, useCorePath) + goReferenceK8sTypesPropertiesWithMetaPath(prop.Properties, useCorePath) + if prop.Items != nil { + goReferenceK8sTypeWithMetaPath(prop.Items.Schema, useCorePath) + goReferenceK8sTypesPropertiesWithMetaPath(prop.Items.Schema.Properties, useCorePath) + } + if prop.AdditionalProperties != nil && prop.AdditionalProperties.Schema != nil { + goReferenceK8sTypeWithMetaPath(prop.AdditionalProperties.Schema, useCorePath) + goReferenceK8sTypesPropertiesWithMetaPath(prop.AdditionalProperties.Schema.Properties, useCorePath) + } + + props[name] = prop + } +} + +func tryReplaceK8sTypeWithMetaPath(schema *spec.Schema, ref string, useCorePath bool) { + lastDot := strings.LastIndex(ref, ".") + if lastDot == -1 { + return + } + t := ref[lastDot+1:] + + // Determine the correct alias and path for meta.v1 + metaAlias := "metacorev1" + metaPath := "dev.crossplane.io/models/io/k8s/core/meta/v1" + if !useCorePath { + metaAlias = "metav1" + metaPath = "dev.crossplane.io/models/io/k8s/meta/v1" + } + + mapping := []struct { + contains string + alias string + importPath string + }{ + { + contains: k8sPkgMetaV1, + alias: metaAlias, + importPath: metaPath, + }, + { + contains: k8sPkgCoreV1, + alias: "corev1", + importPath: "dev.crossplane.io/models/io/k8s/core/v1", + }, + { + contains: k8sPkgRuntime, + alias: "runtimev1", + importPath: "dev.crossplane.io/models/io/k8s/runtime/v1", + }, + { + contains: k8sPkgIntStr, + alias: "intstrv1", + importPath: "dev.crossplane.io/models/io/k8s/util/v1", + }, + { + contains: k8sPkgResource, + alias: "resourcev1", + importPath: "dev.crossplane.io/models/io/k8s/resource/v1", + }, + { + contains: k8sPkgAutoscalingV1, + alias: "autoscalingv1", + importPath: "dev.crossplane.io/models/io/k8s/autoscaling/v1", + }, + } + + for _, m := range mapping { + if strings.Contains(ref, m.contains) { + schema.AddExtension("x-go-type", m.alias+"."+t) + schema.AddExtension("x-go-type-import", map[string]string{ + "path": m.importPath, + "name": m.alias, + }) + return + } + } +} + +// goRemoveK8s removes all k8s schemas from the given OpenAPI spec, so +// that we can generate models for them separately and share them across all our +// other generated models. +func goRemoveK8s(s *spec3.OpenAPI) { + for name := range s.Components.Schemas { + if strings.HasPrefix(name, k8sPkgMetaV1) || + strings.HasPrefix(name, k8sPkgRuntime) || + strings.HasPrefix(name, k8sPkgCoreV1) || + strings.HasPrefix(name, k8sPkgIntStr) || + strings.HasPrefix(name, k8sPkgResource) || + strings.HasPrefix(name, k8sPkgAutoscalingV1) { + delete(s.Components.Schemas, name) + } + } +} + +// goKeepOnlyComponents leaves only the "components" portion of the OpenAPI spec +// in place. This lets us make oapi-codegen generate code only for schemas and +// not a full REST client. +func goKeepOnlyComponents(s *spec3.OpenAPI) { + *s = spec3.OpenAPI{ + Version: s.Version, + Info: s.Info, + Components: s.Components, + } +} + +// goAddDefaults adds default values for apiVersion and kind properties based on +// x-kubernetes-group-version-kind extension. +func goAddDefaults(s *spec3.OpenAPI) { + if s.Components == nil || s.Components.Schemas == nil { + return + } + + for _, schema := range s.Components.Schemas { + processSchemaDefaults(schema) + } +} + +func processSchemaDefaults(schema *spec.Schema) { + // Look for x-kubernetes-group-version-kind extension + rawExt, ok := schema.Extensions["x-kubernetes-group-version-kind"] + if !ok { + return + } + + // Convert the extension to a usable format + gvkList := extractGVKList(rawExt) + if len(gvkList) == 0 { + return + } + + // Extract group, version, and kind from the first GVK + group, version, kind := extractGVKInfo(gvkList[0]) + + // Construct apiVersion + apiVersion := constructAPIVersion(group, version) + + // Add defaults to properties + addSchemaPropertyDefaultsGo(schema, apiVersion, kind) +} + +func extractGVKList(rawExt any) []map[string]any { + var gvkList []map[string]any + switch ext := rawExt.(type) { + case []any: + for _, item := range ext { + if gvk, ok := item.(map[string]any); ok { + gvkList = append(gvkList, gvk) + } + } + case []map[string]any: + gvkList = ext + } + return gvkList +} + +func extractGVKInfo(gvk map[string]any) (group, version, kind string) { + if g, ok := gvk["group"].(string); ok { + group = g + } + if v, ok := gvk["version"].(string); ok { + version = v + } + if k, ok := gvk["kind"].(string); ok { + kind = k + } + return group, version, kind +} + +func constructAPIVersion(group, version string) string { + if group != "" { + return group + "/" + version + } + return version +} + +func addSchemaPropertyDefaultsGo(schema *spec.Schema, apiVersion, kind string) { + if schema.Properties == nil { + return + } + + // Add default to apiVersion property + if propSchema, ok := schema.Properties["apiVersion"]; ok { + propSchema.Default = apiVersion + propSchema.Enum = []any{apiVersion} + schema.Properties["apiVersion"] = propSchema + } + + // Add default to kind property + if propSchema, ok := schema.Properties["kind"]; ok { + propSchema.Default = kind + propSchema.Enum = []any{kind} + schema.Properties["kind"] = propSchema + } +} + +// removeSelfImports removes self-imports and removes +// the package prefix from types that would use the self-import. +func removeSelfImports(code string, pkg string) (string, error) { + selfImports := map[string]struct { + Alias, Path string + }{ + k8sPkgMetaV1: {"metacorev1", "dev.crossplane.io/models/io/k8s/core/meta/v1"}, + k8sPkgCoreV1: {"corev1", "dev.crossplane.io/models/io/k8s/core/v1"}, + k8sPkgRuntime: {"runtimev1", "dev.crossplane.io/models/io/k8s/runtime/v1"}, + k8sPkgIntStr: {"intstrv1", "dev.crossplane.io/models/io/k8s/util/v1"}, + k8sPkgResource: {"resourcev1", "dev.crossplane.io/models/io/k8s/resource/v1"}, + k8sPkgAutoscalingV1: {"autoscalingv1", "dev.crossplane.io/models/io/k8s/autoscaling/v1"}, + } + + info, ok := selfImports[pkg] + if !ok { + return code, nil // nothing to strip + } + + // parse + fset := token.NewFileSet() + f, err := parser.ParseFile(fset, "", code, parser.ParseComments) + if err != nil { + return "", errors.Wrap(err, "parsing Go code") + } + + // delete the import (works for both named & unnamed imports) + astutil.DeleteImport(fset, f, info.Path) + astutil.DeleteNamedImport(fset, f, info.Alias, info.Path) + + // strip selectors: transform `alias.Thing` → `Thing` + astutil.Apply(f, nil, func(c *astutil.Cursor) bool { + if sel, ok := c.Node().(*ast.SelectorExpr); ok { + if pkgIdent, ok := sel.X.(*ast.Ident); ok && pkgIdent.Name == info.Alias { + // replace the selector expr with just the identifier + c.Replace(&ast.Ident{Name: sel.Sel.Name, NamePos: sel.Sel.NamePos}) + } + } + return true + }) + + var buf strings.Builder + if err := format.Node(&buf, fset, f); err != nil { + return "", errors.Wrap(err, "formatting Go code") + } + return buf.String(), nil +} + +// fixMissingImports add missing imports for K8s types. +func fixMissingImports(code string) (string, error) { + // 1. Define the k8s imports you might need + k8sImports := map[string]string{ + "metacorev1": "dev.crossplane.io/models/io/k8s/core/meta/v1", + "metav1": "dev.crossplane.io/models/io/k8s/meta/v1", + "corev1": "dev.crossplane.io/models/io/k8s/core/v1", + "resourcev1": "dev.crossplane.io/models/io/k8s/resource/v1", + "runtimev1": "dev.crossplane.io/models/io/k8s/runtime/v1", + "intstrv1": "dev.crossplane.io/models/io/k8s/util/v1", + "autoscalingv1": "dev.crossplane.io/models/io/k8s/autoscaling/v1", + } + + fset := token.NewFileSet() + f, err := parser.ParseFile(fset, "", code, parser.ParseComments) + if err != nil { + return "", errors.Wrap(err, "parsing failed") + } + + needed := map[string]bool{} + ast.Inspect(f, func(n ast.Node) bool { + if sel, ok := n.(*ast.SelectorExpr); ok { + if pkg, ok := sel.X.(*ast.Ident); ok { + if _, known := k8sImports[pkg.Name]; known { + needed[pkg.Name] = true + } + } + } + return true + }) + + for alias, path := range k8sImports { + if !needed[alias] { + continue + } + // AddNamedImport will do nothing if the import (with that alias) is already present + astutil.AddNamedImport(fset, f, alias, path) + } + + var buf bytes.Buffer + if err := printer.Fprint(&buf, fset, f); err != nil { + return "", errors.Wrap(err, "printing AST failed") + } + return buf.String(), nil +} + +// fixK8sTypeNames uses AST manipulation to replace long K8s type names with short ones. +func fixK8sTypeNames(code string) (string, error) { + // Parse the code + fset := token.NewFileSet() + f, err := parser.ParseFile(fset, "", code, parser.ParseComments) + if err != nil { + return "", errors.Wrap(err, "failed to parse Go code") + } + + replacements := map[string]string{ + // Types that map to time.Time. + "IoK8SApimachineryPkgApisMetaV1Time": "Time", + "IoK8SApimachineryPkgApisMetaV1MicroTime": "MicroTime", + // Union types from IntOrString and their related methods. + "IoK8SApimachineryPkgUtilIntstrIntOrString0": "Int", + "FromIoK8SApimachineryPkgUtilIntstrIntOrString0": "FromInt", + "AsIoK8SApimachineryPkgUtilIntstrIntOrString0": "AsInt", + "MergeIoK8SApimachineryPkgUtilIntstrIntOrString0": "MergeInt", + "IoK8SApimachineryPkgUtilIntstrIntOrString1": "String", + "FromIoK8SApimachineryPkgUtilIntstrIntOrString1": "FromString", + "AsIoK8SApimachineryPkgUtilIntstrIntOrString1": "AsString", + "MergeIoK8SApimachineryPkgUtilIntstrIntOrString1": "MergeString", + } + + // Walk the AST and replace type names + ast.Inspect(f, func(n ast.Node) bool { + if x, ok := n.(*ast.Ident); ok { + if newName, ok := replacements[x.Name]; ok { + x.Name = newName + } + } + return true + }) + + // Format and return the modified code + var buf strings.Builder + if err := format.Node(&buf, fset, f); err != nil { + return "", errors.Wrap(err, "failed to format Go code") + } + + return buf.String(), nil +} + +// GenerateFromOpenAPI generates Go schemas for the OpenAPI docs in the given filesystem. +func (goGenerator) GenerateFromOpenAPI(_ context.Context, fromFS afero.Fs, _ runner.SchemaRunner) (afero.Fs, error) { + // Walk through filesystem to collect OpenAPI specs + openAPISpecs, err := collectOpenAPISpecs(fromFS) + if err != nil { + return nil, err + } + + if len(openAPISpecs) == 0 { + // Return nil if no specs were generated + return nil, nil + } + + // Initialize the schema filesystem + schemaFS, err := initializeSchemaFS() + if err != nil { + return nil, err + } + + // Generate K8s shared schemas + if err := generateK8sSharedSchemas(openAPISpecs, schemaFS); err != nil { + return nil, err + } + + // Generate models for the rest + if err := generateModelsWithGVK(openAPISpecs, schemaFS); err != nil { + return nil, err + } + + return schemaFS, nil +} + +// collectOpenAPISpecs walks through the filesystem to find and parse OpenAPI JSON files. +func collectOpenAPISpecs(fromFS afero.Fs) ([]*spec3.OpenAPI, error) { + var openAPISpecs []*spec3.OpenAPI + + err := afero.Walk(fromFS, "", func(path string, info fs.FileInfo, err error) error { + if err != nil { + return err + } + + if info.IsDir() { + return nil + } + + // Only process JSON files + if !strings.HasSuffix(strings.ToLower(path), ".json") { + return nil + } + + // Read the file content + bs, err := afero.ReadFile(fromFS, path) + if err != nil { + return errors.Wrapf(err, "failed to read file %q", path) + } + + // Parse as OpenAPI spec + var spec spec3.OpenAPI + if err := json.Unmarshal(bs, &spec); err != nil { + // Skip files that aren't valid OpenAPI specs + return nil //nolint:nilerr // See comment above. + } + + // Check if it has components/schemas + if spec.Components == nil || len(spec.Components.Schemas) == 0 { + return nil + } + + openAPISpecs = append(openAPISpecs, &spec) + return nil + }) + + return openAPISpecs, err +} + +// initializeSchemaFS creates and initializes the schema filesystem with go.mod and go.sum. +func initializeSchemaFS() (afero.Fs, error) { + schemaFS := afero.NewMemMapFs() + if err := schemaFS.Mkdir("models", 0o755); err != nil { + return nil, errors.Wrap(err, "failed to create models directory") + } + + modf, err := schemaFS.Create("models/go.mod") + if err != nil { + return nil, errors.Wrap(err, "failed to create go.mod") + } + if _, err := modf.WriteString(goModContents); err != nil { + return nil, errors.Wrap(err, "failed to write go.mod") + } + + sumf, err := schemaFS.Create("models/go.sum") + if err != nil { + return nil, errors.Wrap(err, "failed to create go.sum") + } + if _, err := sumf.WriteString(goSumContents); err != nil { + return nil, errors.Wrap(err, "failed to write go.sum") + } + + return schemaFS, nil +} + +// generateK8sSharedSchemas extracts and generates shared K8s schemas. +func generateK8sSharedSchemas(openAPISpecs []*spec3.OpenAPI, schemaFS afero.Fs) error { + k8sSchemasByPackage := make(map[string]map[string]*spec.Schema) + + // Collect all K8s schemas from all OpenAPI specs, grouped by package + for _, openAPISpec := range openAPISpecs { + packagedSchemas := goExtractK8sSchemas(openAPISpec) + for pkg, schemas := range packagedSchemas { + if k8sSchemasByPackage[pkg] == nil { + k8sSchemasByPackage[pkg] = make(map[string]*spec.Schema) + } + maps.Copy(k8sSchemasByPackage[pkg], schemas) + } + } + + // Generate separate files for each K8s package + for pkg, schemas := range k8sSchemasByPackage { + if len(schemas) == 0 { + continue + } + + if err := generateK8sPackageCode(pkg, schemas, schemaFS); err != nil { + return err + } + } + + return nil +} + +// generateK8sPackageCode generates code for a single K8s package. +func generateK8sPackageCode(pkg string, schemas map[string]*spec.Schema, schemaFS afero.Fs) error { + // Create a spec for this package + pkgSpec := &spec3.OpenAPI{ + Version: "3.0.0", + Components: &spec3.Components{ + Schemas: schemas, + }, + } + + // Determine the group, kind, and version from the package name + group, kind, version := getK8sPackageInfo(pkg) + + code, err := generateGo(pkgSpec, version, + goRenameTypes, + goRenameEnums, + goReplaceNumberWithInt, + goRemoveRequired, + goReferenceK8sTypes, + goAddDefaults, + ) + if err != nil { + return err + } + + // Fix k8s type names to use short names + code, err = fixK8sTypeNames(code) + if err != nil { + return errors.Wrap(err, "failed to fix K8s type names") + } + // Remove self-imports from k8s packages + code, err = removeSelfImports(code, pkg) + if err != nil { + return errors.Wrap(err, "failed to remove self imports") + } + + return writeGoCode(schemaFS, group, kind, version, code) +} + +// getK8sPackageInfo returns group, kind, and version for a K8s package. +func getK8sPackageInfo(pkg string) (group, kind, version string) { + switch pkg { + case k8sPkgMetaV1: + return "meta.core.k8s.io", "meta", "v1" + case k8sPkgRuntime: + return "runtime.k8s.io", "runtime", "v1" + case k8sPkgCoreV1: + return "core.k8s.io", "core", "v1" + case k8sPkgIntStr: + return "util.k8s.io", "intstr", "v1" + case k8sPkgResource: + return "resource.k8s.io", "resource", "v1" + case k8sPkgAutoscalingV1: + return k8sPkgNameAutoscaling, k8sPkgNameAutoscaling, "v1" + default: + return "", "", "" + } +} + +// generateModelsWithGVK generates models for schemas with GVK information. +func generateModelsWithGVK(openAPISpecs []*spec3.OpenAPI, schemaFS afero.Fs) error { + for _, openAPISpec := range openAPISpecs { + gvkGroups := groupSchemasByGVK(openAPISpec) + + for gvkKey, schemas := range gvkGroups { + if err := generateGVKGroupCode(gvkKey, schemas, openAPISpec, schemaFS); err != nil { + return err + } + } + } + return nil +} + +// groupSchemasByGVK groups schemas by their GVK information. +func groupSchemasByGVK(openAPISpec *spec3.OpenAPI) map[string]map[string]*spec.Schema { + gvkGroups := make(map[string]map[string]*spec.Schema) + + for name, schema := range openAPISpec.Components.Schemas { + gvkKey := extractGVKKey(schema) + if gvkKey == "" { + continue + } + + if gvkGroups[gvkKey] == nil { + gvkGroups[gvkKey] = make(map[string]*spec.Schema) + } + gvkGroups[gvkKey][name] = schema + } + + return gvkGroups +} + +// extractGVKKey extracts the GVK key from a schema's extensions. +func extractGVKKey(schema *spec.Schema) string { + gvkExt, ok := schema.Extensions["x-kubernetes-group-version-kind"] + if !ok { + return "" + } + + gvkList, ok := gvkExt.([]any) + if !ok || len(gvkList) == 0 { + return "" + } + + gvk, ok := gvkList[0].(map[string]any) + if !ok { + return "" + } + + group, ok := gvk["group"].(string) + if !ok { + return "" + } + + version, ok := gvk["version"].(string) + if !ok || version == "" { + return "" + } + + // Skip core group as it's already created upfront + if group == "core" || group == "" { + return "" + } + + return group + "/" + version +} + +// generateGVKGroupCode generates code for a GVK group. +func generateGVKGroupCode(gvkKey string, schemas map[string]*spec.Schema, openAPISpec *spec3.OpenAPI, schemaFS afero.Fs) error { + parts := strings.Split(gvkKey, "/") + group, version := parts[0], parts[1] + + // Extract the kind from the group name for file naming + // For groups like "authentication.k8s.io", use "authentication" as the kind + // For groups like "policy", use "policy" as the kind + kind := group + if before, _, ok := strings.Cut(group, "."); ok { + kind = before + } + + groupSpec := &spec3.OpenAPI{ + Version: "3.0.0", + Components: &spec3.Components{ + Schemas: make(map[string]*spec.Schema), + }, + } + + // Add the main schemas for this GVK group + maps.Copy(groupSpec.Components.Schemas, schemas) + + // Add all other schemas from the same spec that might be referenced + // but don't have GVK extensions (like TokenRequestSpec, etc.) + // Add schemas that don't have GVK extensions (supporting types) + maps.Copy(groupSpec.Components.Schemas, openAPISpec.Components.Schemas) + + code, err := generateGo(groupSpec, version, + goRenameTypes, + goRenameEnums, + goReplaceNumberWithInt, + goRemoveRequired, + goReferenceK8sTypes, + goRemoveK8s, + goKeepOnlyComponents, + goAddDefaults, + ) + if err != nil { + return err + } + + return writeGoCode(schemaFS, group, kind, version, code) +} diff --git a/internal/schemas/generator/go_test.go b/internal/schemas/generator/go_test.go new file mode 100644 index 0000000..6520056 --- /dev/null +++ b/internal/schemas/generator/go_test.go @@ -0,0 +1,141 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package generator + +import ( + "embed" + "go/parser" + "go/token" + "path/filepath" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/spf13/afero" + "golang.org/x/mod/modfile" +) + +//go:embed testdata/*.yaml +var testdataFS embed.FS + +func TestGenerateFromCRDGo(t *testing.T) { + inputFS := afero.NewBasePathFs(afero.FromIOFS{FS: testdataFS}, "testdata") + schemaFS, err := goGenerator{}.GenerateFromCRD(t.Context(), inputFS, nil) + if err != nil { + t.Fatal(err) + } + + expectedFiles := []string{ + "models/go.mod", + "models/io/k8s/meta/v1/meta.go", + "models/co/acme/platform/v1alpha1/accountscaffold.go", + "models/co/acme/platform/v1alpha1/xaccountscaffold.go", + "models/io/upbound/azure/web/v1beta1/linuxfunctionapp.go", + } + + files := token.NewFileSet() + for _, path := range expectedFiles { + exists, err := afero.Exists(schemaFS, path) + if err != nil { + t.Fatal(err) + } + if !exists { + t.Fatalf("expected model file %s does not exist", path) + } + + contents, err := afero.ReadFile(schemaFS, path) + if err != nil { + t.Fatal(err) + } + + switch filepath.Ext(path) { + case ".go": + f, err := parser.ParseFile(files, path, contents, parser.ParseComments) + if err != nil { + t.Fatal(err) + } + expectedPackage := filepath.Base(filepath.Dir(path)) + if diff := cmp.Diff(expectedPackage, f.Name.Name); diff != "" { + t.Errorf("package name (-want +got):\n%s", diff) + } + + case ".mod": + mod, err := modfile.Parse(path, contents, nil) + if err != nil { + t.Fatal(err) + } + if diff := cmp.Diff("dev.crossplane.io/models", mod.Module.Mod.Path); diff != "" { + t.Errorf("module path (-want +got):\n%s", diff) + } + } + } +} + +func TestGenerateFromOpenAPIGo(t *testing.T) { + inputFS := afero.NewBasePathFs(afero.FromIOFS{FS: testdataJSONFS}, "testdata") + schemaFS, err := goGenerator{}.GenerateFromOpenAPI(t.Context(), inputFS, nil) + if err != nil { + t.Fatal(err) + } + + expectedFiles := []string{ + "models/go.mod", + "models/io/k8s/util/v1/intstr.go", + "models/io/k8s/runtime/v1/runtime.go", + "models/io/k8s/core/v1/core.go", + "models/io/k8s/policy/v1/policy.go", + "models/io/k8s/autoscaling/v1/autoscaling.go", + "models/io/k8s/resource/v1/resource.go", + "models/io/k8s/authentication/v1/authentication.go", + } + + files := token.NewFileSet() + for _, path := range expectedFiles { + exists, err := afero.Exists(schemaFS, path) + if err != nil { + t.Fatal(err) + } + if !exists { + t.Fatalf("expected model file %s does not exist", path) + } + + contents, err := afero.ReadFile(schemaFS, path) + if err != nil { + t.Fatal(err) + } + + switch filepath.Ext(path) { + case ".go": + f, err := parser.ParseFile(files, path, contents, parser.ParseComments) + if err != nil { + t.Fatal(err) + } + expectedPackage := filepath.Base(filepath.Dir(path)) + if diff := cmp.Diff(expectedPackage, f.Name.Name); diff != "" { + t.Errorf("package name (-want +got):\n%s", diff) + } + + case ".mod": + mod, err := modfile.Parse(path, contents, nil) + if err != nil { + t.Fatal(err) + } + if diff := cmp.Diff("dev.crossplane.io/models", mod.Module.Mod.Path); diff != "" { + t.Errorf("module path (-want +got):\n%s", diff) + } + } + } +} diff --git a/internal/schemas/generator/interface.go b/internal/schemas/generator/interface.go new file mode 100644 index 0000000..06ef60f --- /dev/null +++ b/internal/schemas/generator/interface.go @@ -0,0 +1,44 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package generator generates language-specific schemas for Crossplane and +// Kubernetes resources. +package generator + +import ( + "context" + + "github.com/spf13/afero" + + "github.com/crossplane/cli/v2/internal/schemas/runner" +) + +// Interface generates schemas for a specific language. +type Interface interface { + Language() string + GenerateFromCRD(ctx context.Context, fs afero.Fs, runner runner.SchemaRunner) (afero.Fs, error) + GenerateFromOpenAPI(ctx context.Context, fs afero.Fs, runner runner.SchemaRunner) (afero.Fs, error) +} + +// AllLanguages returns generators for all supported languages. +func AllLanguages() []Interface { + return []Interface{ + &goGenerator{}, + &jsonGenerator{}, + &kclGenerator{}, + &pythonGenerator{}, + } +} diff --git a/internal/schemas/generator/json.go b/internal/schemas/generator/json.go new file mode 100644 index 0000000..cee0d07 --- /dev/null +++ b/internal/schemas/generator/json.go @@ -0,0 +1,205 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package generator + +import ( + "context" + "encoding/json" + "io/fs" + "maps" + "path/filepath" + "strings" + + "github.com/invopop/jsonschema" + "github.com/spf13/afero" + "k8s.io/kube-openapi/pkg/spec3" + "k8s.io/kube-openapi/pkg/validation/spec" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + + "github.com/crossplane/cli/v2/internal/schemas/runner" +) + +type jsonGenerator struct{} + +func (jsonGenerator) Language() string { + return "json" +} + +// GenerateFromCRD generates jsonschemas for the CRDs in the given filesystem. +func (jsonGenerator) GenerateFromCRD(_ context.Context, fromFS afero.Fs, _ runner.SchemaRunner) (afero.Fs, error) { + openAPIs, err := goCollectOpenAPIs(fromFS) + if err != nil { + return nil, err + } + + if len(openAPIs) == 0 { + return nil, nil + } + + schemaFS := afero.NewMemMapFs() + if err := schemaFS.Mkdir("models", 0o755); err != nil { + return nil, errors.Wrap(err, "failed to create models directory") + } + + schemas := make(map[string]*spec.Schema) + for _, oapi := range openAPIs { + maps.Copy(schemas, oapi.spec.Components.Schemas) + } + + for name, schema := range schemas { + jschema, err := oapiSchemaToJSONSchema(schema) + if err != nil { + return nil, errors.Wrapf(err, "failed to generate jsonschema for %s", name) + } + + bs, err := json.Marshal(jschema) + if err != nil { + return nil, errors.Wrapf(err, "failed to marshal jsonschema for %s", name) + } + + fname := filepath.Join("models", strings.ReplaceAll(name, ".", "-")+".schema.json") + if err := afero.WriteFile(schemaFS, fname, bs, 0o644); err != nil { + return nil, errors.Wrapf(err, "failed to write jsonschema for %s", name) + } + } + + return schemaFS, nil +} + +func oapiSchemaToJSONSchema(s *spec.Schema) (*jsonschema.Schema, error) { + bs, err := json.Marshal(s) + if err != nil { + return nil, err + } + + var conv jsonschema.Schema + if err := json.Unmarshal(bs, &conv); err != nil { + return nil, err + } + + return mutateJSONSchema(&conv), nil +} + +func mutateJSONSchema(s *jsonschema.Schema) *jsonschema.Schema { + if s.Type == "object" && s.AdditionalProperties == nil { + s.AdditionalProperties = jsonschema.FalseSchema + } + + if after, ok := strings.CutPrefix(s.Ref, "#/components/schemas/"); ok { + s.Ref = after + s.Ref = strings.ReplaceAll(s.Ref, ".", "-") + s.Ref += ".schema.json" + } + + for i, schema := range s.AllOf { + s.AllOf[i] = mutateJSONSchema(schema) + } + for i, schema := range s.AnyOf { + s.AnyOf[i] = mutateJSONSchema(schema) + } + for i, schema := range s.OneOf { + s.OneOf[i] = mutateJSONSchema(schema) + } + if s.Not != nil { + s.Not = mutateJSONSchema(s.Not) + } + + if s.Items != nil { + s.Items = mutateJSONSchema(s.Items) + } + + if s.AdditionalProperties != nil { + s.AdditionalProperties = mutateJSONSchema(s.AdditionalProperties) + } + + for prop := s.Properties.Oldest(); prop != nil; prop = prop.Next() { + s.Properties.Set(prop.Key, mutateJSONSchema(prop.Value)) + } + + return s +} + +// GenerateFromOpenAPI generates jsonschemas from OpenAPI v3 specs. +func (jsonGenerator) GenerateFromOpenAPI(_ context.Context, fromFS afero.Fs, _ runner.SchemaRunner) (afero.Fs, error) { + var openAPISpecs []*spec3.OpenAPI + err := afero.Walk(fromFS, "", func(path string, info fs.FileInfo, err error) error { + if err != nil { + return err + } + + if info.IsDir() { + return nil + } + + if filepath.Ext(path) != ".json" { + return nil + } + + bs, err := afero.ReadFile(fromFS, path) + if err != nil { + return errors.Wrapf(err, "failed to read OpenAPI file %q", path) + } + + var openAPI spec3.OpenAPI + if err := json.Unmarshal(bs, &openAPI); err != nil { + return nil //nolint:nilerr // Skip invalid files. + } + + if openAPI.Components != nil && len(openAPI.Components.Schemas) > 0 { + openAPISpecs = append(openAPISpecs, &openAPI) + } + + return nil + }) + if err != nil { + return nil, errors.Wrap(err, "failed to walk OpenAPI filesystem") + } + + if len(openAPISpecs) == 0 { + return nil, nil + } + + schemaFS := afero.NewMemMapFs() + if err := schemaFS.Mkdir("models", 0o755); err != nil { + return nil, errors.Wrap(err, "failed to create models directory") + } + + schemas := make(map[string]*spec.Schema) + for _, oapi := range openAPISpecs { + maps.Copy(schemas, oapi.Components.Schemas) + } + + for name, schema := range schemas { + jschema, err := oapiSchemaToJSONSchema(schema) + if err != nil { + return nil, errors.Wrapf(err, "failed to generate jsonschema for %s", name) + } + + bs, err := json.Marshal(jschema) + if err != nil { + return nil, errors.Wrapf(err, "failed to marshal jsonschema for %s", name) + } + + fname := filepath.Join("models", strings.ReplaceAll(name, ".", "-")+".schema.json") + if err := afero.WriteFile(schemaFS, fname, bs, 0o644); err != nil { + return nil, errors.Wrapf(err, "failed to write jsonschema for %s", name) + } + } + + return schemaFS, nil +} diff --git a/internal/schemas/generator/json_test.go b/internal/schemas/generator/json_test.go new file mode 100644 index 0000000..b5ea0e2 --- /dev/null +++ b/internal/schemas/generator/json_test.go @@ -0,0 +1,124 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package generator + +import ( + "embed" + "encoding/json" + "testing" + + "github.com/invopop/jsonschema" + "github.com/spf13/afero" +) + +//go:embed testdata/*.json +var testdataJSONFS embed.FS + +func TestGenerateFromCRD(t *testing.T) { + inputFS := afero.NewBasePathFs(afero.FromIOFS{FS: testdataFS}, "testdata") + schemaFS, err := jsonGenerator{}.GenerateFromCRD(t.Context(), inputFS, nil) + if err != nil { + t.Fatal(err) + } + + expectedFiles := []string{ + "models/io-k8s-apimachinery-pkg-apis-meta-v1-DeleteOptions.schema.json", + "models/io-k8s-apimachinery-pkg-apis-meta-v1-FieldsV1.schema.json", + "models/io-k8s-apimachinery-pkg-apis-meta-v1-ListMeta.schema.json", + "models/io-k8s-apimachinery-pkg-apis-meta-v1-ManagedFieldsEntry.schema.json", + "models/io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta.schema.json", + "models/io-k8s-apimachinery-pkg-apis-meta-v1-OwnerReference.schema.json", + "models/io-k8s-apimachinery-pkg-apis-meta-v1-Patch.schema.json", + "models/io-k8s-apimachinery-pkg-apis-meta-v1-Preconditions.schema.json", + "models/io-k8s-apimachinery-pkg-apis-meta-v1-StatusCause.schema.json", + "models/io-k8s-apimachinery-pkg-apis-meta-v1-StatusDetails.schema.json", + "models/io-k8s-apimachinery-pkg-apis-meta-v1-Status.schema.json", + "models/io-k8s-apimachinery-pkg-apis-meta-v1-Time.schema.json", + "models/co-acme-platform-v1alpha1-AccountScaffold.schema.json", + "models/co-acme-platform-v1alpha1-AccountScaffoldList.schema.json", + "models/co-acme-platform-v1alpha1-XAccountScaffold.schema.json", + "models/co-acme-platform-v1alpha1-XAccountScaffoldList.schema.json", + } + + for _, path := range expectedFiles { + exists, err := afero.Exists(schemaFS, path) + if err != nil { + t.Fatal(err) + } + if !exists { + t.Fatalf("expected model file %s does not exist", path) + } + + contents, err := afero.ReadFile(schemaFS, path) + if err != nil { + t.Fatal(err) + } + + var schema jsonschema.Schema + if err := json.Unmarshal(contents, &schema); err != nil { + t.Fatalf("failed to unmarshal %s: %v", path, err) + } + } +} + +func TestGenerateFromOpenAPI(t *testing.T) { + inputFS := afero.NewBasePathFs(afero.FromIOFS{FS: testdataJSONFS}, "testdata") + schemaFS, err := jsonGenerator{}.GenerateFromOpenAPI(t.Context(), inputFS, nil) + if err != nil { + t.Fatal(err) + } + + expectedFiles := []string{ + "models/io-k8s-api-authentication-v1-BoundObjectReference.schema.json", + "models/io-k8s-api-authentication-v1-TokenRequest.schema.json", + "models/io-k8s-api-authentication-v1-TokenRequestSpec.schema.json", + "models/io-k8s-api-authentication-v1-TokenRequestStatus.schema.json", + "models/io-k8s-api-autoscaling-v1-Scale.schema.json", + "models/io-k8s-api-autoscaling-v1-ScaleSpec.schema.json", + "models/io-k8s-api-autoscaling-v1-ScaleStatus.schema.json", + "models/io-k8s-api-core-v1-ConfigMap.schema.json", + "models/io-k8s-api-core-v1-Pod.schema.json", + "models/io-k8s-api-core-v1-Service.schema.json", + "models/io-k8s-api-policy-v1-Eviction.schema.json", + "models/io-k8s-apimachinery-pkg-api-resource-Quantity.schema.json", + "models/io-k8s-apimachinery-pkg-apis-meta-v1-Condition.schema.json", + "models/io-k8s-apimachinery-pkg-apis-meta-v1-ObjectMeta.schema.json", + "models/io-k8s-apimachinery-pkg-apis-meta-v1-Status.schema.json", + "models/io-k8s-apimachinery-pkg-runtime-RawExtension.schema.json", + "models/io-k8s-apimachinery-pkg-util-intstr-IntOrString.schema.json", + } + + for _, path := range expectedFiles { + exists, err := afero.Exists(schemaFS, path) + if err != nil { + t.Fatal(err) + } + if !exists { + t.Fatalf("expected model file %s does not exist", path) + } + + contents, err := afero.ReadFile(schemaFS, path) + if err != nil { + t.Fatal(err) + } + + var schema jsonschema.Schema + if err := json.Unmarshal(contents, &schema); err != nil { + t.Fatalf("failed to unmarshal %s: %v", path, err) + } + } +} diff --git a/internal/schemas/generator/kcl.go b/internal/schemas/generator/kcl.go new file mode 100644 index 0000000..4aa69db --- /dev/null +++ b/internal/schemas/generator/kcl.go @@ -0,0 +1,902 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package generator + +import ( + "context" + "encoding/json" + "fmt" + "io" + "io/fs" + "maps" + "os" + "path/filepath" + "regexp" + "slices" + "sort" + "strings" + + "github.com/spf13/afero" + "golang.org/x/text/cases" + "golang.org/x/text/language" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/kube-openapi/pkg/spec3" + "k8s.io/kube-openapi/pkg/validation/spec" + "sigs.k8s.io/yaml" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + + xpv1 "github.com/crossplane/crossplane/apis/v2/apiextensions/v1" + + xcrd "github.com/crossplane/cli/v2/internal/crd" + "github.com/crossplane/cli/v2/internal/filesystem" + "github.com/crossplane/cli/v2/internal/schemas/runner" +) + +const ( + kclModelsFolder = "models" + kclAdoptModelsStructure = "sorted" + kclImage = "docker.io/kcllang/kcl:v0.11.2" +) + +type kclGenerator struct{} + +func (kclGenerator) Language() string { + return "kcl" +} + +// GenerateFromCRD generates KCL schema files from the XRDs and CRDs fromFS. +func (kclGenerator) GenerateFromCRD(ctx context.Context, fromFS afero.Fs, generator runner.SchemaRunner) (afero.Fs, error) { //nolint:gocognit // generate kcl schemas + crdFS := afero.NewMemMapFs() + schemaFS := afero.NewMemMapFs() + baseFolder := "workdir" + + if err := crdFS.MkdirAll(baseFolder, 0o755); err != nil { + return nil, err + } + + var crdPaths []string + + if err := afero.Walk(fromFS, "", func(path string, info fs.FileInfo, err error) error { + if err != nil { + return err + } + + if info.IsDir() { + return nil + } + ext := filepath.Ext(path) + if ext != ".yaml" && ext != ".yml" { + return nil + } + + var u metav1.TypeMeta + bs, err := afero.ReadFile(fromFS, path) + if err != nil { + return errors.Wrapf(err, "failed to read file %q", path) + } + err = yaml.Unmarshal(bs, &u) + if err != nil { + return errors.Wrapf(err, "failed to parse file %q", path) + } + + switch u.GroupVersionKind().Kind { + case xpv1.CompositeResourceDefinitionKind: + xrPath, claimPath, err := xcrd.ProcessXRD(crdFS, bs, path, baseFolder) + if err != nil { + return err + } + + if xrPath != "" { + crdPaths = append(crdPaths, xrPath) + } + if claimPath != "" { + crdPaths = append(crdPaths, claimPath) + } + + case "CustomResourceDefinition": + if err := afero.WriteFile(crdFS, filepath.Join(baseFolder, path), bs, 0o644); err != nil { + return err + } + crdPaths = append(crdPaths, filepath.Join(baseFolder, path)) + } + + return nil + }); err != nil { + return nil, err + } + + if len(crdPaths) == 0 { + return nil, nil + } + + if err := generator.Generate( + ctx, + crdFS, + baseFolder, + "", + kclImage, + []string{ + "sh", "-c", + `find . -name "*.yaml" -exec kcl import -m crd -s {} \;`, + }, + ); err != nil { + return nil, err + } + + if err := transformStructureKcl(crdFS, kclModelsFolder, kclAdoptModelsStructure); err != nil { + return nil, err + } + + if err := filesystem.CopyFilesBetweenFs(afero.NewBasePathFs(crdFS, kclAdoptModelsStructure), afero.NewBasePathFs(schemaFS, kclModelsFolder)); err != nil { + return nil, err + } + + return schemaFS, nil +} + +func transformStructureKcl(fs afero.Fs, sourceDir, targetDir string) error { //nolint:gocognit // transform kcl schemas + if err := filesystem.CopyFileIfExists(fs, filepath.Join(sourceDir, "kcl.mod"), filepath.Join(targetDir, "kcl.mod")); err != nil { + return errors.Wrap(err, "failed to copy kcl.mod") + } + + if err := filesystem.CopyFileIfExists(fs, filepath.Join(sourceDir, "kcl.mod.lock"), filepath.Join(targetDir, "kcl.mod.lock")); err != nil { + return errors.Wrap(err, "failed to copy kcl.mod.lock") + } + + objectMetaPath := filepath.Join(sourceDir, "k8s", "apimachinery", "pkg", "apis", "meta", "v1", "object_meta.k") + managedFieldsEntryPath := filepath.Join(sourceDir, "k8s", "apimachinery", "pkg", "apis", "meta", "v1", "managed_fields_entry.k") + + if _, err := fs.Stat(objectMetaPath); err == nil { + content, err := afero.ReadFile(fs, objectMetaPath) + if err != nil { + return errors.Wrapf(err, "failed to read %s", objectMetaPath) + } + + updatedContent := strings.ReplaceAll(string(content), "managedFields?: [ManagedFieldsEntry]", "managedFields?: any") + + if err := afero.WriteFile(fs, objectMetaPath, []byte(updatedContent), 0o644); err != nil { + return errors.Wrapf(err, "failed to update %s", objectMetaPath) + } + } + + if _, err := fs.Stat(managedFieldsEntryPath); err == nil { + if err := fs.Remove(managedFieldsEntryPath); err != nil { + return errors.Wrapf(err, "failed to remove %s", managedFieldsEntryPath) + } + } + + k8sSourcePath := filepath.Join(sourceDir, "k8s") + if err := filesystem.CopyFolder(fs, k8sSourcePath, filepath.Join(targetDir, "k8s")); err != nil { + return errors.Wrap(err, "failed to copy k8s directory") + } + + if err := afero.Walk(fs, sourceDir, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + + if info.IsDir() || strings.HasPrefix(path, filepath.Join(sourceDir, "k8s")) { + return nil + } + + filename := info.Name() + parts := strings.Split(filename, "_") + + var versionIndex int + foundVersion := false + + for i, part := range parts { + if isAPIVersion(part) { + versionIndex = i + foundVersion = true + break + } + } + + if !foundVersion || versionIndex == 0 { + return nil + } + + reversedParts := parts[:versionIndex] + slices.Reverse(reversedParts) + reversedParts = append(reversedParts, parts[versionIndex]) + + newDir := filepath.Join(targetDir, filepath.Join(reversedParts...)) + + if err := fs.MkdirAll(newDir, 0o755); err != nil { + return errors.Wrapf(err, "failed to create directory %s", newDir) + } + + transformedName := strings.ReplaceAll(strings.Join(parts[versionIndex+1:], ""), "_", "") + transformedName = strings.ReplaceAll(transformedName, "swagger", "") + + newFilePath := filepath.Join(newDir, transformedName) + + srcFile, err := fs.Open(path) + if err != nil { + return errors.Wrapf(err, "failed to open source file %s", path) + } + + destFile, err := fs.Create(newFilePath) + if err != nil { + return errors.Wrapf(err, "failed to create destination file %s", newFilePath) + } + + _, err = io.Copy(destFile, srcFile) + if err != nil { + return errors.Wrapf(err, "failed to copy file from %s to %s", path, newFilePath) + } + + return nil + }); err != nil { + return errors.Wrap(err, "error processing directory") + } + + return nil +} + +// GenerateFromOpenAPI generates KCL schema files from OpenAPI v3 specifications. +func (kclGenerator) GenerateFromOpenAPI(_ context.Context, fromFS afero.Fs, _ runner.SchemaRunner) (afero.Fs, error) { + schemaFS := afero.NewMemMapFs() + + if err := schemaFS.MkdirAll(kclModelsFolder, 0o755); err != nil { + return nil, errors.Wrap(err, "failed to create models directory") + } + + openAPISpecs := make(map[string]*spec3.OpenAPI) + + if err := afero.Walk(fromFS, "", func(path string, info fs.FileInfo, err error) error { + if err != nil { + return err + } + + if info.IsDir() { + return nil + } + + if !strings.HasSuffix(strings.ToLower(path), ".json") { + return nil + } + + bs, err := afero.ReadFile(fromFS, path) + if err != nil { + return errors.Wrapf(err, "failed to read file %q", path) + } + + var openAPI spec3.OpenAPI + if err := json.Unmarshal(bs, &openAPI); err != nil { + return nil //nolint:nilerr // Skip invalid files. + } + + if openAPI.Components != nil && len(openAPI.Components.Schemas) > 0 { + openAPISpecs[path] = &openAPI + } + + return nil + }); err != nil { + return nil, errors.Wrap(err, "failed to walk OpenAPI filesystem") + } + + if len(openAPISpecs) == 0 { + return nil, nil + } + + allSchemas := make(map[string]*spec.Schema) + for _, oapi := range openAPISpecs { + addKCLDefaults(oapi) + + if oapi.Components != nil { + maps.Copy(allSchemas, oapi.Components.Schemas) + } + } + + for name, schema := range allSchemas { + kclContent := generateKCLFile(name, schema, allSchemas) + + filename := filepath.Join(kclModelsFolder, toKCLFileName(name)) + + dir := filepath.Dir(filename) + if err := schemaFS.MkdirAll(dir, 0o755); err != nil { + return nil, errors.Wrapf(err, "failed to create directory for %s", name) + } + + if err := afero.WriteFile(schemaFS, filename, []byte(kclContent), 0o644); err != nil { + return nil, errors.Wrapf(err, "failed to write KCL schema for %s", name) + } + } + + kclModContent := `[package] +name = "models" +edition = "v0.10.0" +version = "0.0.1" +` + if err := afero.WriteFile(schemaFS, filepath.Join(kclModelsFolder, "kcl.mod"), []byte(kclModContent), 0o644); err != nil { + return nil, errors.Wrap(err, "failed to write kcl.mod") + } + + return schemaFS, nil +} + +func toKCLFileName(name string) string { + parts := strings.Split(name, ".") + if len(parts) <= 1 { + return name + ".k" + } + + path := filepath.Join(parts[:len(parts)-1]...) + filename := parts[len(parts)-1] + ".k" + + return filepath.Join(path, filename) +} + +func extractSchemaName(ref string) string { + if ref == "" { + return "" + } + parts := strings.Split(ref, "/") + if len(parts) > 0 { + return parts[len(parts)-1] + } + return "" +} + +func extractSimpleName(fullName string) string { + parts := strings.Split(fullName, ".") + if len(parts) > 0 { + return parts[len(parts)-1] + } + return fullName +} + +func handleAllOfType(schema *spec.Schema, currentSchemaName string) (string, bool) { + if len(schema.AllOf) == 0 { + return "", false + } + + for _, allOfSchema := range schema.AllOf { + if allOfSchema.Ref.String() != "" { + if kclType := processSchemaReference(allOfSchema.Ref.String(), currentSchemaName); kclType != "" { + return kclType, true + } + } + } + return "", false +} + +func processSchemaReference(ref string, currentSchemaName string) string { + refName := extractSchemaName(ref) + if refName == "" { + return "" + } + + if strings.HasSuffix(refName, "IntOrString") { + return "int | str" + } + if strings.HasSuffix(refName, "Quantity") { + return "str" + } + if strings.HasSuffix(refName, "Time") { + return "str" + } + if strings.HasSuffix(refName, "RawExtension") { + return "any" + } + return formatTypeReference(refName, currentSchemaName) +} + +func handleArrayType(schema *spec.Schema, allSchemas map[string]*spec.Schema, currentSchemaName string) (string, bool) { + if !schema.Type.Contains("array") || schema.Items == nil || schema.Items.Schema == nil { + return "", false + } + + itemType := convertOpenAPITypeToKCL(schema.Items.Schema, allSchemas, currentSchemaName) + return "[" + itemType + "]", true +} + +func handleObjectType(schema *spec.Schema, allSchemas map[string]*spec.Schema, currentSchemaName string) (string, bool) { + if !schema.Type.Contains("object") { + return "", false + } + + if schema.AdditionalProperties != nil && schema.AdditionalProperties.Schema != nil { + valueType := convertOpenAPITypeToKCL(schema.AdditionalProperties.Schema, allSchemas, currentSchemaName) + return "{str:" + valueType + "}", true + } + if len(schema.Properties) == 0 { + return "{str: any}", true + } + return "dict", true +} + +func convertOpenAPITypeToKCL(schema *spec.Schema, allSchemas map[string]*spec.Schema, currentSchemaName string) string { + if schema == nil { + return "any" + } + + if kclType, found := handleAllOfType(schema, currentSchemaName); found { + return kclType + } + + if schema.Ref.String() != "" { + if kclType := processSchemaReference(schema.Ref.String(), currentSchemaName); kclType != "" { + return kclType + } + } + + if kclType, found := handleArrayType(schema, allSchemas, currentSchemaName); found { + return kclType + } + + if kclType, found := handleObjectType(schema, allSchemas, currentSchemaName); found { + return kclType + } + + switch { + case schema.Type.Contains("string"): + return "str" + case schema.Type.Contains("integer"): + return "int" + case schema.Type.Contains("number"): + return "float" + case schema.Type.Contains("boolean"): + return "bool" + default: + return "any" + } +} + +func formatTypeReference(refName, currentSchemaName string) string { + if strings.HasPrefix(refName, "io.k8s.api.") { + lastDot := strings.LastIndex(refName, ".") + if lastDot > 0 { + packagePath := refName[:lastDot] + if strings.Count(packagePath, ".") >= 4 { + typeName := refName[lastDot+1:] + + if strings.HasPrefix(currentSchemaName, packagePath+".") { + return typeName + } + + alias := getImportAlias(packagePath) + return alias + "." + typeName + } + } + } + + if typeName, ok := strings.CutPrefix(refName, "io.k8s.apimachinery.pkg.apis.meta.v1."); ok { + if strings.HasPrefix(currentSchemaName, "io.k8s.apimachinery.pkg.apis.meta.v1.") { + return typeName + } + return "v1." + typeName + } + + if typeName, ok := strings.CutPrefix(refName, "io.k8s.apimachinery.pkg.runtime."); ok { + if strings.HasPrefix(currentSchemaName, "io.k8s.apimachinery.pkg.runtime.") { + return typeName + } + return "runtime." + typeName + } + + if strings.HasPrefix(refName, "io.k8s.apimachinery.pkg.") { + parts := strings.Split(refName, ".") + if len(parts) > 1 { + packagePath := strings.Join(parts[:len(parts)-1], ".") + typeName := parts[len(parts)-1] + + if strings.HasPrefix(currentSchemaName, packagePath+".") { + return typeName + } + + alias := getImportAlias(packagePath) + return alias + "." + typeName + } + } + + return extractSimpleName(refName) +} + +func getImportAlias(packagePath string) string { + if packagePath == "io.k8s.apimachinery.pkg.apis.meta.v1" { + return "v1" + } + + if packagePath == "io.k8s.apimachinery.pkg.runtime" { + return "runtime" + } + + if strings.HasPrefix(packagePath, "io.k8s.api.") { + parts := strings.Split(packagePath, ".") + if len(parts) >= 5 { + group := parts[3] + version := parts[4] + caser := cases.Title(language.English) + versionTitle := caser.String(version) + return group + versionTitle + } + } + + if strings.HasPrefix(packagePath, "io.k8s.apimachinery.pkg.") { + parts := strings.Split(packagePath, ".") + if len(parts) >= 5 { + if parts[4] == "apis" && len(parts) >= 6 { + group := parts[len(parts)-2] + version := parts[len(parts)-1] + caser := cases.Title(language.English) + versionTitle := caser.String(version) + return group + versionTitle + } + return parts[4] + } + } + + parts := strings.Split(packagePath, ".") + if len(parts) >= 2 { + lastPart := parts[len(parts)-1] + secondLastPart := parts[len(parts)-2] + caser := cases.Title(language.English) + lastPartTitle := caser.String(lastPart) + return secondLastPart + lastPartTitle + } + return "unknown" +} + +func processSchemaProperties(schema *spec.Schema) (map[string]*spec.Schema, map[string]bool, []string) { + properties := make(map[string]*spec.Schema) + requiredSet := make(map[string]bool) + + for _, req := range schema.Required { + requiredSet[req] = true + } + + if len(schema.AllOf) > 0 { + for _, allOfSchema := range schema.AllOf { + if allOfSchema.Properties != nil { + for k, v := range allOfSchema.Properties { + propCopy := v + properties[k] = &propCopy + } + } + for _, req := range allOfSchema.Required { + requiredSet[req] = true + } + } + } + + if schema.Properties != nil { + for k, v := range schema.Properties { + propCopy := v + properties[k] = &propCopy + } + } + + propNames := make([]string, 0, len(properties)) + for name := range properties { + propNames = append(propNames, name) + } + sort.Strings(propNames) + + return properties, requiredSet, propNames +} + +func generateDocStringHeader(sb *strings.Builder, schema *spec.Schema) { + if schema.Description != "" || len(schema.Properties) > 0 { + sb.WriteString(" \"\"\"\n") + + if schema.Description != "" { + lines := strings.SplitSeq(strings.TrimSpace(schema.Description), "\n") + for line := range lines { + sb.WriteString(" " + strings.TrimSpace(line) + "\n") + } + } + } +} + +func generateAttributesDocumentation(sb *strings.Builder, propNames []string, properties map[string]*spec.Schema, requiredSet map[string]bool, allSchemas map[string]*spec.Schema, currentSchemaName string) { + if len(propNames) == 0 { + return + } + + sb.WriteString("\n Attributes\n") + sb.WriteString(" ----------\n") + + for _, propName := range propNames { + prop := properties[propName] + + docPropName := propName + if propName == "type" { + docPropName = "$type" + } + + sb.WriteString(" " + docPropName + " : ") + sb.WriteString(convertOpenAPITypeToKCL(prop, allSchemas, currentSchemaName)) + + if prop.Default != nil { + sb.WriteString(", default is ") + sb.WriteString(formatDefaultValue(prop.Default)) + } else { + sb.WriteString(", default is Undefined") + } + + if requiredSet[propName] { + sb.WriteString(", required") + } else { + sb.WriteString(", optional") + } + sb.WriteString("\n") + + if prop.Description != "" { + lines := strings.SplitSeq(strings.TrimSpace(prop.Description), "\n") + for line := range lines { + sb.WriteString(" " + strings.TrimSpace(line) + "\n") + } + } + } +} + +func generatePropertyField(sb *strings.Builder, propName string, prop *spec.Schema, requiredSet map[string]bool, allSchemas map[string]*spec.Schema, currentSchemaName string) { + fieldName := propName + if propName == "type" { + fieldName = "$type" + } + + sb.WriteString("\n") + sb.WriteString(" " + fieldName) + + if !requiredSet[propName] { + sb.WriteString("?") + } + + sb.WriteString(": ") + propType := convertOpenAPITypeToKCL(prop, allSchemas, currentSchemaName) + sb.WriteString(propType) + + if prop.Default != nil { + sb.WriteString(" = ") + sb.WriteString(formatDefaultValue(prop.Default)) + } +} + +func generateKCLSchema(name string, schema *spec.Schema, allSchemas map[string]*spec.Schema, currentSchemaName string) string { + var sb strings.Builder + + sb.WriteString("schema " + name + ":\n") + + generateDocStringHeader(&sb, schema) + + properties, requiredSet, propNames := processSchemaProperties(schema) + + generateAttributesDocumentation(&sb, propNames, properties, requiredSet, allSchemas, currentSchemaName) + + if schema.Description != "" || len(schema.Properties) > 0 { + sb.WriteString(" \"\"\"\n\n") + } + + for _, propName := range propNames { + prop := properties[propName] + generatePropertyField(&sb, propName, prop, requiredSet, allSchemas, currentSchemaName) + } + + return sb.String() +} + +func formatDefaultValue(value any) string { + switch v := value.(type) { + case string: + return fmt.Sprintf("%q", v) + case bool: + if v { + return "True" + } + return "False" + case nil: + return "None" + case map[string]any: + if len(v) == 0 { + return "{}" + } + return fmt.Sprintf("%v", v) + case []any: + if len(v) == 0 { + return "[]" + } + return fmt.Sprintf("%v", v) + default: + str := fmt.Sprintf("%v", v) + if str == "map[]" { + return "{}" + } + if str == "[]" { + return "[]" + } + return str + } +} + +func generateKCLFile(fullSchemaName string, schema *spec.Schema, allSchemas map[string]*spec.Schema) string { + name := extractSimpleName(fullSchemaName) + var sb strings.Builder + + sb.WriteString(`""" +This file was generated by crossplane. DO NOT EDIT. +""" +`) + + imports := make(map[string]bool) + visited := make(map[*spec.Schema]bool) + + if schema.Properties != nil { + for _, prop := range schema.Properties { + checkForImports(&prop, imports, visited) + } + } + + for _, allOfSchema := range schema.AllOf { + if allOfSchema.Ref.String() != "" { + refName := extractSchemaName(allOfSchema.Ref.String()) + addImportIfNeeded(refName, imports) + } + } + + if fullSchemaName != "" { + lastDot := strings.LastIndex(fullSchemaName, ".") + if lastDot > 0 { + currentPackage := fullSchemaName[:lastDot] + delete(imports, currentPackage) + } + } + + for imp := range imports { + alias := getImportAlias(imp) + sb.WriteString("import " + imp + " as " + alias + "\n") + } + if len(imports) > 0 { + sb.WriteString("\n") + } + + sb.WriteString(generateKCLSchema(name, schema, allSchemas, fullSchemaName)) + + return sb.String() +} + +func checkForImports(schema *spec.Schema, imports map[string]bool, visited map[*spec.Schema]bool) { + if schema == nil { + return + } + + if visited[schema] { + return + } + visited[schema] = true + + if len(schema.AllOf) > 0 { + for _, allOfSchema := range schema.AllOf { + if allOfSchema.Ref.String() != "" { + refName := extractSchemaName(allOfSchema.Ref.String()) + if !strings.HasSuffix(refName, "IntOrString") && !strings.HasSuffix(refName, "RawExtension") && !strings.HasSuffix(refName, "Quantity") && !strings.HasSuffix(refName, "Time") { + addImportIfNeeded(refName, imports) + } + } + } + } + + if schema.Ref.String() != "" { + refName := extractSchemaName(schema.Ref.String()) + if !strings.HasSuffix(refName, "IntOrString") && !strings.HasSuffix(refName, "RawExtension") && !strings.HasSuffix(refName, "Quantity") && !strings.HasSuffix(refName, "Time") { + addImportIfNeeded(refName, imports) + } + return + } + + if schema.Items != nil && schema.Items.Schema != nil { + checkForImports(schema.Items.Schema, imports, visited) + } + + if schema.Properties != nil { + for _, prop := range schema.Properties { + checkForImports(&prop, imports, visited) + } + } + + if schema.AdditionalProperties != nil && schema.AdditionalProperties.Schema != nil { + checkForImports(schema.AdditionalProperties.Schema, imports, visited) + } +} + +func addImportIfNeeded(refName string, imports map[string]bool) { + if refName == "" { + return + } + + if strings.HasPrefix(refName, "io.k8s.") { + lastDot := strings.LastIndex(refName, ".") + if lastDot > 0 { + packagePath := refName[:lastDot] + imports[packagePath] = true + } + } +} + +func addKCLDefaults(s *spec3.OpenAPI) { + if s.Components == nil || s.Components.Schemas == nil { + return + } + + for _, schema := range s.Components.Schemas { + processKCLSchemaDefaults(schema) + } +} + +func processKCLSchemaDefaults(schema *spec.Schema) { + rawExt, ok := schema.Extensions["x-kubernetes-group-version-kind"] + if !ok { + return + } + + gvkList := extractGVKList(rawExt) + if len(gvkList) == 0 { + return + } + + group, version, kind := extractGVKInfo(gvkList[0]) + apiVersion := constructAPIVersion(group, version) + addSchemaPropertyDefaultsKcl(schema, apiVersion, kind) +} + +func addSchemaPropertyDefaultsKcl(schema *spec.Schema, apiVersion, kind string) { + if schema.Properties == nil { + return + } + + if _, ok := schema.Properties["apiVersion"]; ok { + propSchema := schema.Properties["apiVersion"] + propSchema.Default = apiVersion + propSchema.Enum = []any{apiVersion} + schema.Properties["apiVersion"] = propSchema + } + + if _, ok := schema.Properties["kind"]; ok { + propSchema := schema.Properties["kind"] + propSchema.Default = kind + propSchema.Enum = []any{kind} + schema.Properties["kind"] = propSchema + } + + hasAPIVersion := false + hasKind := false + for _, req := range schema.Required { + if req == "apiVersion" { + hasAPIVersion = true + } + if req == "kind" { + hasKind = true + } + } + if !hasAPIVersion { + schema.Required = append(schema.Required, "apiVersion") + } + if !hasKind { + schema.Required = append(schema.Required, "kind") + } +} + +// isAPIVersion heuristically determines whether its argument is a Kubernetes +// API version. +func isAPIVersion(s string) bool { + re := regexp.MustCompile("^v[1-9][0-9]*((alpha|beta)[1-9][0-9]*)?$") + return re.MatchString(s) +} diff --git a/internal/schemas/generator/kcl_test.go b/internal/schemas/generator/kcl_test.go new file mode 100644 index 0000000..a6a40f2 --- /dev/null +++ b/internal/schemas/generator/kcl_test.go @@ -0,0 +1,49 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package generator + +import "testing" + +func TestIsAPIVersion(t *testing.T) { + t.Parallel() + + tcs := map[string]bool{ + "v1": true, + "v10": true, + "v01": false, + "v1alpha1": true, + "v1alpha10": true, + "v10alpha1": true, + "v10alpha10": true, + "v01alpha1": false, + "v1alpha01": false, + "notaversion": false, + "v1.2.3": false, + "v1zeta1": false, + } + + for in, want := range tcs { + t.Run(in, func(t *testing.T) { + t.Parallel() + + got := isAPIVersion(in) + if got != want { + t.Errorf("isAPIVersion(...): got %v want %v", got, want) + } + }) + } +} diff --git a/internal/schemas/generator/python.go b/internal/schemas/generator/python.go new file mode 100644 index 0000000..c2698be --- /dev/null +++ b/internal/schemas/generator/python.go @@ -0,0 +1,799 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package generator + +import ( + "bufio" + "context" + "encoding/json" + "fmt" + "io/fs" + "os" + "path/filepath" + "regexp" + "slices" + "strings" + + "github.com/getkin/kin-openapi/openapi3" + "github.com/spf13/afero" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/yaml" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + + xpv1 "github.com/crossplane/crossplane/apis/v2/apiextensions/v1" + + "github.com/crossplane/cli/v2/internal/crd" + "github.com/crossplane/cli/v2/internal/filesystem" + "github.com/crossplane/cli/v2/internal/schemas/runner" +) + +const ( + pythonModelsFolder = "models" + pythonPackageRoot = "models" + pythonAdoptModelsStructure = "sorted" + pythonGeneratedFolder = "models/workdir" + pythonImage = "docker.io/koxudaxi/datamodel-code-generator:0.31.2" +) + +var importRE = regexp.MustCompile(`^(from\s+)(\.*)([^\s]+)(.*)`) + +type pythonGenerator struct{} + +func (pythonGenerator) Language() string { + return "python" +} + +// GenerateFromCRD generates Python schema files from the XRDs and CRDs fromFS. +func (p pythonGenerator) GenerateFromCRD(ctx context.Context, fromFS afero.Fs, generator runner.SchemaRunner) (afero.Fs, error) { //nolint:gocognit // generation of schemas for python + crdFS := afero.NewMemMapFs() + schemaFS := afero.NewMemMapFs() + baseFolder := "workdir" + + if err := crdFS.MkdirAll(baseFolder, 0o755); err != nil { + return nil, err + } + + var openAPIPaths []string + + if err := afero.Walk(fromFS, "", func(path string, info fs.FileInfo, err error) error { + if err != nil { + return err + } + + if info.IsDir() { + return nil + } + ext := filepath.Ext(path) + if ext != ".yaml" && ext != ".yml" { + return nil + } + + var u metav1.TypeMeta + bs, err := afero.ReadFile(fromFS, path) + if err != nil { + return errors.Wrapf(err, "failed to read file %q", path) + } + err = yaml.Unmarshal(bs, &u) + if err != nil { + return errors.Wrapf(err, "failed to parse file %q", path) + } + + switch u.GroupVersionKind().Kind { + case xpv1.CompositeResourceDefinitionKind: + xrPath, claimPath, err := crd.ProcessXRD(crdFS, bs, path, baseFolder) + if err != nil { + return err + } + + if xrPath != "" { + bs, err := afero.ReadFile(crdFS, xrPath) + if err != nil { + return errors.Wrapf(err, "failed to read file %q", path) + } + paths, err := crd.FilesToOpenAPI(crdFS, bs, xrPath) + if err != nil { + return err + } + openAPIPaths = append(openAPIPaths, paths...) + } + if claimPath != "" { + bs, err := afero.ReadFile(crdFS, claimPath) + if err != nil { + return errors.Wrapf(err, "failed to read file %q", path) + } + paths, err := crd.FilesToOpenAPI(crdFS, bs, claimPath) + if err != nil { + return err + } + openAPIPaths = append(openAPIPaths, paths...) + } + + case "CustomResourceDefinition": + paths, err := crd.FilesToOpenAPI(crdFS, bs, path) + if err != nil { + return err + } + openAPIPaths = append(openAPIPaths, paths...) + } + return nil + }); err != nil { + return nil, err + } + + if len(openAPIPaths) == 0 { + return nil, nil + } + + if err := p.generatePythonSchemas(ctx, crdFS, baseFolder, generator); err != nil { + return nil, err + } + + if err := postTransformCRD(crdFS, pythonGeneratedFolder, pythonAdoptModelsStructure); err != nil { + return nil, err + } + + if err := filesystem.CopyFilesBetweenFs(afero.NewBasePathFs(crdFS, pythonAdoptModelsStructure), afero.NewBasePathFs(schemaFS, filepath.Join(pythonModelsFolder, pythonPackageRoot))); err != nil { + return nil, err + } + + if err := finalizePythonSchemas(schemaFS); err != nil { + return nil, err + } + + return schemaFS, nil +} + +// GenerateFromOpenAPI generates Python schema files from OpenAPI specifications. +func (p pythonGenerator) GenerateFromOpenAPI(ctx context.Context, fromFS afero.Fs, generator runner.SchemaRunner) (afero.Fs, error) { //nolint:gocognit // generation of schemas for python + openapiFS := afero.NewMemMapFs() + schemaFS := afero.NewMemMapFs() + baseFolder := "workdir" + + if err := openapiFS.MkdirAll(baseFolder, 0o755); err != nil { + return nil, err + } + + var openapiPaths []string + + if err := afero.Walk(fromFS, "", func(path string, info fs.FileInfo, err error) error { + if err != nil { + return err + } + + if info.IsDir() { + return nil + } + + if !strings.HasSuffix(strings.ToLower(path), ".json") { + return nil + } + + bs, err := afero.ReadFile(fromFS, path) + if err != nil { + return errors.Wrapf(err, "failed to read file %q", path) + } + + loader := openapi3.NewLoader() + doc, err := loader.LoadFromData(bs) + if err != nil { + processedContent := bs + targetPath := filepath.Join(baseFolder, path) + if err := openapiFS.MkdirAll(filepath.Dir(targetPath), 0o755); err != nil { + return errors.Wrapf(err, "failed to create directory for %q", targetPath) + } + if err := afero.WriteFile(openapiFS, targetPath, processedContent, 0o644); err != nil { + return errors.Wrapf(err, "failed to write file %q", targetPath) + } + return nil + } + + if shouldSkipOpenAPIFile(doc) { + return nil + } + + processedDoc := processOpenAPIContent(doc) + processedContent, err := processedDoc.MarshalJSON() + if err != nil { + processedContent = bs + } + + targetPath := filepath.Join(baseFolder, path) + if err := openapiFS.MkdirAll(filepath.Dir(targetPath), 0o755); err != nil { + return err + } + if err := afero.WriteFile(openapiFS, targetPath, processedContent, 0o644); err != nil { + return err + } + openapiPaths = append(openapiPaths, targetPath) + + return nil + }); err != nil { + return nil, err + } + + if len(openapiPaths) == 0 { + return nil, nil + } + + if err := p.generatePythonSchemas(ctx, openapiFS, baseFolder, generator); err != nil { + return nil, err + } + + if err := postTransformOpenAPI(openapiFS, pythonGeneratedFolder, pythonAdoptModelsStructure); err != nil { + return nil, err + } + + if err := filesystem.CopyFilesBetweenFs(afero.NewBasePathFs(openapiFS, pythonAdoptModelsStructure), afero.NewBasePathFs(schemaFS, filepath.Join(pythonModelsFolder, pythonPackageRoot))); err != nil { + return nil, err + } + + if err := finalizePythonSchemas(schemaFS); err != nil { + return nil, err + } + + return schemaFS, nil +} + +func (p pythonGenerator) generatePythonSchemas(ctx context.Context, inputFS afero.Fs, baseFolder string, generator runner.SchemaRunner) error { + return generator.Generate( + ctx, + inputFS, + baseFolder, + "", + pythonImage, + []string{ + "--input-file-type", + "openapi", + "--disable-timestamp", + "--input", + ".", + "--output-model-type", + "pydantic_v2.BaseModel", + "--target-python-version", + "3.12", + "--use-field-description", + "--enum-field-as-literal", + "all", + "--use-one-literal-as-default", + "--output", + pythonModelsFolder, + }, + ) +} + +func postTransformCRD(fs afero.Fs, sourceDir, targetDir string) error { //nolint:gocognit // python transforms + v1MetaCopied := false + createdInitFiles := make(map[string]bool) + + return afero.Walk(fs, sourceDir, func(path string, info os.FileInfo, err error) error { + if err != nil { + return errors.Wrapf(err, "walking path %s", path) + } + + if info.Name() == "v1.py" && strings.Contains(path, filepath.Join("io", "k8s", "apimachinery", "pkg", "apis", "meta")) { + if !v1MetaCopied { + destDir := filepath.Join(targetDir, "io", "k8s", "apimachinery", "pkg", "apis", "meta") + destPath := filepath.Join(destDir, "v1.py") + + data, err := afero.ReadFile(fs, path) + if err != nil { + return errors.Wrapf(err, "failed to read %s", path) + } + + fileInfo, err := fs.Stat(path) + if err != nil { + return errors.Wrapf(err, "failed to get file info for %s", path) + } + + if err := afero.WriteFile(fs, destPath, data, fileInfo.Mode()); err != nil { + return errors.Wrapf(err, "failed to write %s", destPath) + } + + initFilePath := filepath.Join(destDir, "__init__.py") + if err := afero.WriteFile(fs, initFilePath, []byte(""), os.ModePerm); err != nil { + return errors.Wrapf(err, "failed to create __init__.py in %s", destDir) + } + + v1MetaCopied = true + } + return nil + } + + isDir := info.IsDir() + isNotPythonFile := filepath.Ext(info.Name()) != ".py" + skipPathSegment := filepath.Join("io", "k8s", "apimachinery", "pkg", "apis", "meta") + isInSkipPath := strings.Contains(filepath.ToSlash(path), skipPathSegment) + isInitFile := info.Name() == "__init__.py" + + if isDir || isNotPythonFile || isInSkipPath || isInitFile { + return nil + } + + relPath, err := filepath.Rel(sourceDir, path) + if err != nil { + return errors.Wrap(err, "calculating relative path") + } + dirSegments := strings.Split(filepath.ToSlash(filepath.Dir(relPath)), "/") + + var apiVersion, rootFolder string + var preVersionSegments []string + for _, dirSegment := range dirSegments { + for subSegment := range strings.SplitSeq(dirSegment, "_") { + if isAPIVersion(subSegment) { + apiVersion = subSegment + rootFolder = dirSegment + break + } + preVersionSegments = append(preVersionSegments, subSegment) + } + if apiVersion != "" { + break + } + } + + if apiVersion == "" || rootFolder == "" { + apiVersion = "unknown" + } + + slices.Reverse(preVersionSegments) + orderedPath := filepath.Join(preVersionSegments...) + rootWithoutVersion := strings.ReplaceAll(rootFolder, apiVersion, "") + rootParts := strings.Split(rootWithoutVersion, "_") + kind := rootParts[len(rootParts)-1] + + newFileName := fmt.Sprintf("%s.py", apiVersion) + var destinationDir string + if orderedPath != "" && filepath.Base(orderedPath) == kind { + destinationDir = filepath.Join(targetDir, orderedPath) + } else { + destinationDir = filepath.Join(targetDir, orderedPath, kind) + } + destinationPath := filepath.Join(destinationDir, newFileName) + + if err := fs.MkdirAll(destinationDir, os.ModePerm); err != nil { + return errors.Wrapf(err, "creating directory %s", destinationDir) + } + + data, err := afero.ReadFile(fs, path) + if err != nil { + return errors.Wrapf(err, "reading file %s", path) + } + if err := afero.WriteFile(fs, destinationPath, data, os.ModePerm); err != nil { + return errors.Wrapf(err, "writing file %s", destinationPath) + } + if err := fs.Remove(path); err != nil { + return errors.Wrapf(err, "deleting original file %s", path) + } + + initFilePath := filepath.Join(destinationDir, "__init__.py") + if !createdInitFiles[destinationDir] { + if err := afero.WriteFile(fs, initFilePath, []byte(""), os.ModePerm); err != nil { + return errors.Wrapf(err, "creating __init__.py in %s", destinationDir) + } + createdInitFiles[destinationDir] = true + } + + if err := adjustImportsInFile(fs, destinationPath); err != nil { + return errors.Wrapf(err, "adjusting imports in %s", destinationPath) + } + + return nil + }) +} + +func adjustImportsInFile(fs afero.Fs, filePath string) error { + depth := strings.Count(filePath, string(os.PathSeparator)) + + fileContent, err := afero.ReadFile(fs, filePath) + if err != nil { + return errors.Wrapf(err, "error reading file %s", filePath) + } + + modifiedContent := []string{} + scanner := bufio.NewScanner(strings.NewReader(string(fileContent))) + for scanner.Scan() { + line := scanner.Text() + if strings.Contains(line, "k8s.apimachinery.pkg.apis.meta") { + line = adjustLeadingDots(line, depth) + } + modifiedContent = append(modifiedContent, line) + } + + return afero.WriteFile(fs, filePath, []byte(strings.Join(modifiedContent, "\n")), os.ModePerm) +} + +func adjustLeadingDots(importLine string, depth int) string { + dotPart := "" + var basePath string + if strings.Contains(importLine, "io.k8s.apimachinery.pkg.apis.meta") { + basePath = "io.k8s.apimachinery.pkg.apis.meta" + dotPart = strings.Repeat(".", depth) + } else if strings.Contains(importLine, "k8s.apimachinery.pkg.apis.meta") { + basePath = "k8s.apimachinery.pkg.apis.meta" + if depth > 1 { + dotPart = strings.Repeat(".", depth-1) + } + } + + if basePath != "" { + parts := strings.SplitN(importLine, basePath, 2) + return "from " + dotPart + basePath + parts[1] + } + + return importLine +} + +func shouldSkipOpenAPIFile(doc *openapi3.T) bool { + if doc.Components == nil { + return false + } + + for _, schemaRef := range doc.Components.Schemas { + if schemaRef == nil || schemaRef.Value == nil { + continue + } + ext, ok := schemaRef.Value.Extensions["x-kubernetes-group-version-kind"] + if !ok { + continue + } + + extBytes, err := json.Marshal(ext) + if err != nil { + continue + } + + var gvkList []map[string]any + if err := json.Unmarshal(extBytes, &gvkList); err != nil { + continue + } + + for _, gvk := range gvkList { + if kindRaw, ok := gvk["kind"]; ok { + if kind, ok := kindRaw.(string); ok { + if kind == "APIVersions" || kind == "APIGroup" { + return true + } + } + } + } + } + + return false +} + +func processOpenAPIContent(doc *openapi3.T) *openapi3.T { //nolint:gocognit // set default apiVersion and kind. + if doc.Components == nil { + return doc + } + + for _, schemaRef := range doc.Components.Schemas { + if schemaRef == nil || schemaRef.Value == nil { + continue + } + schema := schemaRef.Value + + rawExt, ok := schema.Extensions["x-kubernetes-group-version-kind"] + if !ok { + continue + } + + rawBytes, err := json.Marshal(rawExt) + if err != nil { + continue + } + + var gvkList []map[string]any + if err := json.Unmarshal(rawBytes, &gvkList); err != nil { + continue + } + + if len(gvkList) == 0 { + continue + } + + gvk := gvkList[0] + group := "" + if g, ok := gvk["group"].(string); ok { + group = g + } + version := "" + if v, ok := gvk["version"].(string); ok { + version = v + } + kind := "" + if k, ok := gvk["kind"].(string); ok { + kind = k + } + + apiVersion := version + if group != "" { + apiVersion = group + "/" + version + } + + if schema.Properties != nil { + if propSchemaRef, ok := schema.Properties["apiVersion"]; ok { + if propSchemaRef != nil && propSchemaRef.Value != nil { + propSchemaRef.Value.Default = apiVersion + } + } + if propSchemaRef, ok := schema.Properties["kind"]; ok { + if propSchemaRef != nil && propSchemaRef.Value != nil { + propSchemaRef.Value.Default = kind + } + } + } + } + + return doc +} + +func fixAliasedTypesInFile(fs afero.Fs, filePath string) error { + fileContent, err := afero.ReadFile(fs, filePath) + if err != nil { + return errors.Wrapf(err, "reading file %s", filePath) + } + + content := string(fileContent) + content = strings.ReplaceAll(content, "bool_aliased", "bool") + content = strings.ReplaceAll(content, "int_aliased", "int") + + return afero.WriteFile(fs, filePath, []byte(content), os.ModePerm) +} + +func postTransformOpenAPI(fs afero.Fs, sourceDir, targetDir string) error { + createdInitDirs := make(map[string]bool) + + return afero.Walk(fs, sourceDir, func(path string, info os.FileInfo, walkErr error) error { + if walkErr != nil { + return errors.Wrapf(walkErr, "walking path %s", path) + } + + if shouldSkipFile(info) { + return nil + } + + relPath, err := filepath.Rel(sourceDir, path) + if err != nil { + return errors.Wrap(err, "calculating relative path") + } + + _, normalizedParts, include := normalizeAndFilterPath(relPath) + if !include { + return nil + } + + destPath, destDir := computeDestPath(targetDir, normalizedParts) + + if isMetaV1File(destPath) { + destPath, destDir = transformMetaV1Path(targetDir, destPath) + } + + if err := copyFileWithInit(fs, path, destPath, destDir, createdInitDirs); err != nil { + return err + } + + if err := postProcessFile(fs, destPath); err != nil { + return err + } + + return transformMetaImportsInFile(fs, destPath) + }) +} + +func shouldSkipFile(info os.FileInfo) bool { + return info.IsDir() || info.Name() == "__init__.py" || filepath.Ext(info.Name()) != ".py" +} + +func normalizeAndFilterPath(relPath string) (openapiFolder string, normalizedParts []string, include bool) { + parts := strings.Split(filepath.ToSlash(relPath), "/") + if len(parts) == 0 { + return "", nil, false + } + + for _, part := range parts { + if strings.HasSuffix(part, "_openapi") { + openapiFolder = part + break + } + } + + var foundIO bool + for i, part := range parts { + if part == "io" && i+1 < len(parts) && parts[i+1] == "k8s" { + normalizedParts = parts[i:] + foundIO = true + break + } + } + if !foundIO { + return "", nil, false + } + + if len(normalizedParts) >= 3 && normalizedParts[2] == "apimachinery" { + if openapiFolder != "api__v1_openapi" { + return "", nil, false + } + } + + if openapiFolder != "" && strings.HasPrefix(openapiFolder, "apis__") { + segments := strings.Split(openapiFolder, "__") + if len(segments) >= 2 { + apiGroup := segments[1] + if len(normalizedParts) >= 4 && normalizedParts[2] == "api" { + fileAPIGroup := normalizedParts[3] + if (fileAPIGroup == "core" || fileAPIGroup == "authentication" || + fileAPIGroup == "autoscaling" || fileAPIGroup == "policy") && + fileAPIGroup != apiGroup { + return "", nil, false + } + } + } + } + + return openapiFolder, normalizedParts, true +} + +func computeDestPath(targetDir string, normalizedParts []string) (string, string) { + destPath := filepath.Join(append([]string{targetDir}, normalizedParts...)...) + destDir := filepath.Dir(destPath) + return destPath, destDir +} + +func copyFileWithInit(fs afero.Fs, srcPath, destPath, destDir string, created map[string]bool) error { + if err := fs.MkdirAll(destDir, os.ModePerm); err != nil { + return errors.Wrapf(err, "creating directory %s", destDir) + } + + data, err := afero.ReadFile(fs, srcPath) + if err != nil { + return errors.Wrapf(err, "reading %s", srcPath) + } + + if err := afero.WriteFile(fs, destPath, data, os.ModePerm); err != nil { + return errors.Wrapf(err, "writing %s", destPath) + } + + if !created[destDir] { + initPath := filepath.Join(destDir, "__init__.py") + if err := afero.WriteFile(fs, initPath, []byte(""), os.ModePerm); err != nil { + return errors.Wrapf(err, "creating __init__.py in %s", destDir) + } + created[destDir] = true + } + + return nil +} + +func postProcessFile(fs afero.Fs, path string) error { + if err := adjustImportsInFile(fs, path); err != nil { + return errors.Wrapf(err, "adjusting imports") + } + return errors.Wrapf(fixAliasedTypesInFile(fs, path), "fixing aliased types") +} + +func isMetaV1File(path string) bool { + return strings.HasSuffix(filepath.ToSlash(path), "apis/meta/v1.py") +} + +func transformMetaV1Path(targetDir, inPath string) (destPath, destDir string) { + rel, _ := filepath.Rel(targetDir, inPath) + rel = filepath.ToSlash(rel) + + newRel := strings.Replace(rel, "apis/meta/v1.py", "apis/core/meta/v1.py", 1) + + destPath = filepath.Join(targetDir, filepath.FromSlash(newRel)) + destDir = filepath.Dir(destPath) + return +} + +func transformMetaImport(importLine string) string { + parts := importRE.FindStringSubmatch(importLine) + if parts == nil { + return importLine + } + prefix, dots, modPath, suffix := parts[1], parts[2], parts[3], parts[4] + + if !strings.Contains(modPath, "apis.meta") { + return importLine + } + + newPath := strings.Replace(modPath, "apis.meta", "apis.core.meta", 1) + return prefix + dots + newPath + suffix +} + +func transformMetaImportsInFile(fs afero.Fs, filePath string) error { + fileContent, err := afero.ReadFile(fs, filePath) + if err != nil { + return errors.Wrapf(err, "error reading file %s", filePath) + } + + isCoreMeta := strings.HasSuffix(filepath.ToSlash(filePath), "core/meta/v1.py") + + modifiedContent := []string{} + scanner := bufio.NewScanner(strings.NewReader(string(fileContent))) + for scanner.Scan() { + line := scanner.Text() + if strings.Contains(line, "apis.meta") { + line = transformMetaImport(line) + } + if isCoreMeta { + line = adjustRelativeImportsForCoreMeta(line) + } + modifiedContent = append(modifiedContent, line) + } + + return afero.WriteFile(fs, filePath, []byte(strings.Join(modifiedContent, "\n")), os.ModePerm) +} + +func adjustRelativeImportsForCoreMeta(line string) string { + matches := importRE.FindStringSubmatch(line) + if matches == nil { + return line + } + + prefix, dots, modPath, suffix := matches[1], matches[2], matches[3], matches[4] + + if len(dots) > 0 { + dots = "." + dots + return prefix + dots + modPath + suffix + } + + return line +} + +// pythonSchemasPyproject is the pyproject.toml emitted alongside the generated +// schemas tree so it is a pip-installable package named "crossplane-models" +// that exposes a single "models" package. +const pythonSchemasPyproject = `[build-system] +requires = ["hatchling"] +build-backend = "hatchling.build" + +[project] +name = "crossplane-models" +version = "0.0.0" +requires-python = ">=3.11,<3.14" + +[tool.hatch.build.targets.wheel] +packages = ["models"] +` + +// finalizePythonSchemas makes the generated tree a pip-installable package by +// seeding empty __init__.py files in every directory under the package root +// that lacks one and writing a pyproject.toml at the schemas root. +func finalizePythonSchemas(fsys afero.Fs) error { + pkgRoot := filepath.Join(pythonModelsFolder, pythonPackageRoot) + if err := afero.Walk(fsys, pkgRoot, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + if !info.IsDir() { + return nil + } + initPath := filepath.Join(path, "__init__.py") + if exists, _ := afero.Exists(fsys, initPath); !exists { + if err := afero.WriteFile(fsys, initPath, nil, 0o644); err != nil { + return errors.Wrapf(err, "creating __init__.py in %s", path) + } + } + return nil + }); err != nil { + return err + } + + return afero.WriteFile(fsys, filepath.Join(pythonModelsFolder, "pyproject.toml"), []byte(pythonSchemasPyproject), 0o644) +} diff --git a/internal/schemas/generator/python_test.go b/internal/schemas/generator/python_test.go new file mode 100644 index 0000000..edb9e9b --- /dev/null +++ b/internal/schemas/generator/python_test.go @@ -0,0 +1,157 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package generator + +import ( + "os" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/spf13/afero" +) + +func TestTransformStructurePython(t *testing.T) { + tests := []struct { + name string + setupFs func(fs afero.Fs) + sourceDir string + targetDir string + expectedFiles map[string]string + expectedErrors bool + }{ + { + name: "BasicReorganizationAndImportAdjustment", + setupFs: func(fs afero.Fs) { + _ = afero.WriteFile(fs, pythonGeneratedFolder+"/platform_acme_co_v1alpha1_subnetwork/io/k8s/apimachinery/pkg/apis/meta/v1.py", []byte("from __future__ import annotations"), os.ModePerm) + _ = afero.WriteFile(fs, pythonGeneratedFolder+"/platform_acme_co_v1alpha1_subnetwork/io/k8s/apimachinery/pkg/apis/meta/__init__.py", []byte(""), os.ModePerm) + _ = afero.WriteFile(fs, pythonGeneratedFolder+"/platform_acme_co_v1alpha1_subnetwork/co/acme/platform/v1alpha1.py", []byte("from ....io.k8s.apimachinery.pkg.apis.meta import v1"), os.ModePerm) + _ = afero.WriteFile(fs, pythonGeneratedFolder+"/platform_acme_co_v1alpha1_subnetwork/co/acme/platform/__init__.py", []byte(""), os.ModePerm) + _ = afero.WriteFile(fs, pythonGeneratedFolder+"/platform_acme_co_v1alpha1_compositecluster/io/k8s/apimachinery/pkg/apis/meta/v1.py", []byte("from __future__ import annotations"), os.ModePerm) + _ = afero.WriteFile(fs, pythonGeneratedFolder+"/platform_acme_co_v1alpha1_compositecluster/io/k8s/apimachinery/pkg/apis/meta/__init__.py", []byte(""), os.ModePerm) + _ = afero.WriteFile(fs, pythonGeneratedFolder+"/platform_acme_co_v1alpha1_compositecluster/co/acme/platform/v1alpha1.py", []byte("from ....io.k8s.apimachinery.pkg.apis.meta import v1"), os.ModePerm) + _ = afero.WriteFile(fs, pythonGeneratedFolder+"/platform_acme_co_v1alpha1_compositecluster/co/acme/platform/__init__.py", []byte(""), os.ModePerm) + _ = afero.WriteFile(fs, pythonGeneratedFolder+"/eks_aws_upbound_io_v1beta1_accessentry/io/k8s/apimachinery/pkg/apis/meta/v1.py", []byte("from __future__ import annotations"), os.ModePerm) + _ = afero.WriteFile(fs, pythonGeneratedFolder+"/eks_aws_upbound_io_v1beta1_accessentry/io/k8s/apimachinery/pkg/apis/meta/__init__.py", []byte(""), os.ModePerm) + _ = afero.WriteFile(fs, pythonGeneratedFolder+"/eks_aws_upbound_io_v1beta1_accessentry/io/upbound/aws/eks/accessentry/v1beta1.py", []byte("from ....k8s.apimachinery.pkg.apis.meta import v1"), os.ModePerm) + _ = afero.WriteFile(fs, pythonGeneratedFolder+"/eks_aws_upbound_io_v1beta1_accessentry/io/upbound/aws/eks/accessentry/__init__.py", []byte(""), os.ModePerm) + }, + sourceDir: pythonGeneratedFolder, + targetDir: pythonAdoptModelsStructure, + expectedFiles: map[string]string{ + pythonAdoptModelsStructure + "/io/k8s/apimachinery/pkg/apis/meta/v1.py": "from __future__ import annotations", + pythonAdoptModelsStructure + "/io/k8s/apimachinery/pkg/apis/meta/__init__.py": "", + pythonAdoptModelsStructure + "/co/acme/platform/subnetwork/v1alpha1.py": "from .....io.k8s.apimachinery.pkg.apis.meta import v1", + pythonAdoptModelsStructure + "/co/acme/platform/subnetwork/__init__.py": "", + pythonAdoptModelsStructure + "/co/acme/platform/compositecluster/v1alpha1.py": "from .....io.k8s.apimachinery.pkg.apis.meta import v1", + pythonAdoptModelsStructure + "/co/acme/platform/compositecluster/__init__.py": "", + pythonAdoptModelsStructure + "/io/upbound/aws/eks/accessentry/v1beta1.py": "from .....k8s.apimachinery.pkg.apis.meta import v1", + pythonAdoptModelsStructure + "/io/upbound/aws/eks/accessentry/__init__.py": "", + }, + expectedErrors: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + fs := afero.NewMemMapFs() + tt.setupFs(fs) + err := postTransformCRD(fs, tt.sourceDir, tt.targetDir) + + if (err != nil) != tt.expectedErrors { + t.Fatalf("Expected error: %v, got: %v", tt.expectedErrors, err) + } + + for expectedFile, expectedContent := range tt.expectedFiles { + data, err := afero.ReadFile(fs, expectedFile) + if err != nil { + t.Fatalf("Expected file %s does not exist: %v", expectedFile, err) + } + content := string(data) + if diff := cmp.Diff(expectedContent, content); diff != "" { + t.Errorf("File %s content mismatch (-want +got):\n%s", expectedFile, diff) + } + } + }) + } +} + +func TestAdjustLeadingDots(t *testing.T) { + tests := []struct { + name string + importLine string + depth int + expected string + }{ + { + name: "NoAdjustmentNeeded", + importLine: "from io.k8s.apimachinery.pkg.apis.meta import v1", + depth: 0, + expected: "from io.k8s.apimachinery.pkg.apis.meta import v1", + }, + { + name: "NoAdjustmentNeededWithoutIo", + importLine: "from k8s.apimachinery.pkg.apis.meta import v1", + depth: 0, + expected: "from k8s.apimachinery.pkg.apis.meta import v1", + }, + { + name: "OneLevelDeep", + importLine: "from ..io.k8s.apimachinery.pkg.apis.meta import v1", + depth: 1, + expected: "from .io.k8s.apimachinery.pkg.apis.meta import v1", + }, + { + name: "ThreeLevelsDeep", + importLine: "from io.k8s.apimachinery.pkg.apis.meta import v1", + depth: 3, + expected: "from ...io.k8s.apimachinery.pkg.apis.meta import v1", + }, + { + name: "AlreadyContainsLeadingDots", + importLine: "from ......io.k8s.apimachinery.pkg.apis.meta import v1", + depth: 2, + expected: "from ..io.k8s.apimachinery.pkg.apis.meta import v1", + }, + { + name: "AlreadyContainsLeadingDotsWithoutIo", + importLine: "from ......k8s.apimachinery.pkg.apis.meta import v1", + depth: 2, + expected: "from .k8s.apimachinery.pkg.apis.meta import v1", + }, + { + name: "ImportInsideIoFolder", + importLine: "from ....k8s.apimachinery.pkg.apis.meta import v1", + depth: 6, + expected: "from .....k8s.apimachinery.pkg.apis.meta import v1", + }, + { + name: "NonMatchingImport", + importLine: "from some.other.module import something", + depth: 3, + expected: "from some.other.module import something", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got := adjustLeadingDots(tt.importLine, tt.depth) + if got != tt.expected { + t.Errorf("adjustLeadingDots() = %v, want %v", got, tt.expected) + } + }) + } +} diff --git a/internal/schemas/generator/testdata/account_scaffold_composition.yaml b/internal/schemas/generator/testdata/account_scaffold_composition.yaml new file mode 100644 index 0000000..6ab0224 --- /dev/null +++ b/internal/schemas/generator/testdata/account_scaffold_composition.yaml @@ -0,0 +1,58 @@ + +apiVersion: apiextensions.crossplane.io/v1 +kind: Composition +metadata: + name: xaccountscaffolds.platform.acme.co +spec: + compositeTypeRef: + apiVersion: platform.acme.co/v1alpha1 + kind: XAccountScaffold + mode: Pipeline + pipeline: + - step: compose + functionRef: + name: crossplane-contrib-function-kcl + input: + apiVersion: krm.kcl.dev/v1alpha1 + kind: KCLRun + metadata: + name: compose-account-scaffold + spec: + target: Resources + params: + name: "input-instance" + source: | + oxr = option("params").oxr + items = [{ + apiVersion: "platform.acme.co/v1alpha1" + kind: "XServiceAccount" + metadata.name = "{}-sa".format(oxr.metadata.name) + spec.parameters = { + displayName: oxr.spec.parameters.name + } + }, { + apiVersion: "platform.acme.co/v1alpha1" + kind: "XNetwork" + metadata.name = "{}-net".format(oxr.metadata.name) + spec.parameters = { + autoCreateSubnetworks: True + routingMode: "GLOBAL" + } + }, { + apiVersion: "platform.acme.co/v1alpha1" + kind: "XSubnetwork" + metadata.name = "{}-subnet".format(oxr.metadata.name) + spec.parameters = { + ipCidrRange: "10.2.0.0/16" + networkRef.name: "{}-net".format(oxr.metadata.name) + region: "us-central1" + secondaryIpRange = [{ + ipCidrRange: "192.168.10.0/24" + rangeName: "test-secondary-range-update1" + }] + } + }] + + - step: automatically-detect-ready-composed-resources + functionRef: + name: crossplane-contrib-function-auto-ready diff --git a/internal/schemas/generator/testdata/account_scaffold_definition.yaml b/internal/schemas/generator/testdata/account_scaffold_definition.yaml new file mode 100644 index 0000000..95495fd --- /dev/null +++ b/internal/schemas/generator/testdata/account_scaffold_definition.yaml @@ -0,0 +1,41 @@ + +apiVersion: apiextensions.crossplane.io/v1 +kind: CompositeResourceDefinition +metadata: + name: xaccountscaffolds.platform.acme.co +spec: + group: platform.acme.co + names: + kind: XAccountScaffold + plural: xaccountscaffolds + claimNames: + kind: AccountScaffold + plural: accountscaffolds + versions: + - name: v1alpha1 + served: true + referenceable: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + description: | + The specification for how this account should be + deployed. + properties: + parameters: + type: object + description: | + The parameters indicating how this account should + be configured. + properties: + name: + type: string + description: | + The name of the account to be scaffolded. + required: + - name + required: + - parameters diff --git a/internal/schemas/generator/testdata/api__v1_openapi.json b/internal/schemas/generator/testdata/api__v1_openapi.json new file mode 100644 index 0000000..d1a6ec0 --- /dev/null +++ b/internal/schemas/generator/testdata/api__v1_openapi.json @@ -0,0 +1,39034 @@ +{ + "components": { + "schemas": { + "io.k8s.api.authentication.v1.BoundObjectReference": { + "description": "BoundObjectReference is a reference to an object that a token is bound to.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent. Valid kinds are 'Pod' and 'Secret'.", + "type": "string" + }, + "name": { + "description": "Name of the referent.", + "type": "string" + }, + "uid": { + "description": "UID of the referent.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.authentication.v1.TokenRequest": { + "description": "TokenRequest requests a token for a given service account.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenRequestSpec" + } + ], + "default": {}, + "description": "Spec holds information about the request being evaluated" + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenRequestStatus" + } + ], + "default": {}, + "description": "Status is filled in by the server and indicates whether the token can be authenticated." + } + }, + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authentication.k8s.io", + "kind": "TokenRequest", + "version": "v1" + } + ] + }, + "io.k8s.api.authentication.v1.TokenRequestSpec": { + "description": "TokenRequestSpec contains client provided parameters of a token request.", + "properties": { + "audiences": { + "description": "Audiences are the intendend audiences of the token. A recipient of a token must identify themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "boundObjectRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.BoundObjectReference" + } + ], + "description": "BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound object exists. NOTE: The API server's TokenReview endpoint will validate the BoundObjectRef, but other audiences may not. Keep ExpirationSeconds small if you want prompt revocation." + }, + "expirationSeconds": { + "description": "ExpirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "audiences" + ], + "type": "object" + }, + "io.k8s.api.authentication.v1.TokenRequestStatus": { + "description": "TokenRequestStatus is the result of a token request.", + "properties": { + "expirationTimestamp": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "ExpirationTimestamp is the time of expiration of the returned token." + }, + "token": { + "default": "", + "description": "Token is the opaque bearer token.", + "type": "string" + } + }, + "required": [ + "token", + "expirationTimestamp" + ], + "type": "object" + }, + "io.k8s.api.autoscaling.v1.Scale": { + "description": "Scale represents a scaling request for a resource.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata." + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.ScaleSpec" + } + ], + "default": {}, + "description": "spec defines the behavior of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status." + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.ScaleStatus" + } + ], + "default": {}, + "description": "status is the current status of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. Read-only." + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "autoscaling", + "kind": "Scale", + "version": "v1" + } + ] + }, + "io.k8s.api.autoscaling.v1.ScaleSpec": { + "description": "ScaleSpec describes the attributes of a scale subresource.", + "properties": { + "replicas": { + "default": 0, + "description": "replicas is the desired number of instances for the scaled object.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "io.k8s.api.autoscaling.v1.ScaleStatus": { + "description": "ScaleStatus represents the current status of a scale subresource.", + "properties": { + "replicas": { + "default": 0, + "description": "replicas is the actual number of observed instances of the scaled object.", + "format": "int32", + "type": "integer" + }, + "selector": { + "description": "selector is the label query over pods that should match the replicas count. This is same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", + "type": "string" + } + }, + "required": [ + "replicas" + ], + "type": "object" + }, + "io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource": { + "description": "Represents a Persistent Disk resource in AWS.\n\nAn AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" + }, + "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "boolean" + }, + "volumeID": { + "default": "", + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Affinity": { + "description": "Affinity is a group of affinity scheduling rules.", + "properties": { + "nodeAffinity": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeAffinity" + } + ], + "description": "Describes node affinity scheduling rules for the pod." + }, + "podAffinity": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodAffinity" + } + ], + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." + }, + "podAntiAffinity": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodAntiAffinity" + } + ], + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.AppArmorProfile": { + "description": "AppArmorProfile defines a pod or container's AppArmor settings.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "default": "", + "description": "type indicates which kind of AppArmor profile will be applied. Valid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "localhostProfile": "LocalhostProfile" + } + } + ] + }, + "io.k8s.api.core.v1.AttachedVolume": { + "description": "AttachedVolume describes a volume attached to a node", + "properties": { + "devicePath": { + "default": "", + "description": "DevicePath represents the device path where the volume should be available", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the attached volume", + "type": "string" + } + }, + "required": [ + "name", + "devicePath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.AzureDiskVolumeSource": { + "description": "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", + "properties": { + "cachingMode": { + "default": "ReadWrite", + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", + "type": "string" + }, + "diskName": { + "default": "", + "description": "diskName is the Name of the data disk in the blob storage", + "type": "string" + }, + "diskURI": { + "default": "", + "description": "diskURI is the URI of data disk in the blob storage", + "type": "string" + }, + "fsType": { + "default": "ext4", + "description": "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "kind": { + "default": "Shared", + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", + "type": "string" + }, + "readOnly": { + "default": false, + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + } + }, + "required": [ + "diskName", + "diskURI" + ], + "type": "object" + }, + "io.k8s.api.core.v1.AzureFilePersistentVolumeSource": { + "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", + "properties": { + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretName": { + "default": "", + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", + "type": "string" + }, + "secretNamespace": { + "description": "secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key default is the same as the Pod", + "type": "string" + }, + "shareName": { + "default": "", + "description": "shareName is the azure Share Name", + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.AzureFileVolumeSource": { + "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", + "properties": { + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretName": { + "default": "", + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", + "type": "string" + }, + "shareName": { + "default": "", + "description": "shareName is the azure share Name", + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Binding": { + "description": "Binding ties one object to another; for example, a pod is bound to a node by a scheduler.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "target": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + } + ], + "default": {}, + "description": "The target object that you want to bind to the standard object." + } + }, + "required": [ + "target" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "Binding", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.CSIPersistentVolumeSource": { + "description": "Represents storage that is managed by an external CSI volume driver", + "properties": { + "controllerExpandSecretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretReference" + } + ], + "description": "controllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed." + }, + "controllerPublishSecretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretReference" + } + ], + "description": "controllerPublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerPublishVolume and ControllerUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed." + }, + "driver": { + "default": "", + "description": "driver is the name of the driver to use for this volume. Required.", + "type": "string" + }, + "fsType": { + "description": "fsType to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\".", + "type": "string" + }, + "nodeExpandSecretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretReference" + } + ], + "description": "nodeExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeExpandVolume call. This field is optional, may be omitted if no secret is required. If the secret object contains more than one secret, all secrets are passed." + }, + "nodePublishSecretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretReference" + } + ], + "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed." + }, + "nodeStageSecretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretReference" + } + ], + "description": "nodeStageSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeStageVolume and NodeStageVolume and NodeUnstageVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed." + }, + "readOnly": { + "description": "readOnly value to pass to ControllerPublishVolumeRequest. Defaults to false (read/write).", + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "volumeAttributes of the volume to publish.", + "type": "object" + }, + "volumeHandle": { + "default": "", + "description": "volumeHandle is the unique volume name returned by the CSI volume plugin’s CreateVolume to refer to the volume on all subsequent calls. Required.", + "type": "string" + } + }, + "required": [ + "driver", + "volumeHandle" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CSIVolumeSource": { + "description": "Represents a source location of a volume to mount, managed by an external CSI driver", + "properties": { + "driver": { + "default": "", + "description": "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", + "type": "string" + }, + "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", + "type": "string" + }, + "nodePublishSecretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + } + ], + "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed." + }, + "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).", + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", + "type": "object" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Capabilities": { + "description": "Adds and removes POSIX capabilities from running containers.", + "properties": { + "add": { + "description": "Added capabilities", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "description": "Removed capabilities", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.CephFSPersistentVolumeSource": { + "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", + "properties": { + "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", + "type": "string" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "boolean" + }, + "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + }, + "secretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretReference" + } + ], + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + }, + "user": { + "description": "user is Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CephFSVolumeSource": { + "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", + "properties": { + "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", + "type": "string" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "boolean" + }, + "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + }, + "secretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + } + ], + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + }, + "user": { + "description": "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CinderPersistentVolumeSource": { + "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "boolean" + }, + "secretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretReference" + } + ], + "description": "secretRef is Optional: points to a secret object containing parameters used to connect to OpenStack." + }, + "volumeID": { + "default": "", + "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.CinderVolumeSource": { + "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "boolean" + }, + "secretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + } + ], + "description": "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." + }, + "volumeID": { + "default": "", + "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ClientIPConfig": { + "description": "ClientIPConfig represents the configurations of Client IP based session affinity.", + "properties": { + "timeoutSeconds": { + "description": "timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == \"ClientIP\". Default value is 10800(for 3 hours).", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ClusterTrustBundleProjection": { + "description": "ClusterTrustBundleProjection describes how to select a set of ClusterTrustBundle objects and project their contents into the pod filesystem.", + "properties": { + "labelSelector": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + } + ], + "description": "Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as \"match nothing\". If set but empty, interpreted as \"match everything\"." + }, + "name": { + "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.", + "type": "string" + }, + "optional": { + "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.", + "type": "boolean" + }, + "path": { + "default": "", + "description": "Relative path from the volume root to write the bundle.", + "type": "string" + }, + "signerName": { + "description": "Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ComponentCondition": { + "description": "Information about the condition of a component.", + "properties": { + "error": { + "description": "Condition error code for a component. For example, a health check error code.", + "type": "string" + }, + "message": { + "description": "Message about the condition for a component. For example, information about a health check.", + "type": "string" + }, + "status": { + "default": "", + "description": "Status of the condition for a component. Valid values for \"Healthy\": \"True\", \"False\", or \"Unknown\".", + "type": "string" + }, + "type": { + "default": "", + "description": "Type of condition for a component. Valid value: \"Healthy\"", + "type": "string" + } + }, + "required": [ + "type", + "status" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ComponentStatus": { + "description": "ComponentStatus (and ComponentStatusList) holds the cluster validation info. Deprecated: This API is deprecated in v1.19+", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "conditions": { + "description": "List of component conditions observed", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ComponentCondition" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "ComponentStatus", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.ComponentStatusList": { + "description": "Status of all the conditions for the component as a list of ComponentStatus objects. Deprecated: This API is deprecated in v1.19+", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of ComponentStatus objects.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ComponentStatus" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "ComponentStatusList", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.ConfigMap": { + "description": "ConfigMap holds configuration data for pods to consume.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "binaryData": { + "additionalProperties": { + "format": "byte", + "type": "string" + }, + "description": "BinaryData contains the binary data. Each key must consist of alphanumeric characters, '-', '_' or '.'. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process. Using this field will require 1.10+ apiserver and kubelet.", + "type": "object" + }, + "data": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Data contains the configuration data. Each key must consist of alphanumeric characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.", + "type": "object" + }, + "immutable": { + "description": "Immutable, if set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.", + "type": "boolean" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "ConfigMap", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.ConfigMapEnvSource": { + "description": "ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.\n\nThe contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapKeySelector": { + "description": "Selects a key from a ConfigMap.", + "properties": { + "key": { + "default": "", + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ConfigMapList": { + "description": "ConfigMapList is a resource containing a list of ConfigMap objects.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is the list of ConfigMaps.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "ConfigMapList", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.ConfigMapNodeConfigSource": { + "description": "ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration", + "properties": { + "kubeletConfigKey": { + "default": "", + "description": "KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name is the metadata.name of the referenced ConfigMap. This field is required in all cases.", + "type": "string" + }, + "namespace": { + "default": "", + "description": "Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases.", + "type": "string" + }, + "resourceVersion": { + "description": "ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.", + "type": "string" + }, + "uid": { + "description": "UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.", + "type": "string" + } + }, + "required": [ + "namespace", + "name", + "kubeletConfigKey" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapProjection": { + "description": "Adapts a ConfigMap into a projected volume.\n\nThe contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.KeyToPath" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ConfigMapVolumeSource": { + "description": "Adapts a ConfigMap into a volume.\n\nThe contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.", + "properties": { + "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.KeyToPath" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.Container": { + "description": "A single application container that you want to run within a pod.", + "properties": { + "args": { + "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EnvVar" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EnvFromSource" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "string" + }, + "lifecycle": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Lifecycle" + } + ], + "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated." + }, + "livenessProbe": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Probe" + } + ], + "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + }, + "name": { + "default": "", + "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", + "type": "string" + }, + "ports": { + "description": "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ContainerPort" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "containerPort", + "x-kubernetes-patch-strategy": "merge" + }, + "readinessProbe": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Probe" + } + ], + "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + }, + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ContainerResizePolicy" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceRequirements" + } + ], + "default": {}, + "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + }, + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.", + "type": "string" + }, + "securityContext": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecurityContext" + } + ], + "description": "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + }, + "startupProbe": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Probe" + } + ], + "description": "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + }, + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + "type": "boolean" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", + "type": "string" + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.VolumeDevice" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "devicePath", + "x-kubernetes-patch-strategy": "merge" + }, + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.VolumeMount" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "mountPath", + "x-kubernetes-patch-strategy": "merge" + }, + "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ContainerImage": { + "description": "Describe a container image", + "properties": { + "names": { + "description": "Names by which this image is known. e.g. [\"kubernetes.example/hyperkube:v1.0.7\", \"cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7\"]", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "sizeBytes": { + "description": "The size of the image in bytes.", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ContainerPort": { + "description": "ContainerPort represents a network port in a single container.", + "properties": { + "containerPort": { + "default": 0, + "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.", + "format": "int32", + "type": "integer" + }, + "hostIP": { + "description": "What host IP to bind the external port to.", + "type": "string" + }, + "hostPort": { + "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + "format": "int32", + "type": "integer" + }, + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", + "type": "string" + }, + "protocol": { + "default": "TCP", + "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ContainerResizePolicy": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", + "properties": { + "resourceName": { + "default": "", + "description": "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.", + "type": "string" + }, + "restartPolicy": { + "default": "", + "description": "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.", + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ContainerState": { + "description": "ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.", + "properties": { + "running": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ContainerStateRunning" + } + ], + "description": "Details about a running container" + }, + "terminated": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ContainerStateTerminated" + } + ], + "description": "Details about a terminated container" + }, + "waiting": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ContainerStateWaiting" + } + ], + "description": "Details about a waiting container" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ContainerStateRunning": { + "description": "ContainerStateRunning is a running state of a container.", + "properties": { + "startedAt": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "Time at which the container was last (re-)started" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ContainerStateTerminated": { + "description": "ContainerStateTerminated is a terminated state of a container.", + "properties": { + "containerID": { + "description": "Container's ID in the format '://'", + "type": "string" + }, + "exitCode": { + "default": 0, + "description": "Exit status from the last termination of the container", + "format": "int32", + "type": "integer" + }, + "finishedAt": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "Time at which the container last terminated" + }, + "message": { + "description": "Message regarding the last termination of the container", + "type": "string" + }, + "reason": { + "description": "(brief) reason from the last termination of the container", + "type": "string" + }, + "signal": { + "description": "Signal from the last termination of the container", + "format": "int32", + "type": "integer" + }, + "startedAt": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "Time at which previous execution of the container started" + } + }, + "required": [ + "exitCode" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ContainerStateWaiting": { + "description": "ContainerStateWaiting is a waiting state of a container.", + "properties": { + "message": { + "description": "Message regarding why the container is not yet running.", + "type": "string" + }, + "reason": { + "description": "(brief) reason the container is not yet running.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ContainerStatus": { + "description": "ContainerStatus contains details for the current status of this container.", + "properties": { + "allocatedResources": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "AllocatedResources represents the compute resources allocated for this container by the node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission and after successfully admitting desired pod resize.", + "type": "object" + }, + "allocatedResourcesStatus": { + "description": "AllocatedResourcesStatus represents the status of various resources allocated for this Pod.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceStatus" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "containerID": { + "description": "ContainerID is the ID of the container in the format '://'. Where type is a container runtime identifier, returned from Version call of CRI API (for example \"containerd\").", + "type": "string" + }, + "image": { + "default": "", + "description": "Image is the name of container image that the container is running. The container image may not match the image used in the PodSpec, as it may have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.", + "type": "string" + }, + "imageID": { + "default": "", + "description": "ImageID is the image ID of the container's image. The image ID may not match the image ID of the image used in the PodSpec, as it may have been resolved by the runtime.", + "type": "string" + }, + "lastState": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ContainerState" + } + ], + "default": {}, + "description": "LastTerminationState holds the last termination state of the container to help debug container crashes and restarts. This field is not populated if the container is still running and RestartCount is 0." + }, + "name": { + "default": "", + "description": "Name is a DNS_LABEL representing the unique name of the container. Each container in a pod must have a unique name across all container types. Cannot be updated.", + "type": "string" + }, + "ready": { + "default": false, + "description": "Ready specifies whether the container is currently passing its readiness check. The value will change as readiness probes keep executing. If no readiness probes are specified, this field defaults to true once the container is fully started (see Started field).\n\nThe value is typically used to determine whether a container is ready to accept traffic.", + "type": "boolean" + }, + "resources": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceRequirements" + } + ], + "description": "Resources represents the compute resource requests and limits that have been successfully enacted on the running container after it has been started or has been successfully resized." + }, + "restartCount": { + "default": 0, + "description": "RestartCount holds the number of times the container has been restarted. Kubelet makes an effort to always increment the value, but there are cases when the state may be lost due to node restarts and then the value may be reset to 0. The value is never negative.", + "format": "int32", + "type": "integer" + }, + "started": { + "description": "Started indicates whether the container has finished its postStart lifecycle hook and passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. In both cases, startup probes will run again. Is always true when no startupProbe is defined and container is running and has passed the postStart lifecycle hook. The null value must be treated the same as false.", + "type": "boolean" + }, + "state": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ContainerState" + } + ], + "default": {}, + "description": "State holds details about the container's current condition." + }, + "stopSignal": { + "description": "StopSignal reports the effective stop signal for this container", + "type": "string" + }, + "user": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ContainerUser" + } + ], + "description": "User represents user identity information initially attached to the first process of the container" + }, + "volumeMounts": { + "description": "Status of volume mounts.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.VolumeMountStatus" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "mountPath", + "x-kubernetes-patch-strategy": "merge" + } + }, + "required": [ + "name", + "ready", + "restartCount", + "image", + "imageID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ContainerUser": { + "description": "ContainerUser represents user identity information", + "properties": { + "linux": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LinuxContainerUser" + } + ], + "description": "Linux holds user identity information initially attached to the first process of the containers in Linux. Note that the actual running identity can be changed if the process has enough privilege to do so." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.DaemonEndpoint": { + "description": "DaemonEndpoint contains information about a single Daemon endpoint.", + "properties": { + "Port": { + "default": 0, + "description": "Port number of the given endpoint.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "Port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIProjection": { + "description": "Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.", + "properties": { + "items": { + "description": "Items is a list of DownwardAPIVolume file", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.DownwardAPIVolumeFile" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIVolumeFile": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "properties": { + "fieldRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectFieldSelector" + } + ], + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." + }, + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "default": "", + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "type": "string" + }, + "resourceFieldRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceFieldSelector" + } + ], + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.DownwardAPIVolumeSource": { + "description": "DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.", + "properties": { + "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "Items is a list of downward API volume file", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.DownwardAPIVolumeFile" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EmptyDirVolumeSource": { + "description": "Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.", + "properties": { + "medium": { + "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "type": "string" + }, + "sizeLimit": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + } + ], + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EndpointAddress": { + "description": "EndpointAddress is a tuple that describes single IP address. Deprecated: This API is deprecated in v1.33+.", + "properties": { + "hostname": { + "description": "The Hostname of this endpoint", + "type": "string" + }, + "ip": { + "default": "", + "description": "The IP of this endpoint. May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), or link-local multicast (224.0.0.0/24 or ff02::/16).", + "type": "string" + }, + "nodeName": { + "description": "Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node.", + "type": "string" + }, + "targetRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + } + ], + "description": "Reference to object providing the endpoint." + } + }, + "required": [ + "ip" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.EndpointPort": { + "description": "EndpointPort is a tuple that describes a single port. Deprecated: This API is deprecated in v1.33+.", + "properties": { + "appProtocol": { + "description": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.", + "type": "string" + }, + "name": { + "description": "The name of this port. This must match the 'name' field in the corresponding ServicePort. Must be a DNS_LABEL. Optional only if one port is defined.", + "type": "string" + }, + "port": { + "default": 0, + "description": "The port number of the endpoint.", + "format": "int32", + "type": "integer" + }, + "protocol": { + "description": "The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.EndpointSubset": { + "description": "EndpointSubset is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given:\n\n\t{\n\t Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n\t}\n\nThe resulting set of endpoints can be viewed as:\n\n\ta: [ 10.10.1.1:8675, 10.10.2.2:8675 ],\n\tb: [ 10.10.1.1:309, 10.10.2.2:309 ]\n\nDeprecated: This API is deprecated in v1.33+.", + "properties": { + "addresses": { + "description": "IP addresses which offer the related ports that are marked as ready. These endpoints should be considered safe for load balancers and clients to utilize.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointAddress" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "notReadyAddresses": { + "description": "IP addresses which offer the related ports but are not currently marked as ready because they have not yet finished starting, have recently failed a readiness check, or have recently failed a liveness check.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointAddress" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ports": { + "description": "Port numbers available on the related IP addresses.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointPort" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.Endpoints": { + "description": "Endpoints is a collection of endpoints that implement the actual service. Example:\n\n\t Name: \"mysvc\",\n\t Subsets: [\n\t {\n\t Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n\t },\n\t {\n\t Addresses: [{\"ip\": \"10.10.3.3\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 93}, {\"name\": \"b\", \"port\": 76}]\n\t },\n\t]\n\nEndpoints is a legacy API and does not contain information about all Service features. Use discoveryv1.EndpointSlice for complete information about Service endpoints.\n\nDeprecated: This API is deprecated in v1.33+. Use discoveryv1.EndpointSlice.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "subsets": { + "description": "The set of all endpoints is the union of all subsets. Addresses are placed into subsets according to the IPs they share. A single address with multiple ports, some of which are ready and some of which are not (because they come from different containers) will result in the address being displayed in different subsets for the different ports. No address will appear in both Addresses and NotReadyAddresses in the same subset. Sets of addresses and ports that comprise a service.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointSubset" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "Endpoints", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.EndpointsList": { + "description": "EndpointsList is a list of endpoints. Deprecated: This API is deprecated in v1.33+.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of endpoints.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "EndpointsList", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.EnvFromSource": { + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", + "properties": { + "configMapRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapEnvSource" + } + ], + "description": "The ConfigMap to select from" + }, + "prefix": { + "description": "Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='.", + "type": "string" + }, + "secretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretEnvSource" + } + ], + "description": "The Secret to select from" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EnvVar": { + "description": "EnvVar represents an environment variable present in a Container.", + "properties": { + "name": { + "default": "", + "description": "Name of the environment variable. May consist of any printable ASCII characters except '='.", + "type": "string" + }, + "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", + "type": "string" + }, + "valueFrom": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EnvVarSource" + } + ], + "description": "Source for the environment variable's value. Cannot be used if value is not empty." + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.EnvVarSource": { + "description": "EnvVarSource represents a source for the value of an EnvVar.", + "properties": { + "configMapKeyRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapKeySelector" + } + ], + "description": "Selects a key of a ConfigMap." + }, + "fieldRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectFieldSelector" + } + ], + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + }, + "resourceFieldRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceFieldSelector" + } + ], + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + }, + "secretKeyRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretKeySelector" + } + ], + "description": "Selects a key of a secret in the pod's namespace" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EphemeralContainer": { + "description": "An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted.", + "properties": { + "args": { + "description": "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "description": "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EnvVar" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EnvFromSource" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "type": "string" + }, + "lifecycle": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Lifecycle" + } + ], + "description": "Lifecycle is not allowed for ephemeral containers." + }, + "livenessProbe": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Probe" + } + ], + "description": "Probes are not allowed for ephemeral containers." + }, + "name": { + "default": "", + "description": "Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.", + "type": "string" + }, + "ports": { + "description": "Ports are not allowed for ephemeral containers.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ContainerPort" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "containerPort", + "x-kubernetes-patch-strategy": "merge" + }, + "readinessProbe": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Probe" + } + ], + "description": "Probes are not allowed for ephemeral containers." + }, + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ContainerResizePolicy" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceRequirements" + } + ], + "default": {}, + "description": "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod." + }, + "restartPolicy": { + "description": "Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.", + "type": "string" + }, + "securityContext": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecurityContext" + } + ], + "description": "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext." + }, + "startupProbe": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Probe" + } + ], + "description": "Probes are not allowed for ephemeral containers." + }, + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + "type": "boolean" + }, + "targetContainerName": { + "description": "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined.", + "type": "string" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", + "type": "string" + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.VolumeDevice" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "devicePath", + "x-kubernetes-patch-strategy": "merge" + }, + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.VolumeMount" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "mountPath", + "x-kubernetes-patch-strategy": "merge" + }, + "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.EphemeralVolumeSource": { + "description": "Represents an ephemeral volume that is handled by a normal storage driver.", + "properties": { + "volumeClaimTemplate": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimTemplate" + } + ], + "description": "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes to the PVC after it has been created.\n\nRequired, must not be nil." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.Event": { + "description": "Event is a report of an event somewhere in the cluster. Events have a limited retention time and triggers and messages may evolve with time. Event consumers should not rely on the timing of an event with a given Reason reflecting a consistent underlying trigger, or the continued existence of events with that Reason. Events should be treated as informative, best-effort, supplemental data.", + "properties": { + "action": { + "description": "What action was taken/failed regarding to the Regarding object.", + "type": "string" + }, + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "count": { + "description": "The number of times this event has occurred.", + "format": "int32", + "type": "integer" + }, + "eventTime": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime" + } + ], + "description": "Time when this Event was first observed." + }, + "firstTimestamp": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "The time at which the event was first recorded. (Time of server receipt is in TypeMeta.)" + }, + "involvedObject": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + } + ], + "default": {}, + "description": "The object that this event is about." + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "lastTimestamp": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "The time at which the most recent occurrence of this event was recorded." + }, + "message": { + "description": "A human-readable description of the status of this operation.", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "reason": { + "description": "This should be a short, machine understandable string that gives the reason for the transition into the object's current status.", + "type": "string" + }, + "related": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + } + ], + "description": "Optional secondary object for more complex actions." + }, + "reportingComponent": { + "default": "", + "description": "Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`.", + "type": "string" + }, + "reportingInstance": { + "default": "", + "description": "ID of the controller instance, e.g. `kubelet-xyzf`.", + "type": "string" + }, + "series": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EventSeries" + } + ], + "description": "Data about the Event series this event represents or nil if it's a singleton Event." + }, + "source": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EventSource" + } + ], + "default": {}, + "description": "The component reporting this event. Should be a short machine understandable string." + }, + "type": { + "description": "Type of this event (Normal, Warning), new types could be added in the future", + "type": "string" + } + }, + "required": [ + "metadata", + "involvedObject" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "Event", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.EventList": { + "description": "EventList is a list of events.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of events", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "EventList", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.EventSeries": { + "description": "EventSeries contain information on series of events, i.e. thing that was/is happening continuously for some time.", + "properties": { + "count": { + "description": "Number of occurrences in this series up to the last heartbeat time", + "format": "int32", + "type": "integer" + }, + "lastObservedTime": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime" + } + ], + "description": "Time of the last occurrence observed" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.EventSource": { + "description": "EventSource contains information for an event.", + "properties": { + "component": { + "description": "Component from which the event is generated.", + "type": "string" + }, + "host": { + "description": "Node name on which the event is generated.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ExecAction": { + "description": "ExecAction describes a \"run in container\" action.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.FCVolumeSource": { + "description": "Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "lun": { + "description": "lun is Optional: FC target lun number", + "format": "int32", + "type": "integer" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.FlexPersistentVolumeSource": { + "description": "FlexPersistentVolumeSource represents a generic persistent volume resource that is provisioned/attached using an exec based plugin.", + "properties": { + "driver": { + "default": "", + "description": "driver is the name of the driver to use for this volume.", + "type": "string" + }, + "fsType": { + "description": "fsType is the Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", + "type": "string" + }, + "options": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "options is Optional: this field holds extra command options if any.", + "type": "object" + }, + "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretReference" + } + ], + "description": "secretRef is Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "io.k8s.api.core.v1.FlexVolumeSource": { + "description": "FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", + "properties": { + "driver": { + "default": "", + "description": "driver is the name of the driver to use for this volume.", + "type": "string" + }, + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", + "type": "string" + }, + "options": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "options is Optional: this field holds extra command options if any.", + "type": "object" + }, + "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + } + ], + "description": "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "io.k8s.api.core.v1.FlockerVolumeSource": { + "description": "Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.", + "properties": { + "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated", + "type": "string" + }, + "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.GCEPersistentDiskVolumeSource": { + "description": "Represents a Persistent Disk resource in Google Compute Engine.\n\nA GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string" + }, + "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "format": "int32", + "type": "integer" + }, + "pdName": { + "default": "", + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "boolean" + } + }, + "required": [ + "pdName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GRPCAction": { + "description": "GRPCAction specifies an action involving a GRPC service.", + "properties": { + "port": { + "default": 0, + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GitRepoVolumeSource": { + "description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", + "properties": { + "directory": { + "description": "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", + "type": "string" + }, + "repository": { + "default": "", + "description": "repository is the URL", + "type": "string" + }, + "revision": { + "description": "revision is the commit hash for the specified revision.", + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GlusterfsPersistentVolumeSource": { + "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", + "properties": { + "endpoints": { + "default": "", + "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "endpointsNamespace": { + "description": "endpointsNamespace is the namespace that contains Glusterfs endpoint. If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "path": { + "default": "", + "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.GlusterfsVolumeSource": { + "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", + "properties": { + "endpoints": { + "default": "", + "description": "endpoints is the endpoint name that details Glusterfs topology.", + "type": "string" + }, + "path": { + "default": "", + "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HTTPGetAction": { + "description": "HTTPGetAction describes an action based on HTTP Get requests.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.HTTPHeader" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + } + ], + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + }, + "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HTTPHeader": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "default": "", + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "default": "", + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HostAlias": { + "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.", + "properties": { + "hostnames": { + "description": "Hostnames for the above IP address.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ip": { + "default": "", + "description": "IP address of the host file entry.", + "type": "string" + } + }, + "required": [ + "ip" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HostIP": { + "description": "HostIP represents a single IP address allocated to the host.", + "properties": { + "ip": { + "default": "", + "description": "IP is the IP address assigned to the host", + "type": "string" + } + }, + "required": [ + "ip" + ], + "type": "object" + }, + "io.k8s.api.core.v1.HostPathVolumeSource": { + "description": "Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.", + "properties": { + "path": { + "default": "", + "description": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "type": "string" + }, + "type": { + "description": "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ISCSIPersistentVolumeSource": { + "description": "ISCSIPersistentVolumeSource represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", + "properties": { + "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", + "type": "boolean" + }, + "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", + "type": "boolean" + }, + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", + "type": "string" + }, + "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.", + "type": "string" + }, + "iqn": { + "default": "", + "description": "iqn is Target iSCSI Qualified Name.", + "type": "string" + }, + "iscsiInterface": { + "default": "default", + "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", + "type": "string" + }, + "lun": { + "default": 0, + "description": "lun is iSCSI Target Lun number.", + "format": "int32", + "type": "integer" + }, + "portals": { + "description": "portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", + "type": "boolean" + }, + "secretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretReference" + } + ], + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication" + }, + "targetPortal": { + "default": "", + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "type": "string" + } + }, + "required": [ + "targetPortal", + "iqn", + "lun" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ISCSIVolumeSource": { + "description": "Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", + "properties": { + "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", + "type": "boolean" + }, + "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", + "type": "boolean" + }, + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", + "type": "string" + }, + "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.", + "type": "string" + }, + "iqn": { + "default": "", + "description": "iqn is the target iSCSI Qualified Name.", + "type": "string" + }, + "iscsiInterface": { + "default": "default", + "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", + "type": "string" + }, + "lun": { + "default": 0, + "description": "lun represents iSCSI Target Lun number.", + "format": "int32", + "type": "integer" + }, + "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", + "type": "boolean" + }, + "secretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + } + ], + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication" + }, + "targetPortal": { + "default": "", + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "type": "string" + } + }, + "required": [ + "targetPortal", + "iqn", + "lun" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ImageVolumeSource": { + "description": "ImageVolumeSource represents a image volume resource.", + "properties": { + "pullPolicy": { + "description": "Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.", + "type": "string" + }, + "reference": { + "description": "Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.KeyToPath": { + "description": "Maps a string key to a path within a volume.", + "properties": { + "key": { + "default": "", + "description": "key is the key to project.", + "type": "string" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "path": { + "default": "", + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Lifecycle": { + "description": "Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.", + "properties": { + "postStart": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LifecycleHandler" + } + ], + "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + }, + "preStop": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LifecycleHandler" + } + ], + "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" + }, + "stopSignal": { + "description": "StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.LifecycleHandler": { + "description": "LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.", + "properties": { + "exec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ExecAction" + } + ], + "description": "Exec specifies a command to execute in the container." + }, + "httpGet": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.HTTPGetAction" + } + ], + "description": "HTTPGet specifies an HTTP GET request to perform." + }, + "sleep": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SleepAction" + } + ], + "description": "Sleep represents a duration that the container should sleep." + }, + "tcpSocket": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.TCPSocketAction" + } + ], + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.LimitRange": { + "description": "LimitRange sets resource usage limits for each kind of resource in a Namespace.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRangeSpec" + } + ], + "default": {}, + "description": "Spec defines the limits enforced. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "LimitRange", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.LimitRangeItem": { + "description": "LimitRangeItem defines a min/max usage limit for any resource that matches on kind.", + "properties": { + "default": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "Default resource requirement limit value by resource name if resource limit is omitted.", + "type": "object" + }, + "defaultRequest": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "DefaultRequest is the default resource requirement request value by resource name if resource request is omitted.", + "type": "object" + }, + "max": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "Max usage constraints on this kind by resource name.", + "type": "object" + }, + "maxLimitRequestRatio": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource.", + "type": "object" + }, + "min": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "Min usage constraints on this kind by resource name.", + "type": "object" + }, + "type": { + "default": "", + "description": "Type of resource that this limit applies to.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "io.k8s.api.core.v1.LimitRangeList": { + "description": "LimitRangeList is a list of LimitRange items.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is a list of LimitRange objects. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "LimitRangeList", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.LimitRangeSpec": { + "description": "LimitRangeSpec defines a min/max usage limit for resources that match on kind.", + "properties": { + "limits": { + "description": "Limits is the list of LimitRangeItem objects that are enforced.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRangeItem" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "limits" + ], + "type": "object" + }, + "io.k8s.api.core.v1.LinuxContainerUser": { + "description": "LinuxContainerUser represents user identity information in Linux containers", + "properties": { + "gid": { + "default": 0, + "description": "GID is the primary gid initially attached to the first process in the container", + "format": "int64", + "type": "integer" + }, + "supplementalGroups": { + "description": "SupplementalGroups are the supplemental groups initially attached to the first process in the container", + "items": { + "default": 0, + "format": "int64", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "uid": { + "default": 0, + "description": "UID is the primary uid initially attached to the first process in the container", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "uid", + "gid" + ], + "type": "object" + }, + "io.k8s.api.core.v1.LoadBalancerIngress": { + "description": "LoadBalancerIngress represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.", + "properties": { + "hostname": { + "description": "Hostname is set for load-balancer ingress points that are DNS based (typically AWS load-balancers)", + "type": "string" + }, + "ip": { + "description": "IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers)", + "type": "string" + }, + "ipMode": { + "description": "IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified. Setting this to \"VIP\" indicates that traffic is delivered to the node with the destination set to the load-balancer's IP and port. Setting this to \"Proxy\" indicates that traffic is delivered to the node or pod with the destination set to the node's IP and node port or the pod's IP and port. Service implementations may use this information to adjust traffic routing.", + "type": "string" + }, + "ports": { + "description": "Ports is a list of records of service ports If used, every port defined in the service should have an entry in it", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PortStatus" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.LoadBalancerStatus": { + "description": "LoadBalancerStatus represents the status of a load-balancer.", + "properties": { + "ingress": { + "description": "Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LoadBalancerIngress" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.LocalObjectReference": { + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.LocalVolumeSource": { + "description": "Local represents directly-attached storage with node affinity", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. It applies only when the Path is a block device. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default value is to auto-select a filesystem if unspecified.", + "type": "string" + }, + "path": { + "default": "", + "description": "path of the full path to the volume on the node. It can be either a directory or block device (disk, partition, ...).", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ModifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation", + "properties": { + "status": { + "default": "", + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + }, + "io.k8s.api.core.v1.NFSVolumeSource": { + "description": "Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.", + "properties": { + "path": { + "default": "", + "description": "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "boolean" + }, + "server": { + "default": "", + "description": "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string" + } + }, + "required": [ + "server", + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Namespace": { + "description": "Namespace provides a scope for Names. Use of multiple namespaces is optional.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NamespaceSpec" + } + ], + "default": {}, + "description": "Spec defines the behavior of the Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NamespaceStatus" + } + ], + "default": {}, + "description": "Status describes the current status of a Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "Namespace", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.NamespaceCondition": { + "description": "NamespaceCondition contains details about state of namespace.", + "properties": { + "lastTransitionTime": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "Last time the condition transitioned from one status to another." + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "default": "", + "description": "Status of the condition, one of True, False, Unknown.", + "type": "string" + }, + "type": { + "default": "", + "description": "Type of namespace controller condition.", + "type": "string" + } + }, + "required": [ + "type", + "status" + ], + "type": "object" + }, + "io.k8s.api.core.v1.NamespaceList": { + "description": "NamespaceList is a list of Namespaces.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is the list of Namespace objects in the list. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "NamespaceList", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.NamespaceSpec": { + "description": "NamespaceSpec describes the attributes on a Namespace.", + "properties": { + "finalizers": { + "description": "Finalizers is an opaque list of values that must be empty to permanently remove object from storage. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.NamespaceStatus": { + "description": "NamespaceStatus is information about the current status of a Namespace.", + "properties": { + "conditions": { + "description": "Represents the latest available observations of a namespace's current state.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NamespaceCondition" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "phase": { + "description": "Phase is the current lifecycle phase of the namespace. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.Node": { + "description": "Node is a worker node in Kubernetes. Each node will have a unique identifier in the cache (i.e. in etcd).", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeSpec" + } + ], + "default": {}, + "description": "Spec defines the behavior of a node. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeStatus" + } + ], + "default": {}, + "description": "Most recently observed status of the node. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "Node", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.NodeAddress": { + "description": "NodeAddress contains information for the node's address.", + "properties": { + "address": { + "default": "", + "description": "The node address.", + "type": "string" + }, + "type": { + "default": "", + "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", + "type": "string" + } + }, + "required": [ + "type", + "address" + ], + "type": "object" + }, + "io.k8s.api.core.v1.NodeAffinity": { + "description": "Node affinity is a group of node affinity scheduling rules.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PreferredSchedulingTerm" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeSelector" + } + ], + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.NodeCondition": { + "description": "NodeCondition contains condition information for a node.", + "properties": { + "lastHeartbeatTime": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "Last time we got an update on a given condition." + }, + "lastTransitionTime": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "Last time the condition transit from one status to another." + }, + "message": { + "description": "Human readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "(brief) reason for the condition's last transition.", + "type": "string" + }, + "status": { + "default": "", + "description": "Status of the condition, one of True, False, Unknown.", + "type": "string" + }, + "type": { + "default": "", + "description": "Type of node condition.", + "type": "string" + } + }, + "required": [ + "type", + "status" + ], + "type": "object" + }, + "io.k8s.api.core.v1.NodeConfigSource": { + "description": "NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22", + "properties": { + "configMap": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapNodeConfigSource" + } + ], + "description": "ConfigMap is a reference to a Node's ConfigMap" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.NodeConfigStatus": { + "description": "NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource.", + "properties": { + "active": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeConfigSource" + } + ], + "description": "Active reports the checkpointed config the node is actively using. Active will represent either the current version of the Assigned config, or the current LastKnownGood config, depending on whether attempting to use the Assigned config results in an error." + }, + "assigned": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeConfigSource" + } + ], + "description": "Assigned reports the checkpointed config the node will try to use. When Node.Spec.ConfigSource is updated, the node checkpoints the associated config payload to local disk, along with a record indicating intended config. The node refers to this record to choose its config checkpoint, and reports this record in Assigned. Assigned only updates in the status after the record has been checkpointed to disk. When the Kubelet is restarted, it tries to make the Assigned config the Active config by loading and validating the checkpointed payload identified by Assigned." + }, + "error": { + "description": "Error describes any problems reconciling the Spec.ConfigSource to the Active config. Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting to load or validate the Assigned config, etc. Errors may occur at different points while syncing config. Earlier errors (e.g. download or checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error by fixing the config assigned in Spec.ConfigSource. You can find additional information for debugging by searching the error message in the Kubelet log. Error is a human-readable description of the error state; machines can check whether or not Error is empty, but should not rely on the stability of the Error text across Kubelet versions.", + "type": "string" + }, + "lastKnownGood": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeConfigSource" + } + ], + "description": "LastKnownGood reports the checkpointed config the node will fall back to when it encounters an error attempting to use the Assigned config. The Assigned config becomes the LastKnownGood config when the node determines that the Assigned config is stable and correct. This is currently implemented as a 10-minute soak period starting when the local record of Assigned config is updated. If the Assigned config is Active at the end of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, because the local default config is always assumed good. You should not make assumptions about the node's method of determining config stability and correctness, as this may change or become configurable in the future." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.NodeDaemonEndpoints": { + "description": "NodeDaemonEndpoints lists ports opened by daemons running on the Node.", + "properties": { + "kubeletEndpoint": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.DaemonEndpoint" + } + ], + "default": {}, + "description": "Endpoint on which Kubelet is listening." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.NodeFeatures": { + "description": "NodeFeatures describes the set of features implemented by the CRI implementation. The features contained in the NodeFeatures should depend only on the cri implementation independent of runtime handlers.", + "properties": { + "supplementalGroupsPolicy": { + "description": "SupplementalGroupsPolicy is set to true if the runtime supports SupplementalGroupsPolicy and ContainerUser.", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.NodeList": { + "description": "NodeList is the whole list of all Nodes which have been registered with master.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of nodes", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "NodeList", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.NodeRuntimeHandler": { + "description": "NodeRuntimeHandler is a set of runtime handler information.", + "properties": { + "features": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeRuntimeHandlerFeatures" + } + ], + "description": "Supported features." + }, + "name": { + "default": "", + "description": "Runtime handler name. Empty for the default runtime handler.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.NodeRuntimeHandlerFeatures": { + "description": "NodeRuntimeHandlerFeatures is a set of features implemented by the runtime handler.", + "properties": { + "recursiveReadOnlyMounts": { + "description": "RecursiveReadOnlyMounts is set to true if the runtime handler supports RecursiveReadOnlyMounts.", + "type": "boolean" + }, + "userNamespaces": { + "description": "UserNamespaces is set to true if the runtime handler supports UserNamespaces, including for volumes.", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.NodeSelector": { + "description": "A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeSelectorTerm" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.NodeSelectorRequirement": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "default": "", + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "default": "", + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "io.k8s.api.core.v1.NodeSelectorTerm": { + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeSelectorRequirement" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeSelectorRequirement" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.NodeSpec": { + "description": "NodeSpec describes the attributes that a node is created with.", + "properties": { + "configSource": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeConfigSource" + } + ], + "description": "Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed." + }, + "externalID": { + "description": "Deprecated. Not all kubelets will set this field. Remove field after 1.13. see: https://issues.k8s.io/61966", + "type": "string" + }, + "podCIDR": { + "description": "PodCIDR represents the pod IP range assigned to the node.", + "type": "string" + }, + "podCIDRs": { + "description": "podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for each of IPv4 and IPv6.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set", + "x-kubernetes-patch-strategy": "merge" + }, + "providerID": { + "description": "ID of the node assigned by the cloud provider in the format: ://", + "type": "string" + }, + "taints": { + "description": "If specified, the node's taints.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Taint" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "unschedulable": { + "description": "Unschedulable controls node schedulability of new pods. By default, node is schedulable. More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.NodeStatus": { + "description": "NodeStatus is information about the current status of a node.", + "properties": { + "addresses": { + "description": "List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/reference/node/node-status/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See https://pr.k8s.io/79391 for an example. Consumers should assume that addresses can change during the lifetime of a Node. However, there are some exceptions where this may not be possible, such as Pods that inherit a Node's address in its own status or consumers of the downward API (status.hostIP).", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeAddress" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "allocatable": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "Allocatable represents the resources of a node that are available for scheduling. Defaults to Capacity.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "Capacity represents the total resources of a node. More info: https://kubernetes.io/docs/reference/node/node-status/#capacity", + "type": "object" + }, + "conditions": { + "description": "Conditions is an array of current observed node conditions. More info: https://kubernetes.io/docs/reference/node/node-status/#condition", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeCondition" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "config": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeConfigStatus" + } + ], + "description": "Status of the config assigned to the node via the dynamic Kubelet config feature." + }, + "daemonEndpoints": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeDaemonEndpoints" + } + ], + "default": {}, + "description": "Endpoints of daemons running on the Node." + }, + "features": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeFeatures" + } + ], + "description": "Features describes the set of features implemented by the CRI implementation." + }, + "images": { + "description": "List of container images on this node", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ContainerImage" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "nodeInfo": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeSystemInfo" + } + ], + "default": {}, + "description": "Set of ids/uuids to uniquely identify the node. More info: https://kubernetes.io/docs/reference/node/node-status/#info" + }, + "phase": { + "description": "NodePhase is the recently observed lifecycle phase of the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#phase The field is never populated, and now is deprecated.", + "type": "string" + }, + "runtimeHandlers": { + "description": "The available runtime handlers.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeRuntimeHandler" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "volumesAttached": { + "description": "List of volumes that are attached to the node.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.AttachedVolume" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "volumesInUse": { + "description": "List of attachable volumes in use (mounted) by the node.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.NodeSwapStatus": { + "description": "NodeSwapStatus represents swap memory information.", + "properties": { + "capacity": { + "description": "Total amount of swap memory in bytes.", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.NodeSystemInfo": { + "description": "NodeSystemInfo is a set of ids/uuids to uniquely identify the node.", + "properties": { + "architecture": { + "default": "", + "description": "The Architecture reported by the node", + "type": "string" + }, + "bootID": { + "default": "", + "description": "Boot ID reported by the node.", + "type": "string" + }, + "containerRuntimeVersion": { + "default": "", + "description": "ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2).", + "type": "string" + }, + "kernelVersion": { + "default": "", + "description": "Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).", + "type": "string" + }, + "kubeProxyVersion": { + "default": "", + "description": "Deprecated: KubeProxy Version reported by the node.", + "type": "string" + }, + "kubeletVersion": { + "default": "", + "description": "Kubelet Version reported by the node.", + "type": "string" + }, + "machineID": { + "default": "", + "description": "MachineID reported by the node. For unique machine identification in the cluster this field is preferred. Learn more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html", + "type": "string" + }, + "operatingSystem": { + "default": "", + "description": "The Operating System reported by the node", + "type": "string" + }, + "osImage": { + "default": "", + "description": "OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).", + "type": "string" + }, + "swap": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeSwapStatus" + } + ], + "description": "Swap Info reported by the node." + }, + "systemUUID": { + "default": "", + "description": "SystemUUID reported by the node. For unique machine identification MachineID is preferred. This field is specific to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid", + "type": "string" + } + }, + "required": [ + "machineID", + "systemUUID", + "bootID", + "kernelVersion", + "osImage", + "containerRuntimeVersion", + "kubeletVersion", + "kubeProxyVersion", + "operatingSystem", + "architecture" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ObjectFieldSelector": { + "description": "ObjectFieldSelector selects an APIVersioned field of an object.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "default": "", + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ObjectReference": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.PersistentVolume": { + "description": "PersistentVolume (PV) is a storage resource provisioned by an administrator. It is analogous to a node. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeSpec" + } + ], + "default": {}, + "description": "spec defines a specification of a persistent volume owned by the cluster. Provisioned by an administrator. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes" + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeStatus" + } + ], + "default": {}, + "description": "status represents the current information/status for the persistent volume. Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "PersistentVolume", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.PersistentVolumeClaim": { + "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimSpec" + } + ], + "default": {}, + "description": "spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimStatus" + } + ], + "default": {}, + "description": "status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.PersistentVolumeClaimCondition": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "properties": { + "lastProbeTime": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "lastProbeTime is the time we probed the condition." + }, + "lastTransitionTime": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "lastTransitionTime is the time the condition transitioned from one status to another." + }, + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"Resizing\" that means the underlying persistent volume is being resized.", + "type": "string" + }, + "status": { + "default": "", + "description": "Status is the status of the condition. Can be True, False, Unknown. More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string" + }, + "type": { + "default": "", + "description": "Type is the type of the condition. More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", + "type": "string" + } + }, + "required": [ + "type", + "status" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimList": { + "description": "PersistentVolumeClaimList is a list of PersistentVolumeClaim items.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is a list of persistent volume claims. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "PersistentVolumeClaimList", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.PersistentVolumeClaimSpec": { + "description": "PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes", + "properties": { + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.TypedLocalObjectReference" + } + ], + "description": "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." + }, + "dataSourceRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.TypedObjectReference" + } + ], + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + }, + "resources": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.VolumeResourceRequirements" + } + ], + "default": {}, + "description": "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + }, + "selector": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + } + ], + "description": "selector is a label query over volumes to consider for binding." + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimStatus": { + "description": "PersistentVolumeClaimStatus is the current status of a persistent volume claim.", + "properties": { + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "allocatedResourceStatuses": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object" + }, + "capacity": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object" + }, + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'Resizing'.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimCondition" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim This is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "type": "string" + }, + "modifyVolumeStatus": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ModifyVolumeStatus" + } + ], + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. This is a beta field and requires enabling VolumeAttributesClass feature (off by default)." + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimTemplate": { + "description": "PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.", + "properties": { + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation." + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimSpec" + } + ], + "default": {}, + "description": "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here." + } + }, + "required": [ + "spec" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource": { + "description": "PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).", + "properties": { + "claimName": { + "default": "", + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string" + }, + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts. Default false.", + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeList": { + "description": "PersistentVolumeList is a list of PersistentVolume items.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is a list of persistent volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "PersistentVolumeList", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.PersistentVolumeSpec": { + "description": "PersistentVolumeSpec is the specification of a persistent volume.", + "properties": { + "accessModes": { + "description": "accessModes contains all ways the volume can be mounted. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "awsElasticBlockStore": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource" + } + ], + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + }, + "azureDisk": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.AzureDiskVolumeSource" + } + ], + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver." + }, + "azureFile": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.AzureFilePersistentVolumeSource" + } + ], + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver." + }, + "capacity": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "capacity is the description of the persistent volume's resources and capacity. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity", + "type": "object" + }, + "cephfs": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.CephFSPersistentVolumeSource" + } + ], + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported." + }, + "cinder": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.CinderPersistentVolumeSource" + } + ], + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + }, + "claimRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + } + ], + "description": "claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding", + "x-kubernetes-map-type": "granular" + }, + "csi": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.CSIPersistentVolumeSource" + } + ], + "description": "csi represents storage that is handled by an external CSI driver." + }, + "fc": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.FCVolumeSource" + } + ], + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + }, + "flexVolume": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.FlexPersistentVolumeSource" + } + ], + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead." + }, + "flocker": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.FlockerVolumeSource" + } + ], + "description": "flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported." + }, + "gcePersistentDisk": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.GCEPersistentDiskVolumeSource" + } + ], + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + }, + "glusterfs": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.GlusterfsPersistentVolumeSource" + } + ], + "description": "glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md" + }, + "hostPath": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.HostPathVolumeSource" + } + ], + "description": "hostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + }, + "iscsi": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ISCSIPersistentVolumeSource" + } + ], + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin." + }, + "local": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalVolumeSource" + } + ], + "description": "local represents directly-attached storage with node affinity" + }, + "mountOptions": { + "description": "mountOptions is the list of mount options, e.g. [\"ro\", \"soft\"]. Not validated - mount will simply fail if one is invalid. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "nfs": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NFSVolumeSource" + } + ], + "description": "nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + }, + "nodeAffinity": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.VolumeNodeAffinity" + } + ], + "description": "nodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume." + }, + "persistentVolumeReclaimPolicy": { + "description": "persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. Valid options are Retain (default for manually created PersistentVolumes), Delete (default for dynamically provisioned PersistentVolumes), and Recycle (deprecated). Recycle must be supported by the volume plugin underlying this PersistentVolume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming", + "type": "string" + }, + "photonPersistentDisk": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource" + } + ], + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported." + }, + "portworxVolume": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PortworxVolumeSource" + } + ], + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on." + }, + "quobyte": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.QuobyteVolumeSource" + } + ], + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported." + }, + "rbd": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.RBDPersistentVolumeSource" + } + ], + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md" + }, + "scaleIO": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ScaleIOPersistentVolumeSource" + } + ], + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported." + }, + "storageClassName": { + "description": "storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value means that this volume does not belong to any StorageClass.", + "type": "string" + }, + "storageos": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.StorageOSPersistentVolumeSource" + } + ], + "description": "storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. More info: https://examples.k8s.io/volumes/storageos/README.md" + }, + "volumeAttributesClassName": { + "description": "Name of VolumeAttributesClass to which this persistent volume belongs. Empty value is not allowed. When this field is not set, it indicates that this volume does not belong to any VolumeAttributesClass. This field is mutable and can be changed by the CSI driver after a volume has been updated successfully to a new class. For an unbound PersistentVolume, the volumeAttributesClassName will be matched with unbound PersistentVolumeClaims during the binding process. This is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec.", + "type": "string" + }, + "vsphereVolume": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource" + } + ], + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PersistentVolumeStatus": { + "description": "PersistentVolumeStatus is the current status of a persistent volume.", + "properties": { + "lastPhaseTransitionTime": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "lastPhaseTransitionTime is the time the phase transitioned from one to another and automatically resets to current time everytime a volume phase transitions." + }, + "message": { + "description": "message is a human-readable message indicating details about why the volume is in this state.", + "type": "string" + }, + "phase": { + "description": "phase indicates if a volume is available, bound to a claim, or released by a claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase", + "type": "string" + }, + "reason": { + "description": "reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource": { + "description": "Represents a Photon Controller persistent disk resource.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "pdID": { + "default": "", + "description": "pdID is the ID that identifies Photon Controller persistent disk", + "type": "string" + } + }, + "required": [ + "pdID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Pod": { + "description": "Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodSpec" + } + ], + "default": {}, + "description": "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodStatus" + } + ], + "default": {}, + "description": "Most recently observed status of the pod. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "Pod", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.PodAffinity": { + "description": "Pod affinity is a group of inter pod affinity scheduling rules.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.WeightedPodAffinityTerm" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodAffinityTerm" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodAffinityTerm": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", + "properties": { + "labelSelector": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + } + ], + "description": "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods." + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + } + ], + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces." + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "default": "", + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodAntiAffinity": { + "description": "Pod anti affinity is a group of inter pod anti affinity scheduling rules.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting \"weight\" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.WeightedPodAffinityTerm" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodAffinityTerm" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodCondition": { + "description": "PodCondition contains details for the current condition of this pod.", + "properties": { + "lastProbeTime": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "Last time we probed the condition." + }, + "lastTransitionTime": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "Last time the condition transitioned from one status to another." + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "observedGeneration": { + "description": "If set, this represents the .metadata.generation that the pod condition was set based upon. This is an alpha field. Enable PodObservedGenerationTracking to be able to use this field.", + "format": "int64", + "type": "integer" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "default": "", + "description": "Status is the status of the condition. Can be True, False, Unknown. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions", + "type": "string" + }, + "type": { + "default": "", + "description": "Type is the type of the condition. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions", + "type": "string" + } + }, + "required": [ + "type", + "status" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodDNSConfig": { + "description": "PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.", + "properties": { + "nameservers": { + "description": "A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "options": { + "description": "A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodDNSConfigOption" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "searches": { + "description": "A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodDNSConfigOption": { + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", + "properties": { + "name": { + "description": "Name is this DNS resolver option's name. Required.", + "type": "string" + }, + "value": { + "description": "Value is this DNS resolver option's value.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodIP": { + "description": "PodIP represents a single IP address allocated to the pod.", + "properties": { + "ip": { + "default": "", + "description": "IP is the IP address assigned to the pod", + "type": "string" + } + }, + "required": [ + "ip" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodList": { + "description": "PodList is a list of Pods.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of pods. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "PodList", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.PodOS": { + "description": "PodOS defines the OS parameters of a pod.", + "properties": { + "name": { + "default": "", + "description": "Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodReadinessGate": { + "description": "PodReadinessGate contains the reference to a pod condition", + "properties": { + "conditionType": { + "default": "", + "description": "ConditionType refers to a condition in the pod's condition list with matching type.", + "type": "string" + } + }, + "required": [ + "conditionType" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodResourceClaim": { + "description": "PodResourceClaim references exactly one ResourceClaim, either directly or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim for the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.", + "properties": { + "name": { + "default": "", + "description": "Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL.", + "type": "string" + }, + "resourceClaimName": { + "description": "ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must be set.", + "type": "string" + }, + "resourceClaimTemplateName": { + "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must be set.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodResourceClaimStatus": { + "description": "PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim which references a ResourceClaimTemplate. It stores the generated name for the corresponding ResourceClaim.", + "properties": { + "name": { + "default": "", + "description": "Name uniquely identifies this resource claim inside the pod. This must match the name of an entry in pod.spec.resourceClaims, which implies that the string must be a DNS_LABEL.", + "type": "string" + }, + "resourceClaimName": { + "description": "ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod. If this is unset, then generating a ResourceClaim was not necessary. The pod.spec.resourceClaims entry can be ignored in this case.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodSchedulingGate": { + "description": "PodSchedulingGate is associated to a Pod to guard its scheduling.", + "properties": { + "name": { + "default": "", + "description": "Name of the scheduling gate. Each scheduling gate must have a unique name field.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodSecurityContext": { + "description": "PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.", + "properties": { + "appArmorProfile": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.AppArmorProfile" + } + ], + "description": "appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows." + }, + "fsGroup": { + "description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxChangePolicy": { + "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. \"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used. If not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes and \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "seLinuxOptions": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SELinuxOptions" + } + ], + "description": "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows." + }, + "seccompProfile": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SeccompProfile" + } + ], + "description": "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows." + }, + "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.", + "items": { + "default": 0, + "format": "int64", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroupsPolicy": { + "description": "Defines how supplemental groups of the first container processes are calculated. Valid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Sysctl" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "windowsOptions": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.WindowsSecurityContextOptions" + } + ], + "description": "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodSpec": { + "description": "PodSpec is a description of a pod.", + "properties": { + "activeDeadlineSeconds": { + "description": "Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.", + "format": "int64", + "type": "integer" + }, + "affinity": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Affinity" + } + ], + "description": "If specified, the pod's scheduling constraints" + }, + "automountServiceAccountToken": { + "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.", + "type": "boolean" + }, + "containers": { + "description": "List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Container" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "dnsConfig": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodDNSConfig" + } + ], + "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy." + }, + "dnsPolicy": { + "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.", + "type": "string" + }, + "enableServiceLinks": { + "description": "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.", + "type": "boolean" + }, + "ephemeralContainers": { + "description": "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EphemeralContainer" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "hostAliases": { + "description": "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.HostAlias" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "ip" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "ip", + "x-kubernetes-patch-strategy": "merge" + }, + "hostIPC": { + "description": "Use the host's ipc namespace. Optional: Default to false.", + "type": "boolean" + }, + "hostNetwork": { + "description": "Host networking requested for this pod. Use the host's network namespace. When using HostNetwork you should specify ports so the scheduler is aware. When `hostNetwork` is true, specified `hostPort` fields in port definitions must match `containerPort`, and unspecified `hostPort` fields in port definitions are defaulted to match `containerPort`. Default to false.", + "type": "boolean" + }, + "hostPID": { + "description": "Use the host's pid namespace. Optional: Default to false.", + "type": "boolean" + }, + "hostUsers": { + "description": "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.", + "type": "boolean" + }, + "hostname": { + "description": "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.", + "type": "string" + }, + "imagePullSecrets": { + "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "initContainers": { + "description": "List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Container" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "nodeName": { + "description": "NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename", + "type": "string" + }, + "nodeSelector": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "os": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodOS" + } + ], + "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup" + }, + "overhead": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md", + "type": "object" + }, + "preemptionPolicy": { + "description": "PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.", + "type": "string" + }, + "priority": { + "description": "The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.", + "format": "int32", + "type": "integer" + }, + "priorityClassName": { + "description": "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.", + "type": "string" + }, + "readinessGates": { + "description": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodReadinessGate" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resourceClaims": { + "description": "ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodResourceClaim" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge,retainKeys" + }, + "resources": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceRequirements" + } + ], + "description": "Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for \"cpu\" and \"memory\" resource names only. ResourceClaims are not supported.\n\nThis field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod.\n\nThis is an alpha field and requires enabling the PodLevelResources feature gate." + }, + "restartPolicy": { + "description": "Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy", + "type": "string" + }, + "runtimeClassName": { + "description": "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class", + "type": "string" + }, + "schedulerName": { + "description": "If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.", + "type": "string" + }, + "schedulingGates": { + "description": "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodSchedulingGate" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "securityContext": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodSecurityContext" + } + ], + "description": "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field." + }, + "serviceAccount": { + "description": "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.", + "type": "string" + }, + "serviceAccountName": { + "description": "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", + "type": "string" + }, + "setHostnameAsFQDN": { + "description": "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false.", + "type": "boolean" + }, + "shareProcessNamespace": { + "description": "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.", + "type": "boolean" + }, + "subdomain": { + "description": "If specified, the fully qualified Pod hostname will be \"...svc.\". If not specified, the pod will not have a domainname at all.", + "type": "string" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.", + "format": "int64", + "type": "integer" + }, + "tolerations": { + "description": "If specified, the pod's tolerations.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Toleration" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologySpreadConstraints": { + "description": "TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.TopologySpreadConstraint" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "topologyKey", + "x-kubernetes-patch-strategy": "merge" + }, + "volumes": { + "description": "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Volume" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge,retainKeys" + } + }, + "required": [ + "containers" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PodStatus": { + "description": "PodStatus represents information about the status of a pod. Status may trail the actual state of a system, especially if the node that hosts the pod cannot contact the control plane.", + "properties": { + "conditions": { + "description": "Current service state of pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodCondition" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "containerStatuses": { + "description": "Statuses of containers in this pod. Each container in the pod should have at most one status in this list, and all statuses should be for containers in the pod. However this is not enforced. If a status for a non-existent container is present in the list, or the list has duplicate names, the behavior of various Kubernetes components is not defined and those statuses might be ignored. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ContainerStatus" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ephemeralContainerStatuses": { + "description": "Statuses for any ephemeral containers that have run in this pod. Each ephemeral container in the pod should have at most one status in this list, and all statuses should be for containers in the pod. However this is not enforced. If a status for a non-existent container is present in the list, or the list has duplicate names, the behavior of various Kubernetes components is not defined and those statuses might be ignored. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ContainerStatus" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "hostIP": { + "description": "hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will not be updated even if there is a node is assigned to pod", + "type": "string" + }, + "hostIPs": { + "description": "hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must match the hostIP field. This list is empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will not be updated even if there is a node is assigned to this pod.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.HostIP" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic", + "x-kubernetes-patch-merge-key": "ip", + "x-kubernetes-patch-strategy": "merge" + }, + "initContainerStatuses": { + "description": "Statuses of init containers in this pod. The most recent successful non-restartable init container will have ready = true, the most recently started container will have startTime set. Each init container in the pod should have at most one status in this list, and all statuses should be for containers in the pod. However this is not enforced. If a status for a non-existent container is present in the list, or the list has duplicate names, the behavior of various Kubernetes components is not defined and those statuses might be ignored. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-and-container-status", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ContainerStatus" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "message": { + "description": "A human readable message indicating details about why the pod is in this condition.", + "type": "string" + }, + "nominatedNodeName": { + "description": "nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be scheduled right away as preemption victims receive their graceful termination periods. This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to give the resources on this node to a higher priority pod that is created after preemption. As a result, this field may be different than PodSpec.nodeName when the pod is scheduled.", + "type": "string" + }, + "observedGeneration": { + "description": "If set, this represents the .metadata.generation that the pod status was set based upon. This is an alpha field. Enable PodObservedGenerationTracking to be able to use this field.", + "format": "int64", + "type": "integer" + }, + "phase": { + "description": "The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. The conditions array, the reason and message fields, and the individual container status arrays contain more detail about the pod's status. There are five possible phase values:\n\nPending: The pod has been accepted by the Kubernetes system, but one or more of the container images has not been created. This includes time before being scheduled as well as time spent downloading images over the network, which could take a while. Running: The pod has been bound to a node, and all of the containers have been created. At least one container is still running, or is in the process of starting or restarting. Succeeded: All containers in the pod have terminated in success, and will not be restarted. Failed: All containers in the pod have terminated, and at least one container has terminated in failure. The container either exited with non-zero status or was terminated by the system. Unknown: For some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod.\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase", + "type": "string" + }, + "podIP": { + "description": "podIP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.", + "type": "string" + }, + "podIPs": { + "description": "podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list is empty if no IPs have been allocated yet.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodIP" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "ip" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "ip", + "x-kubernetes-patch-strategy": "merge" + }, + "qosClass": { + "description": "The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes", + "type": "string" + }, + "reason": { + "description": "A brief CamelCase message indicating details about why the pod is in this state. e.g. 'Evicted'", + "type": "string" + }, + "resize": { + "description": "Status of resources resize desired for pod's containers. It is empty if no resources resize is pending. Any changes to container resources will automatically set this to \"Proposed\" Deprecated: Resize status is moved to two pod conditions PodResizePending and PodResizeInProgress. PodResizePending will track states where the spec has been resized, but the Kubelet has not yet allocated the resources. PodResizeInProgress will track in-progress resizes, and should be present whenever allocated resources != acknowledged resources.", + "type": "string" + }, + "resourceClaimStatuses": { + "description": "Status of resource claims.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodResourceClaimStatus" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge,retainKeys" + }, + "startTime": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "RFC 3339 date and time at which the object was acknowledged by the Kubelet. This is before the Kubelet pulled the container image(s) for the pod." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PodTemplate": { + "description": "PodTemplate describes a template for creating copies of a predefined pod.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "template": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateSpec" + } + ], + "default": {}, + "description": "Template defines the pods that will be created from this pod template. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "PodTemplate", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.PodTemplateList": { + "description": "PodTemplateList is a list of PodTemplates.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of pod templates", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "PodTemplateList", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.PodTemplateSpec": { + "description": "PodTemplateSpec describes the data a pod should have when created from a template", + "properties": { + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodSpec" + } + ], + "default": {}, + "description": "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.PortStatus": { + "description": "PortStatus represents the error condition of a service port", + "properties": { + "error": { + "description": "Error is to record the problem with the service port The format of the error shall comply with the following rules: - built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase.", + "type": "string" + }, + "port": { + "default": 0, + "description": "Port is the port number of the service port of which status is recorded here", + "format": "int32", + "type": "integer" + }, + "protocol": { + "default": "", + "description": "Protocol is the protocol of the service port of which status is recorded here The supported values are: \"TCP\", \"UDP\", \"SCTP\"", + "type": "string" + } + }, + "required": [ + "port", + "protocol" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PortworxVolumeSource": { + "description": "PortworxVolumeSource represents a Portworx volume resource.", + "properties": { + "fsType": { + "description": "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "volumeID": { + "default": "", + "description": "volumeID uniquely identifies a Portworx volume", + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.PreferredSchedulingTerm": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeSelectorTerm" + } + ], + "default": {}, + "description": "A node selector term, associated with the corresponding weight." + }, + "weight": { + "default": 0, + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "weight", + "preference" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Probe": { + "description": "Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.", + "properties": { + "exec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ExecAction" + } + ], + "description": "Exec specifies a command to execute in the container." + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.GRPCAction" + } + ], + "description": "GRPC specifies a GRPC HealthCheckRequest." + }, + "httpGet": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.HTTPGetAction" + } + ], + "description": "HTTPGet specifies an HTTP GET request to perform." + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.TCPSocketAction" + } + ], + "description": "TCPSocket specifies a connection to a TCP port." + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ProjectedVolumeSource": { + "description": "Represents a projected volume source", + "properties": { + "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "sources": { + "description": "sources is the list of volume projections. Each entry in this list handles one source.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.VolumeProjection" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.QuobyteVolumeSource": { + "description": "Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.", + "properties": { + "group": { + "description": "group to map volume access to Default is no group", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", + "type": "boolean" + }, + "registry": { + "default": "", + "description": "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", + "type": "string" + }, + "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", + "type": "string" + }, + "user": { + "description": "user to map volume access to Defaults to serivceaccount user", + "type": "string" + }, + "volume": { + "default": "", + "description": "volume is a string that references an already created Quobyte volume by name.", + "type": "string" + } + }, + "required": [ + "registry", + "volume" + ], + "type": "object" + }, + "io.k8s.api.core.v1.RBDPersistentVolumeSource": { + "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", + "type": "string" + }, + "image": { + "default": "", + "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "keyring": { + "default": "/etc/ceph/keyring", + "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "monitors": { + "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "pool": { + "default": "rbd", + "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "boolean" + }, + "secretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretReference" + } + ], + "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + }, + "user": { + "default": "admin", + "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "monitors", + "image" + ], + "type": "object" + }, + "io.k8s.api.core.v1.RBDVolumeSource": { + "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", + "type": "string" + }, + "image": { + "default": "", + "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "keyring": { + "default": "/etc/ceph/keyring", + "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "monitors": { + "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "pool": { + "default": "rbd", + "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "boolean" + }, + "secretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + } + ], + "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + }, + "user": { + "default": "admin", + "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string" + } + }, + "required": [ + "monitors", + "image" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ReplicationController": { + "description": "ReplicationController represents the configuration of a replication controller.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "If the Labels of a ReplicationController are empty, they are defaulted to be the same as the Pod(s) that the replication controller manages. Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationControllerSpec" + } + ], + "default": {}, + "description": "Spec defines the specification of the desired behavior of the replication controller. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationControllerStatus" + } + ], + "default": {}, + "description": "Status is the most recently observed status of the replication controller. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "ReplicationController", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.ReplicationControllerCondition": { + "description": "ReplicationControllerCondition describes the state of a replication controller at a certain point.", + "properties": { + "lastTransitionTime": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "The last time the condition transitioned from one status to another." + }, + "message": { + "description": "A human readable message indicating details about the transition.", + "type": "string" + }, + "reason": { + "description": "The reason for the condition's last transition.", + "type": "string" + }, + "status": { + "default": "", + "description": "Status of the condition, one of True, False, Unknown.", + "type": "string" + }, + "type": { + "default": "", + "description": "Type of replication controller condition.", + "type": "string" + } + }, + "required": [ + "type", + "status" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ReplicationControllerList": { + "description": "ReplicationControllerList is a collection of replication controllers.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of replication controllers. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "ReplicationControllerList", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.ReplicationControllerSpec": { + "description": "ReplicationControllerSpec is the specification of a replication controller.", + "properties": { + "minReadySeconds": { + "default": 0, + "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)", + "format": "int32", + "type": "integer" + }, + "replicas": { + "default": 1, + "description": "Replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller", + "format": "int32", + "type": "integer" + }, + "selector": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Selector is a label query over pods that should match the Replicas count. If Selector is empty, it is defaulted to the labels present on the Pod template. Label keys and values that must match in order to be controlled by this replication controller, if empty defaulted to labels on Pod template. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "template": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateSpec" + } + ], + "description": "Template is the object that describes the pod that will be created if insufficient replicas are detected. This takes precedence over a TemplateRef. The only allowed template.spec.restartPolicy value is \"Always\". More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ReplicationControllerStatus": { + "description": "ReplicationControllerStatus represents the current status of a replication controller.", + "properties": { + "availableReplicas": { + "description": "The number of available replicas (ready for at least minReadySeconds) for this replication controller.", + "format": "int32", + "type": "integer" + }, + "conditions": { + "description": "Represents the latest available observations of a replication controller's current state.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationControllerCondition" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "fullyLabeledReplicas": { + "description": "The number of pods that have labels matching the labels of the pod template of the replication controller.", + "format": "int32", + "type": "integer" + }, + "observedGeneration": { + "description": "ObservedGeneration reflects the generation of the most recently observed replication controller.", + "format": "int64", + "type": "integer" + }, + "readyReplicas": { + "description": "The number of ready replicas for this replication controller.", + "format": "int32", + "type": "integer" + }, + "replicas": { + "default": 0, + "description": "Replicas is the most recently observed number of replicas. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "replicas" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ResourceClaim": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "default": "", + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ResourceFieldSelector": { + "description": "ResourceFieldSelector represents container resources (cpu, memory) and their output format", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"" + }, + "resource": { + "default": "", + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ResourceHealth": { + "description": "ResourceHealth represents the health of a resource. It has the latest device health information. This is a part of KEP https://kep.k8s.io/4680.", + "properties": { + "health": { + "description": "Health of the resource. can be one of:\n - Healthy: operates as normal\n - Unhealthy: reported unhealthy. We consider this a temporary health issue\n since we do not have a mechanism today to distinguish\n temporary and permanent issues.\n - Unknown: The status cannot be determined.\n For example, Device Plugin got unregistered and hasn't been re-registered since.\n\nIn future we may want to introduce the PermanentlyUnhealthy Status.", + "type": "string" + }, + "resourceID": { + "default": "", + "description": "ResourceID is the unique identifier of the resource. See the ResourceID type for more information.", + "type": "string" + } + }, + "required": [ + "resourceID" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ResourceQuota": { + "description": "ResourceQuota sets aggregate quota restrictions enforced per namespace", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaSpec" + } + ], + "default": {}, + "description": "Spec defines the desired quota. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaStatus" + } + ], + "default": {}, + "description": "Status defines the actual enforced quota and its current usage. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "ResourceQuota", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.ResourceQuotaList": { + "description": "ResourceQuotaList is a list of ResourceQuota items.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is a list of ResourceQuota objects. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "ResourceQuotaList", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.ResourceQuotaSpec": { + "description": "ResourceQuotaSpec defines the desired hard limits to enforce for Quota.", + "properties": { + "hard": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", + "type": "object" + }, + "scopeSelector": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ScopeSelector" + } + ], + "description": "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched." + }, + "scopes": { + "description": "A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ResourceQuotaStatus": { + "description": "ResourceQuotaStatus defines the enforced hard limits and observed use.", + "properties": { + "hard": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", + "type": "object" + }, + "used": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "Used is the current observed total usage of the resource in the namespace.", + "type": "object" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ResourceRequirements": { + "description": "ResourceRequirements describes the compute resource requirements.", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceClaim" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ResourceStatus": { + "description": "ResourceStatus represents the status of a single resource allocated to a Pod.", + "properties": { + "name": { + "default": "", + "description": "Name of the resource. Must be unique within the pod and in case of non-DRA resource, match one of the resources from the pod spec. For DRA resources, the value must be \"claim:/\". When this status is reported about a container, the \"claim_name\" and \"request\" must match one of the claims of this container.", + "type": "string" + }, + "resources": { + "description": "List of unique resources health. Each element in the list contains an unique resource ID and its health. At a minimum, for the lifetime of a Pod, resource ID must uniquely identify the resource allocated to the Pod on the Node. If other Pod on the same Node reports the status with the same resource ID, it must be the same resource they share. See ResourceID type definition for a specific format it has in various use cases.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceHealth" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "resourceID" + ], + "x-kubernetes-list-type": "map" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.SELinuxOptions": { + "description": "SELinuxOptions are the labels to be applied to the container", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ScaleIOPersistentVolumeSource": { + "description": "ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume", + "properties": { + "fsType": { + "default": "xfs", + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"", + "type": "string" + }, + "gateway": { + "default": "", + "description": "gateway is the host address of the ScaleIO API Gateway.", + "type": "string" + }, + "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretReference" + } + ], + "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + }, + "sslEnabled": { + "description": "sslEnabled is the flag to enable/disable SSL communication with Gateway, default false", + "type": "boolean" + }, + "storageMode": { + "default": "ThinProvisioned", + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", + "type": "string" + }, + "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", + "type": "string" + }, + "system": { + "default": "", + "description": "system is the name of the storage system as configured in ScaleIO.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", + "type": "string" + } + }, + "required": [ + "gateway", + "system", + "secretRef" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ScaleIOVolumeSource": { + "description": "ScaleIOVolumeSource represents a persistent ScaleIO volume", + "properties": { + "fsType": { + "default": "xfs", + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", + "type": "string" + }, + "gateway": { + "default": "", + "description": "gateway is the host address of the ScaleIO API Gateway.", + "type": "string" + }, + "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", + "type": "string" + }, + "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + } + ], + "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail." + }, + "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", + "type": "boolean" + }, + "storageMode": { + "default": "ThinProvisioned", + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", + "type": "string" + }, + "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", + "type": "string" + }, + "system": { + "default": "", + "description": "system is the name of the storage system as configured in ScaleIO.", + "type": "string" + }, + "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", + "type": "string" + } + }, + "required": [ + "gateway", + "system", + "secretRef" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ScopeSelector": { + "description": "A scope selector represents the AND of the selectors represented by the scoped-resource selector requirements.", + "properties": { + "matchExpressions": { + "description": "A list of scope selector requirements by scope of the resources.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ScopedResourceSelectorRequirement" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ScopedResourceSelectorRequirement": { + "description": "A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values.", + "properties": { + "operator": { + "default": "", + "description": "Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.", + "type": "string" + }, + "scopeName": { + "default": "", + "description": "The name of the scope that the selector applies to.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "scopeName", + "operator" + ], + "type": "object" + }, + "io.k8s.api.core.v1.SeccompProfile": { + "description": "SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" + }, + "type": { + "default": "", + "description": "type indicates which kind of seccomp profile will be applied. Valid options are:\n\nLocalhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "localhostProfile": "LocalhostProfile" + } + } + ] + }, + "io.k8s.api.core.v1.Secret": { + "description": "Secret holds secret data of a certain type. The total bytes of the values in the Data field must be less than MaxSecretSize bytes.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "data": { + "additionalProperties": { + "format": "byte", + "type": "string" + }, + "description": "Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4", + "type": "object" + }, + "immutable": { + "description": "Immutable, if set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.", + "type": "boolean" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "stringData": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "stringData allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API.", + "type": "object" + }, + "type": { + "description": "Used to facilitate programmatic handling of secret data. More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "Secret", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.SecretEnvSource": { + "description": "SecretEnvSource selects a Secret to populate the environment variables with.\n\nThe contents of the target Secret's Data field will represent the key-value pairs as environment variables.", + "properties": { + "name": { + "default": "", + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SecretKeySelector": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "default": "", + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.SecretList": { + "description": "SecretList is a list of Secret.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is a list of secret objects. More info: https://kubernetes.io/docs/concepts/configuration/secret", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "SecretList", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.SecretProjection": { + "description": "Adapts a secret into a projected volume.\n\nThe contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.KeyToPath" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "optional field specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SecretReference": { + "description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.SecretVolumeSource": { + "description": "Adapts a Secret into a volume.\n\nThe contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", + "properties": { + "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32", + "type": "integer" + }, + "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.KeyToPath" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SecurityContext": { + "description": "SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.", + "properties": { + "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "appArmorProfile": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.AppArmorProfile" + } + ], + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows." + }, + "capabilities": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Capabilities" + } + ], + "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows." + }, + "privileged": { + "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SELinuxOptions" + } + ], + "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows." + }, + "seccompProfile": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SeccompProfile" + } + ], + "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows." + }, + "windowsOptions": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.WindowsSecurityContextOptions" + } + ], + "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.Service": { + "description": "Service is a named abstraction of software service (for example, mysql) consisting of local port (for example 3306) that the proxy listens on, and the selector that determines which pods will answer requests sent through the proxy.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceSpec" + } + ], + "default": {}, + "description": "Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + }, + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceStatus" + } + ], + "default": {}, + "description": "Most recently observed status of the service. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "Service", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.ServiceAccount": { + "description": "ServiceAccount binds together: * a name, understood by users, and perhaps by peripheral systems, for an identity * a principal that can be authenticated and authorized * a set of secrets", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "automountServiceAccountToken": { + "description": "AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. Can be overridden at the pod level.", + "type": "boolean" + }, + "imagePullSecrets": { + "description": "ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "secrets": { + "description": "Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. Pods are only limited to this list if this service account has a \"kubernetes.io/enforce-mountable-secrets\" annotation set to \"true\". The \"kubernetes.io/enforce-mountable-secrets\" annotation is deprecated since v1.32. Prefer separate namespaces to isolate access to mounted secrets. This field should not be used to find auto-generated service account token secrets for use outside of pods. Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. More info: https://kubernetes.io/docs/concepts/configuration/secret", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "ServiceAccount", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.ServiceAccountList": { + "description": "ServiceAccountList is a list of ServiceAccount objects", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of ServiceAccounts. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "ServiceAccountList", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.ServiceAccountTokenProjection": { + "description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).", + "properties": { + "audience": { + "description": "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", + "type": "string" + }, + "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", + "format": "int64", + "type": "integer" + }, + "path": { + "default": "", + "description": "path is the path relative to the mount point of the file to project the token into.", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ServiceList": { + "description": "ServiceList holds a list of services.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of services", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "ServiceList", + "version": "v1" + } + ] + }, + "io.k8s.api.core.v1.ServicePort": { + "description": "ServicePort contains information on service's port.", + "properties": { + "appProtocol": { + "description": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.", + "type": "string" + }, + "name": { + "description": "The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.", + "type": "string" + }, + "nodePort": { + "description": "The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport", + "format": "int32", + "type": "integer" + }, + "port": { + "default": 0, + "description": "The port that will be exposed by this service.", + "format": "int32", + "type": "integer" + }, + "protocol": { + "default": "TCP", + "description": "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\". Default is TCP.", + "type": "string" + }, + "targetPort": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + } + ], + "description": "Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.ServiceSpec": { + "description": "ServiceSpec describes the attributes that a user creates on a service.", + "properties": { + "allocateLoadBalancerNodePorts": { + "description": "allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is \"true\". It may be set to \"false\" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.", + "type": "boolean" + }, + "clusterIP": { + "description": "clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "type": "string" + }, + "clusterIPs": { + "description": "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "externalIPs": { + "description": "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "externalName": { + "description": "externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\".", + "type": "string" + }, + "externalTrafficPolicy": { + "description": "externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's \"externally-facing\" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get \"Cluster\" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.", + "type": "string" + }, + "healthCheckNodePort": { + "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.", + "format": "int32", + "type": "integer" + }, + "internalTrafficPolicy": { + "description": "InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to \"Local\", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).", + "type": "string" + }, + "ipFamilies": { + "description": "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ipFamilyPolicy": { + "description": "IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be \"SingleStack\" (a single IP family), \"PreferDualStack\" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or \"RequireDualStack\" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.", + "type": "string" + }, + "loadBalancerClass": { + "description": "loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.", + "type": "string" + }, + "loadBalancerIP": { + "description": "Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. Users are encouraged to use implementation-specific annotations when available.", + "type": "string" + }, + "loadBalancerSourceRanges": { + "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ports": { + "description": "The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServicePort" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "port", + "protocol" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "port", + "x-kubernetes-patch-strategy": "merge" + }, + "publishNotReadyAddresses": { + "description": "publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered \"ready\" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.", + "type": "boolean" + }, + "selector": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionAffinity": { + "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "type": "string" + }, + "sessionAffinityConfig": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SessionAffinityConfig" + } + ], + "description": "sessionAffinityConfig contains the configurations of session affinity." + }, + "trafficDistribution": { + "description": "TrafficDistribution offers a way to express preferences for how traffic is distributed to Service endpoints. Implementations can use this field as a hint, but are not required to guarantee strict adherence. If the field is not set, the implementation will apply its default routing strategy. If set to \"PreferClose\", implementations should prioritize endpoints that are in the same zone.", + "type": "string" + }, + "type": { + "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. \"ExternalName\" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.ServiceStatus": { + "description": "ServiceStatus represents the current status of a service.", + "properties": { + "conditions": { + "description": "Current service state", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "loadBalancer": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LoadBalancerStatus" + } + ], + "default": {}, + "description": "LoadBalancer contains the current status of the load-balancer, if one is present." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SessionAffinityConfig": { + "description": "SessionAffinityConfig represents the configurations of session affinity.", + "properties": { + "clientIP": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ClientIPConfig" + } + ], + "description": "clientIP contains the configurations of Client IP based session affinity." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.SleepAction": { + "description": "SleepAction describes a \"sleep\" action.", + "properties": { + "seconds": { + "default": 0, + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "io.k8s.api.core.v1.StorageOSPersistentVolumeSource": { + "description": "Represents a StorageOS persistent volume resource.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + } + ], + "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + }, + "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", + "type": "string" + }, + "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.StorageOSVolumeSource": { + "description": "Represents a StorageOS persistent volume resource.", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + } + ], + "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted." + }, + "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", + "type": "string" + }, + "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.Sysctl": { + "description": "Sysctl defines a kernel parameter to be set", + "properties": { + "name": { + "default": "", + "description": "Name of a property to set", + "type": "string" + }, + "value": { + "default": "", + "description": "Value of a property to set", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "io.k8s.api.core.v1.TCPSocketAction": { + "description": "TCPSocketAction describes an action based on opening a socket", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + } + ], + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME." + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Taint": { + "description": "The node this Taint is attached to has the \"effect\" on any pod that does not tolerate the Taint.", + "properties": { + "effect": { + "default": "", + "description": "Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "default": "", + "description": "Required. The taint key to be applied to a node.", + "type": "string" + }, + "timeAdded": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "TimeAdded represents the time at which the taint was added." + }, + "value": { + "description": "The taint value corresponding to the taint key.", + "type": "string" + } + }, + "required": [ + "key", + "effect" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Toleration": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.TopologySpreadConstraint": { + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "properties": { + "labelSelector": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + } + ], + "description": "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain." + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "maxSkew": { + "default": 0, + "description": "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.", + "format": "int32", + "type": "integer" + }, + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.", + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.", + "type": "string" + }, + "topologyKey": { + "default": "", + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field.", + "type": "string" + }, + "whenUnsatisfiable": { + "default": "", + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.", + "type": "string" + } + }, + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], + "type": "object" + }, + "io.k8s.api.core.v1.TypedLocalObjectReference": { + "description": "TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "default": "", + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "default": "", + "description": "Name is the name of resource being referenced", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.TypedObjectReference": { + "description": "TypedObjectReference contains enough information to let you locate the typed referenced object", + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "default": "", + "description": "Kind is the type of resource being referenced", + "type": "string" + }, + "name": { + "default": "", + "description": "Name is the name of resource being referenced", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.Volume": { + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", + "properties": { + "awsElasticBlockStore": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource" + } + ], + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + }, + "azureDisk": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.AzureDiskVolumeSource" + } + ], + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver." + }, + "azureFile": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.AzureFileVolumeSource" + } + ], + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver." + }, + "cephfs": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.CephFSVolumeSource" + } + ], + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported." + }, + "cinder": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.CinderVolumeSource" + } + ], + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" + }, + "configMap": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapVolumeSource" + } + ], + "description": "configMap represents a configMap that should populate this volume" + }, + "csi": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.CSIVolumeSource" + } + ], + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers." + }, + "downwardAPI": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.DownwardAPIVolumeSource" + } + ], + "description": "downwardAPI represents downward API about the pod that should populate this volume" + }, + "emptyDir": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EmptyDirVolumeSource" + } + ], + "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + }, + "ephemeral": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EphemeralVolumeSource" + } + ], + "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.\n\nUse this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.\n\nA pod can use both types of ephemeral volumes and persistent volumes at the same time." + }, + "fc": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.FCVolumeSource" + } + ], + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + }, + "flexVolume": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.FlexVolumeSource" + } + ], + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead." + }, + "flocker": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.FlockerVolumeSource" + } + ], + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported." + }, + "gcePersistentDisk": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.GCEPersistentDiskVolumeSource" + } + ], + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + }, + "gitRepo": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.GitRepoVolumeSource" + } + ], + "description": "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." + }, + "glusterfs": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.GlusterfsVolumeSource" + } + ], + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported." + }, + "hostPath": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.HostPathVolumeSource" + } + ], + "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + }, + "image": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ImageVolumeSource" + } + ], + "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + }, + "iscsi": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ISCSIVolumeSource" + } + ], + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi" + }, + "name": { + "default": "", + "description": "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "nfs": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NFSVolumeSource" + } + ], + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + }, + "persistentVolumeClaim": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource" + } + ], + "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + }, + "photonPersistentDisk": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource" + } + ], + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported." + }, + "portworxVolume": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PortworxVolumeSource" + } + ], + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on." + }, + "projected": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ProjectedVolumeSource" + } + ], + "description": "projected items for all in one resources secrets, configmaps, and downward API" + }, + "quobyte": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.QuobyteVolumeSource" + } + ], + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported." + }, + "rbd": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.RBDVolumeSource" + } + ], + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported." + }, + "scaleIO": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ScaleIOVolumeSource" + } + ], + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported." + }, + "secret": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretVolumeSource" + } + ], + "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + }, + "storageos": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.StorageOSVolumeSource" + } + ], + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported." + }, + "vsphereVolume": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource" + } + ], + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver." + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeDevice": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "properties": { + "devicePath": { + "default": "", + "description": "devicePath is the path inside of the container that the device will be mapped to.", + "type": "string" + }, + "name": { + "default": "", + "description": "name must match the name of a persistentVolumeClaim in the pod", + "type": "string" + } + }, + "required": [ + "name", + "devicePath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeMount": { + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "default": "", + "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", + "type": "string" + }, + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).", + "type": "string" + }, + "name": { + "default": "", + "description": "This must match the Name of a Volume.", + "type": "string" + }, + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled recursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", + "type": "string" + } + }, + "required": [ + "name", + "mountPath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeMountStatus": { + "description": "VolumeMountStatus shows status of volume mounts.", + "properties": { + "mountPath": { + "default": "", + "description": "MountPath corresponds to the original VolumeMount.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name corresponds to the name of the original VolumeMount.", + "type": "string" + }, + "readOnly": { + "description": "ReadOnly corresponds to the original VolumeMount.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly must be set to Disabled, Enabled, or unspecified (for non-readonly mounts). An IfPossible value in the original VolumeMount must be translated to Disabled or Enabled, depending on the mount result.", + "type": "string" + } + }, + "required": [ + "name", + "mountPath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.VolumeNodeAffinity": { + "description": "VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from.", + "properties": { + "required": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeSelector" + } + ], + "description": "required specifies hard node constraints that must be met." + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.VolumeProjection": { + "description": "Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.", + "properties": { + "clusterTrustBundle": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ClusterTrustBundleProjection" + } + ], + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time." + }, + "configMap": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapProjection" + } + ], + "description": "configMap information about the configMap data to project" + }, + "downwardAPI": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.DownwardAPIProjection" + } + ], + "description": "downwardAPI information about the downwardAPI data to project" + }, + "secret": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretProjection" + } + ], + "description": "secret information about the secret data to project" + }, + "serviceAccountToken": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccountTokenProjection" + } + ], + "description": "serviceAccountToken is information about the serviceAccountToken data to project" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.VolumeResourceRequirements": { + "description": "VolumeResourceRequirements describes the storage resource requirements for a volume.", + "properties": { + "limits": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource": { + "description": "Represents a vSphere volume resource.", + "properties": { + "fsType": { + "description": "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", + "type": "string" + }, + "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", + "type": "string" + }, + "volumePath": { + "default": "", + "description": "volumePath is the path that identifies vSphere volume vmdk", + "type": "string" + } + }, + "required": [ + "volumePath" + ], + "type": "object" + }, + "io.k8s.api.core.v1.WeightedPodAffinityTerm": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodAffinityTerm" + } + ], + "default": {}, + "description": "Required. A pod affinity term, associated with the corresponding weight." + }, + "weight": { + "default": 0, + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "weight", + "podAffinityTerm" + ], + "type": "object" + }, + "io.k8s.api.core.v1.WindowsSecurityContextOptions": { + "description": "WindowsSecurityContextOptions contain Windows-specific options and credentials.", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.api.policy.v1.Eviction": { + "description": "Eviction evicts a pod from its node subject to certain policies and safety constraints. This is a subresource of Pod. A request to cause such an eviction is created by POSTing to .../pods//evictions.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "deleteOptions": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + ], + "description": "DeleteOptions may be provided" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "ObjectMeta describes the pod that is being evicted." + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "policy", + "kind": "Eviction", + "version": "v1" + } + ] + }, + "io.k8s.apimachinery.pkg.api.resource.Quantity": { + "description": "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.", + "oneOf": [ + { + "type": "string" + }, + { + "type": "number" + } + ] + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.APIResource": { + "description": "APIResource specifies the name of a resource and whether it is namespaced.", + "properties": { + "categories": { + "description": "categories is a list of the grouped resources this resource belongs to (e.g. 'all')", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "group": { + "description": "group is the preferred group of the resource. Empty implies the group of the containing resource list. For subresources, this may have a different value, for example: Scale\".", + "type": "string" + }, + "kind": { + "default": "", + "description": "kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo')", + "type": "string" + }, + "name": { + "default": "", + "description": "name is the plural name of the resource.", + "type": "string" + }, + "namespaced": { + "default": false, + "description": "namespaced indicates if a resource is namespaced or not.", + "type": "boolean" + }, + "shortNames": { + "description": "shortNames is a list of suggested short names of the resource.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "singularName": { + "default": "", + "description": "singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely. The singularName is more correct for reporting status on a single item and both singular and plural are allowed from the kubectl CLI interface.", + "type": "string" + }, + "storageVersionHash": { + "description": "The hash value of the storage version, the version this resource is converted to when written to the data store. Value must be treated as opaque by clients. Only equality comparison on the value is valid. This is an alpha feature and may change or be removed in the future. The field is populated by the apiserver only if the StorageVersionHash feature gate is enabled. This field will remain optional even if it graduates.", + "type": "string" + }, + "verbs": { + "description": "verbs is a list of supported kube verbs (this includes get, list, watch, create, update, patch, delete, deletecollection, and proxy)", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "version": { + "description": "version is the preferred version of the resource. Empty implies the version of the containing resource list For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)\".", + "type": "string" + } + }, + "required": [ + "name", + "singularName", + "namespaced", + "kind", + "verbs" + ], + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList": { + "description": "APIResourceList is a list of APIResource, it is used to expose the name of the resources supported in a specific group and version, and if the resource is namespaced.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "groupVersion": { + "default": "", + "description": "groupVersion is the group and version this APIResourceList is for.", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "resources": { + "description": "resources contains the name of the resources and if they are namespaced.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.APIResource" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "groupVersion", + "resources" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "APIResourceList", + "version": "v1" + } + ] + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Condition": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + }, + "message": { + "default": "", + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", + "format": "int64", + "type": "integer" + }, + "reason": { + "default": "", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", + "type": "string" + }, + "status": { + "default": "", + "description": "status of the condition, one of True, False, Unknown.", + "type": "string" + }, + "type": { + "default": "", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "type": "string" + } + }, + "required": [ + "type", + "status", + "lastTransitionTime", + "reason", + "message" + ], + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions": { + "description": "DeleteOptions may be provided when deleting an API object.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "dryRun": { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "gracePeriodSeconds": { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "format": "int64", + "type": "integer" + }, + "ignoreStoreReadErrorWithClusterBreakingPotential": { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "type": "boolean" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "orphanDependents": { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "type": "boolean" + }, + "preconditions": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Preconditions" + } + ], + "description": "Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be returned." + }, + "propagationPolicy": { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "admission.k8s.io", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "admission.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "admissionregistration.k8s.io", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "admissionregistration.k8s.io", + "kind": "DeleteOptions", + "version": "v1alpha1" + }, + { + "group": "admissionregistration.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "apiextensions.k8s.io", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "apiextensions.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "apiregistration.k8s.io", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "apiregistration.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "apps", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "apps", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "apps", + "kind": "DeleteOptions", + "version": "v1beta2" + }, + { + "group": "authentication.k8s.io", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "authentication.k8s.io", + "kind": "DeleteOptions", + "version": "v1alpha1" + }, + { + "group": "authentication.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "authorization.k8s.io", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "authorization.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "autoscaling", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "autoscaling", + "kind": "DeleteOptions", + "version": "v2" + }, + { + "group": "autoscaling", + "kind": "DeleteOptions", + "version": "v2beta1" + }, + { + "group": "autoscaling", + "kind": "DeleteOptions", + "version": "v2beta2" + }, + { + "group": "batch", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "batch", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "certificates.k8s.io", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "certificates.k8s.io", + "kind": "DeleteOptions", + "version": "v1alpha1" + }, + { + "group": "certificates.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "coordination.k8s.io", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "coordination.k8s.io", + "kind": "DeleteOptions", + "version": "v1alpha2" + }, + { + "group": "coordination.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "discovery.k8s.io", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "discovery.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "events.k8s.io", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "events.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "extensions", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "flowcontrol.apiserver.k8s.io", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "flowcontrol.apiserver.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "flowcontrol.apiserver.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta2" + }, + { + "group": "flowcontrol.apiserver.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta3" + }, + { + "group": "imagepolicy.k8s.io", + "kind": "DeleteOptions", + "version": "v1alpha1" + }, + { + "group": "internal.apiserver.k8s.io", + "kind": "DeleteOptions", + "version": "v1alpha1" + }, + { + "group": "networking.k8s.io", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "networking.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "node.k8s.io", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "node.k8s.io", + "kind": "DeleteOptions", + "version": "v1alpha1" + }, + { + "group": "node.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "policy", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "policy", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "rbac.authorization.k8s.io", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "rbac.authorization.k8s.io", + "kind": "DeleteOptions", + "version": "v1alpha1" + }, + { + "group": "rbac.authorization.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "resource.k8s.io", + "kind": "DeleteOptions", + "version": "v1alpha3" + }, + { + "group": "resource.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "resource.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta2" + }, + { + "group": "scheduling.k8s.io", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "scheduling.k8s.io", + "kind": "DeleteOptions", + "version": "v1alpha1" + }, + { + "group": "scheduling.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "storage.k8s.io", + "kind": "DeleteOptions", + "version": "v1" + }, + { + "group": "storage.k8s.io", + "kind": "DeleteOptions", + "version": "v1alpha1" + }, + { + "group": "storage.k8s.io", + "kind": "DeleteOptions", + "version": "v1beta1" + }, + { + "group": "storagemigration.k8s.io", + "kind": "DeleteOptions", + "version": "v1alpha1" + } + ] + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1": { + "description": "FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.\n\nEach key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:', where is the name of a field in a struct, or key in a map 'v:', where is the exact json formatted value of a list item 'i:', where is position of a item in a list 'k:', where is a map of a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set.\n\nThe exact format is defined in sigs.k8s.io/structured-merge-diff", + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector": { + "description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "properties": { + "key": { + "default": "", + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "default": "", + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta": { + "description": "ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.", + "properties": { + "continue": { + "description": "continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.", + "type": "string" + }, + "remainingItemCount": { + "description": "remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is *estimating* the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.", + "format": "int64", + "type": "integer" + }, + "resourceVersion": { + "description": "String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "selfLink": { + "description": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry": { + "description": "ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource that the fieldset applies to.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the version of this resource that this field set applies to. The format is \"group/version\" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.", + "type": "string" + }, + "fieldsType": { + "description": "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"", + "type": "string" + }, + "fieldsV1": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1" + } + ], + "description": "FieldsV1 holds the first JSON version format as described in the \"FieldsV1\" type." + }, + "manager": { + "description": "Manager is an identifier of the workflow managing these fields.", + "type": "string" + }, + "operation": { + "description": "Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.", + "type": "string" + }, + "subresource": { + "description": "Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource.", + "type": "string" + }, + "time": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over." + } + }, + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime": { + "description": "MicroTime is version of Time with microsecond level precision.", + "format": "date-time", + "type": "string" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta": { + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", + "properties": { + "annotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations", + "type": "object" + }, + "creationTimestamp": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "deletionGracePeriodSeconds": { + "description": "Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.", + "format": "int64", + "type": "integer" + }, + "deletionTimestamp": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + ], + "description": "DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "finalizers": { + "description": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set", + "x-kubernetes-patch-strategy": "merge" + }, + "generateName": { + "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will return a 409.\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", + "type": "string" + }, + "generation": { + "description": "A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.", + "format": "int64", + "type": "integer" + }, + "labels": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels", + "type": "object" + }, + "managedFields": { + "description": "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", + "type": "string" + }, + "namespace": { + "description": "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces", + "type": "string" + }, + "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "uid" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "uid", + "x-kubernetes-patch-strategy": "merge" + }, + "resourceVersion": { + "description": "An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "selfLink": { + "description": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.", + "type": "string" + }, + "uid": { + "description": "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference": { + "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", + "properties": { + "apiVersion": { + "default": "", + "description": "API version of the referent.", + "type": "string" + }, + "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", + "type": "boolean" + }, + "controller": { + "description": "If true, this reference points to the managing controller.", + "type": "boolean" + }, + "kind": { + "default": "", + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", + "type": "string" + }, + "uid": { + "default": "", + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", + "type": "string" + } + }, + "required": [ + "apiVersion", + "kind", + "name", + "uid" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Patch": { + "description": "Patch is provided to give a concrete name and type to the Kubernetes PATCH request body.", + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Preconditions": { + "description": "Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.", + "properties": { + "resourceVersion": { + "description": "Specifies the target ResourceVersion", + "type": "string" + }, + "uid": { + "description": "Specifies the target UID.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Status": { + "description": "Status is a return value for calls that don't return other objects.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "code": { + "description": "Suggested HTTP return code for this status, 0 if not set.", + "format": "int32", + "type": "integer" + }, + "details": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails" + } + ], + "description": "Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.", + "x-kubernetes-list-type": "atomic" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "message": { + "description": "A human-readable description of the status of this operation.", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + }, + "reason": { + "description": "A machine-readable description of why this operation is in the \"Failure\" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it.", + "type": "string" + }, + "status": { + "description": "Status of the operation. One of: \"Success\" or \"Failure\". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "Status", + "version": "v1" + } + ] + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.StatusCause": { + "description": "StatusCause provides more information about an api.Status failure, including cases when multiple errors are encountered.", + "properties": { + "field": { + "description": "The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional.\n\nExamples:\n \"name\" - the field \"name\" on the current resource\n \"items[0].name\" - the field \"name\" on the first array entry in \"items\"", + "type": "string" + }, + "message": { + "description": "A human-readable description of the cause of the error. This field may be presented as-is to a reader.", + "type": "string" + }, + "reason": { + "description": "A machine-readable description of the cause of the error. If this value is empty there is no information available.", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails": { + "description": "StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined.", + "properties": { + "causes": { + "description": "The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.StatusCause" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "group": { + "description": "The group attribute of the resource associated with the status StatusReason.", + "type": "string" + }, + "kind": { + "description": "The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described).", + "type": "string" + }, + "retryAfterSeconds": { + "description": "If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action.", + "format": "int32", + "type": "integer" + }, + "uid": { + "description": "UID of the resource. (when there is a single resource which can be described). More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", + "type": "string" + } + }, + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Time": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "format": "date-time", + "type": "string" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent": { + "description": "Event represents a single event to a watched resource.", + "properties": { + "object": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.runtime.RawExtension" + } + ], + "description": "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Error: *Status is recommended; other types may make sense\n depending on context." + }, + "type": { + "default": "", + "type": "string" + } + }, + "required": [ + "type", + "object" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "admission.k8s.io", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "admission.k8s.io", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "admissionregistration.k8s.io", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "admissionregistration.k8s.io", + "kind": "WatchEvent", + "version": "v1alpha1" + }, + { + "group": "admissionregistration.k8s.io", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "apiextensions.k8s.io", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "apiextensions.k8s.io", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "apiregistration.k8s.io", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "apiregistration.k8s.io", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "apps", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "apps", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "apps", + "kind": "WatchEvent", + "version": "v1beta2" + }, + { + "group": "authentication.k8s.io", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "authentication.k8s.io", + "kind": "WatchEvent", + "version": "v1alpha1" + }, + { + "group": "authentication.k8s.io", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "authorization.k8s.io", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "authorization.k8s.io", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "autoscaling", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "autoscaling", + "kind": "WatchEvent", + "version": "v2" + }, + { + "group": "autoscaling", + "kind": "WatchEvent", + "version": "v2beta1" + }, + { + "group": "autoscaling", + "kind": "WatchEvent", + "version": "v2beta2" + }, + { + "group": "batch", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "batch", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "certificates.k8s.io", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "certificates.k8s.io", + "kind": "WatchEvent", + "version": "v1alpha1" + }, + { + "group": "certificates.k8s.io", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "coordination.k8s.io", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "coordination.k8s.io", + "kind": "WatchEvent", + "version": "v1alpha2" + }, + { + "group": "coordination.k8s.io", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "discovery.k8s.io", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "discovery.k8s.io", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "events.k8s.io", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "events.k8s.io", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "extensions", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "flowcontrol.apiserver.k8s.io", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "flowcontrol.apiserver.k8s.io", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "flowcontrol.apiserver.k8s.io", + "kind": "WatchEvent", + "version": "v1beta2" + }, + { + "group": "flowcontrol.apiserver.k8s.io", + "kind": "WatchEvent", + "version": "v1beta3" + }, + { + "group": "imagepolicy.k8s.io", + "kind": "WatchEvent", + "version": "v1alpha1" + }, + { + "group": "internal.apiserver.k8s.io", + "kind": "WatchEvent", + "version": "v1alpha1" + }, + { + "group": "networking.k8s.io", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "networking.k8s.io", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "node.k8s.io", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "node.k8s.io", + "kind": "WatchEvent", + "version": "v1alpha1" + }, + { + "group": "node.k8s.io", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "policy", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "policy", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "rbac.authorization.k8s.io", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "rbac.authorization.k8s.io", + "kind": "WatchEvent", + "version": "v1alpha1" + }, + { + "group": "rbac.authorization.k8s.io", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "resource.k8s.io", + "kind": "WatchEvent", + "version": "v1alpha3" + }, + { + "group": "resource.k8s.io", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "resource.k8s.io", + "kind": "WatchEvent", + "version": "v1beta2" + }, + { + "group": "scheduling.k8s.io", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "scheduling.k8s.io", + "kind": "WatchEvent", + "version": "v1alpha1" + }, + { + "group": "scheduling.k8s.io", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "storage.k8s.io", + "kind": "WatchEvent", + "version": "v1" + }, + { + "group": "storage.k8s.io", + "kind": "WatchEvent", + "version": "v1alpha1" + }, + { + "group": "storage.k8s.io", + "kind": "WatchEvent", + "version": "v1beta1" + }, + { + "group": "storagemigration.k8s.io", + "kind": "WatchEvent", + "version": "v1alpha1" + } + ] + }, + "io.k8s.apimachinery.pkg.runtime.RawExtension": { + "description": "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.\n\n// Internal package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.Object `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// External package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// On the wire, the JSON will look something like this:\n\n\t{\n\t\t\"kind\":\"MyAPIObject\",\n\t\t\"apiVersion\":\"v1\",\n\t\t\"myPlugin\": {\n\t\t\t\"kind\":\"PluginA\",\n\t\t\t\"aOption\":\"foo\",\n\t\t},\n\t}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)", + "type": "object" + }, + "io.k8s.apimachinery.pkg.util.intstr.IntOrString": { + "description": "IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number.", + "format": "int-or-string", + "oneOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ] + } + }, + "securitySchemes": { + "BearerToken": { + "description": "Bearer Token authentication", + "in": "header", + "name": "authorization", + "type": "apiKey" + } + } + }, + "info": { + "title": "Kubernetes", + "version": "unversioned" + }, + "openapi": "3.0.0", + "paths": { + "/api/v1/": { + "get": { + "description": "get available resources", + "operationId": "getCoreV1APIResources", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ] + } + }, + "/api/v1/componentstatuses": { + "get": { + "description": "list objects of kind ComponentStatus", + "operationId": "listCoreV1ComponentStatus", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ComponentStatusList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ComponentStatusList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ComponentStatusList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ComponentStatusList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ComponentStatusList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ComponentStatusList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ComponentStatusList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ComponentStatus", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/componentstatuses/{name}": { + "get": { + "description": "read the specified ComponentStatus", + "operationId": "readCoreV1ComponentStatus", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ComponentStatus" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ComponentStatus" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ComponentStatus" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ComponentStatus" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ComponentStatus", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the ComponentStatus", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ] + }, + "/api/v1/configmaps": { + "get": { + "description": "list or watch objects of kind ConfigMap", + "operationId": "listCoreV1ConfigMapForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ConfigMap", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/endpoints": { + "get": { + "description": "list or watch objects of kind Endpoints", + "operationId": "listCoreV1EndpointsForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointsList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointsList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointsList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointsList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointsList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointsList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointsList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Endpoints", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/events": { + "get": { + "description": "list or watch objects of kind Event", + "operationId": "listCoreV1EventForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EventList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EventList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EventList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EventList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EventList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EventList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EventList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Event", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/limitranges": { + "get": { + "description": "list or watch objects of kind LimitRange", + "operationId": "listCoreV1LimitRangeForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRangeList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRangeList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRangeList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRangeList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRangeList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRangeList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRangeList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "LimitRange", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/namespaces": { + "get": { + "description": "list or watch objects of kind Namespace", + "operationId": "listCoreV1Namespace", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NamespaceList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NamespaceList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NamespaceList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NamespaceList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NamespaceList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NamespaceList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NamespaceList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Namespace", + "version": "v1" + } + }, + "parameters": [ + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create a Namespace", + "operationId": "createCoreV1Namespace", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Namespace", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/bindings": { + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create a Binding", + "operationId": "createCoreV1NamespacedBinding", + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Binding", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/configmaps": { + "delete": { + "description": "delete collection of ConfigMap", + "operationId": "deleteCoreV1CollectionNamespacedConfigMap", + "parameters": [ + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ConfigMap", + "version": "v1" + } + }, + "get": { + "description": "list or watch objects of kind ConfigMap", + "operationId": "listCoreV1NamespacedConfigMap", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ConfigMap", + "version": "v1" + } + }, + "parameters": [ + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create a ConfigMap", + "operationId": "createCoreV1NamespacedConfigMap", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ConfigMap", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/configmaps/{name}": { + "delete": { + "description": "delete a ConfigMap", + "operationId": "deleteCoreV1NamespacedConfigMap", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ConfigMap", + "version": "v1" + } + }, + "get": { + "description": "read the specified ConfigMap", + "operationId": "readCoreV1NamespacedConfigMap", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ConfigMap", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the ConfigMap", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update the specified ConfigMap", + "operationId": "patchCoreV1NamespacedConfigMap", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ConfigMap", + "version": "v1" + } + }, + "put": { + "description": "replace the specified ConfigMap", + "operationId": "replaceCoreV1NamespacedConfigMap", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMap" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ConfigMap", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/endpoints": { + "delete": { + "description": "delete collection of Endpoints", + "operationId": "deleteCoreV1CollectionNamespacedEndpoints", + "parameters": [ + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Endpoints", + "version": "v1" + } + }, + "get": { + "description": "list or watch objects of kind Endpoints", + "operationId": "listCoreV1NamespacedEndpoints", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointsList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointsList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointsList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointsList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointsList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointsList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EndpointsList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Endpoints", + "version": "v1" + } + }, + "parameters": [ + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create Endpoints", + "operationId": "createCoreV1NamespacedEndpoints", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Endpoints", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/endpoints/{name}": { + "delete": { + "description": "delete Endpoints", + "operationId": "deleteCoreV1NamespacedEndpoints", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Endpoints", + "version": "v1" + } + }, + "get": { + "description": "read the specified Endpoints", + "operationId": "readCoreV1NamespacedEndpoints", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Endpoints", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the Endpoints", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update the specified Endpoints", + "operationId": "patchCoreV1NamespacedEndpoints", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Endpoints", + "version": "v1" + } + }, + "put": { + "description": "replace the specified Endpoints", + "operationId": "replaceCoreV1NamespacedEndpoints", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Endpoints" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Endpoints", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/events": { + "delete": { + "description": "delete collection of Event", + "operationId": "deleteCoreV1CollectionNamespacedEvent", + "parameters": [ + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Event", + "version": "v1" + } + }, + "get": { + "description": "list or watch objects of kind Event", + "operationId": "listCoreV1NamespacedEvent", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EventList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EventList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EventList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EventList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EventList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EventList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.EventList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Event", + "version": "v1" + } + }, + "parameters": [ + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create an Event", + "operationId": "createCoreV1NamespacedEvent", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Event", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/events/{name}": { + "delete": { + "description": "delete an Event", + "operationId": "deleteCoreV1NamespacedEvent", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Event", + "version": "v1" + } + }, + "get": { + "description": "read the specified Event", + "operationId": "readCoreV1NamespacedEvent", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Event", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the Event", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update the specified Event", + "operationId": "patchCoreV1NamespacedEvent", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Event", + "version": "v1" + } + }, + "put": { + "description": "replace the specified Event", + "operationId": "replaceCoreV1NamespacedEvent", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Event" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Event", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/limitranges": { + "delete": { + "description": "delete collection of LimitRange", + "operationId": "deleteCoreV1CollectionNamespacedLimitRange", + "parameters": [ + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "LimitRange", + "version": "v1" + } + }, + "get": { + "description": "list or watch objects of kind LimitRange", + "operationId": "listCoreV1NamespacedLimitRange", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRangeList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRangeList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRangeList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRangeList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRangeList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRangeList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRangeList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "LimitRange", + "version": "v1" + } + }, + "parameters": [ + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create a LimitRange", + "operationId": "createCoreV1NamespacedLimitRange", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "LimitRange", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/limitranges/{name}": { + "delete": { + "description": "delete a LimitRange", + "operationId": "deleteCoreV1NamespacedLimitRange", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "LimitRange", + "version": "v1" + } + }, + "get": { + "description": "read the specified LimitRange", + "operationId": "readCoreV1NamespacedLimitRange", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "LimitRange", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the LimitRange", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update the specified LimitRange", + "operationId": "patchCoreV1NamespacedLimitRange", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "LimitRange", + "version": "v1" + } + }, + "put": { + "description": "replace the specified LimitRange", + "operationId": "replaceCoreV1NamespacedLimitRange", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.LimitRange" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "LimitRange", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/persistentvolumeclaims": { + "delete": { + "description": "delete collection of PersistentVolumeClaim", + "operationId": "deleteCoreV1CollectionNamespacedPersistentVolumeClaim", + "parameters": [ + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + }, + "get": { + "description": "list or watch objects of kind PersistentVolumeClaim", + "operationId": "listCoreV1NamespacedPersistentVolumeClaim", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + }, + "parameters": [ + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create a PersistentVolumeClaim", + "operationId": "createCoreV1NamespacedPersistentVolumeClaim", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}": { + "delete": { + "description": "delete a PersistentVolumeClaim", + "operationId": "deleteCoreV1NamespacedPersistentVolumeClaim", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "description": "OK" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + }, + "get": { + "description": "read the specified PersistentVolumeClaim", + "operationId": "readCoreV1NamespacedPersistentVolumeClaim", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the PersistentVolumeClaim", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update the specified PersistentVolumeClaim", + "operationId": "patchCoreV1NamespacedPersistentVolumeClaim", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + }, + "put": { + "description": "replace the specified PersistentVolumeClaim", + "operationId": "replaceCoreV1NamespacedPersistentVolumeClaim", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}/status": { + "get": { + "description": "read status of the specified PersistentVolumeClaim", + "operationId": "readCoreV1NamespacedPersistentVolumeClaimStatus", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the PersistentVolumeClaim", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update status of the specified PersistentVolumeClaim", + "operationId": "patchCoreV1NamespacedPersistentVolumeClaimStatus", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + }, + "put": { + "description": "replace status of the specified PersistentVolumeClaim", + "operationId": "replaceCoreV1NamespacedPersistentVolumeClaimStatus", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaim" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/pods": { + "delete": { + "description": "delete collection of Pod", + "operationId": "deleteCoreV1CollectionNamespacedPod", + "parameters": [ + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + }, + "get": { + "description": "list or watch objects of kind Pod", + "operationId": "listCoreV1NamespacedPod", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + }, + "parameters": [ + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create a Pod", + "operationId": "createCoreV1NamespacedPod", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/pods/{name}": { + "delete": { + "description": "delete a Pod", + "operationId": "deleteCoreV1NamespacedPod", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "OK" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + }, + "get": { + "description": "read the specified Pod", + "operationId": "readCoreV1NamespacedPod", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the Pod", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update the specified Pod", + "operationId": "patchCoreV1NamespacedPod", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + }, + "put": { + "description": "replace the specified Pod", + "operationId": "replaceCoreV1NamespacedPod", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/pods/{name}/attach": { + "get": { + "description": "connect GET requests to attach of Pod", + "operationId": "connectCoreV1GetNamespacedPodAttach", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodAttachOptions", + "version": "v1" + } + }, + "parameters": [ + { + "description": "The container in which to execute the command. Defaults to only container if there is only one container in the pod.", + "in": "query", + "name": "container", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "name of the PodAttachOptions", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Stderr if true indicates that stderr is to be redirected for the attach call. Defaults to true.", + "in": "query", + "name": "stderr", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Stdin if true, redirects the standard input stream of the pod for this call. Defaults to false.", + "in": "query", + "name": "stdin", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Stdout if true indicates that stdout is to be redirected for the attach call. Defaults to true.", + "in": "query", + "name": "stdout", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "TTY if true indicates that a tty will be allocated for the attach call. This is passed through the container runtime so the tty is allocated on the worker node by the container runtime. Defaults to false.", + "in": "query", + "name": "tty", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "post": { + "description": "connect POST requests to attach of Pod", + "operationId": "connectCoreV1PostNamespacedPodAttach", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodAttachOptions", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/pods/{name}/binding": { + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "name of the Binding", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create binding of a Pod", + "operationId": "createCoreV1NamespacedPodBinding", + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Binding" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Binding", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/pods/{name}/ephemeralcontainers": { + "get": { + "description": "read ephemeralcontainers of the specified Pod", + "operationId": "readCoreV1NamespacedPodEphemeralcontainers", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the Pod", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update ephemeralcontainers of the specified Pod", + "operationId": "patchCoreV1NamespacedPodEphemeralcontainers", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + }, + "put": { + "description": "replace ephemeralcontainers of the specified Pod", + "operationId": "replaceCoreV1NamespacedPodEphemeralcontainers", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/pods/{name}/eviction": { + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "name of the Eviction", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create eviction of a Pod", + "operationId": "createCoreV1NamespacedPodEviction", + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.policy.v1.Eviction" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.policy.v1.Eviction" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.policy.v1.Eviction" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.policy.v1.Eviction" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.policy.v1.Eviction" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.policy.v1.Eviction" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.policy.v1.Eviction" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.policy.v1.Eviction" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.policy.v1.Eviction" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.policy.v1.Eviction" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.policy.v1.Eviction" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.policy.v1.Eviction" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.policy.v1.Eviction" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "policy", + "kind": "Eviction", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/pods/{name}/exec": { + "get": { + "description": "connect GET requests to exec of Pod", + "operationId": "connectCoreV1GetNamespacedPodExec", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodExecOptions", + "version": "v1" + } + }, + "parameters": [ + { + "description": "Command is the remote command to execute. argv array. Not executed within a shell.", + "in": "query", + "name": "command", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Container in which to execute the command. Defaults to only container if there is only one container in the pod.", + "in": "query", + "name": "container", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "name of the PodExecOptions", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Redirect the standard error stream of the pod for this call.", + "in": "query", + "name": "stderr", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Redirect the standard input stream of the pod for this call. Defaults to false.", + "in": "query", + "name": "stdin", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Redirect the standard output stream of the pod for this call.", + "in": "query", + "name": "stdout", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "TTY if true indicates that a tty will be allocated for the exec call. Defaults to false.", + "in": "query", + "name": "tty", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "post": { + "description": "connect POST requests to exec of Pod", + "operationId": "connectCoreV1PostNamespacedPodExec", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodExecOptions", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/pods/{name}/log": { + "get": { + "description": "read log of the specified Pod", + "operationId": "readCoreV1NamespacedPodLog", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "type": "string" + } + }, + "application/json": { + "schema": { + "type": "string" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "type": "string" + } + }, + "application/yaml": { + "schema": { + "type": "string" + } + }, + "text/plain": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + }, + "parameters": [ + { + "description": "The container for which to stream logs. Defaults to only container if there is one container in the pod.", + "in": "query", + "name": "container", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Follow the log stream of the pod. Defaults to false.", + "in": "query", + "name": "follow", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept the actual log data coming from the real kubelet).", + "in": "query", + "name": "insecureSkipTLSVerifyBackend", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "If set, the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.", + "in": "query", + "name": "limitBytes", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "name of the Pod", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Return previous terminated container logs. Defaults to false.", + "in": "query", + "name": "previous", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "A relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", + "in": "query", + "name": "sinceSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Specify which container log stream to return to the client. Acceptable values are \"All\", \"Stdout\" and \"Stderr\". If not specified, \"All\" is used, and both stdout and stderr are returned interleaved. Note that when \"TailLines\" is specified, \"Stream\" can only be set to nil or \"All\".", + "in": "query", + "name": "stream", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If set, the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime. Note that when \"TailLines\" is specified, \"Stream\" can only be set to nil or \"All\".", + "in": "query", + "name": "tailLines", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.", + "in": "query", + "name": "timestamps", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/namespaces/{namespace}/pods/{name}/portforward": { + "get": { + "description": "connect GET requests to portforward of Pod", + "operationId": "connectCoreV1GetNamespacedPodPortforward", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodPortForwardOptions", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the PodPortForwardOptions", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "List of ports to forward Required when using WebSockets", + "in": "query", + "name": "ports", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "post": { + "description": "connect POST requests to portforward of Pod", + "operationId": "connectCoreV1PostNamespacedPodPortforward", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodPortForwardOptions", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/pods/{name}/proxy": { + "delete": { + "description": "connect DELETE requests to proxy of Pod", + "operationId": "connectCoreV1DeleteNamespacedPodProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodProxyOptions", + "version": "v1" + } + }, + "get": { + "description": "connect GET requests to proxy of Pod", + "operationId": "connectCoreV1GetNamespacedPodProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodProxyOptions", + "version": "v1" + } + }, + "head": { + "description": "connect HEAD requests to proxy of Pod", + "operationId": "connectCoreV1HeadNamespacedPodProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodProxyOptions", + "version": "v1" + } + }, + "options": { + "description": "connect OPTIONS requests to proxy of Pod", + "operationId": "connectCoreV1OptionsNamespacedPodProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodProxyOptions", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the PodProxyOptions", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Path is the URL path to use for the current proxy request to pod.", + "in": "query", + "name": "path", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "connect PATCH requests to proxy of Pod", + "operationId": "connectCoreV1PatchNamespacedPodProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodProxyOptions", + "version": "v1" + } + }, + "post": { + "description": "connect POST requests to proxy of Pod", + "operationId": "connectCoreV1PostNamespacedPodProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodProxyOptions", + "version": "v1" + } + }, + "put": { + "description": "connect PUT requests to proxy of Pod", + "operationId": "connectCoreV1PutNamespacedPodProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodProxyOptions", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/pods/{name}/proxy/{path}": { + "delete": { + "description": "connect DELETE requests to proxy of Pod", + "operationId": "connectCoreV1DeleteNamespacedPodProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodProxyOptions", + "version": "v1" + } + }, + "get": { + "description": "connect GET requests to proxy of Pod", + "operationId": "connectCoreV1GetNamespacedPodProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodProxyOptions", + "version": "v1" + } + }, + "head": { + "description": "connect HEAD requests to proxy of Pod", + "operationId": "connectCoreV1HeadNamespacedPodProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodProxyOptions", + "version": "v1" + } + }, + "options": { + "description": "connect OPTIONS requests to proxy of Pod", + "operationId": "connectCoreV1OptionsNamespacedPodProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodProxyOptions", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the PodProxyOptions", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "path to the resource", + "in": "path", + "name": "path", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Path is the URL path to use for the current proxy request to pod.", + "in": "query", + "name": "path", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "connect PATCH requests to proxy of Pod", + "operationId": "connectCoreV1PatchNamespacedPodProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodProxyOptions", + "version": "v1" + } + }, + "post": { + "description": "connect POST requests to proxy of Pod", + "operationId": "connectCoreV1PostNamespacedPodProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodProxyOptions", + "version": "v1" + } + }, + "put": { + "description": "connect PUT requests to proxy of Pod", + "operationId": "connectCoreV1PutNamespacedPodProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodProxyOptions", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/pods/{name}/resize": { + "get": { + "description": "read resize of the specified Pod", + "operationId": "readCoreV1NamespacedPodResize", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the Pod", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update resize of the specified Pod", + "operationId": "patchCoreV1NamespacedPodResize", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + }, + "put": { + "description": "replace resize of the specified Pod", + "operationId": "replaceCoreV1NamespacedPodResize", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/pods/{name}/status": { + "get": { + "description": "read status of the specified Pod", + "operationId": "readCoreV1NamespacedPodStatus", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the Pod", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update status of the specified Pod", + "operationId": "patchCoreV1NamespacedPodStatus", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + }, + "put": { + "description": "replace status of the specified Pod", + "operationId": "replaceCoreV1NamespacedPodStatus", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Pod" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/podtemplates": { + "delete": { + "description": "delete collection of PodTemplate", + "operationId": "deleteCoreV1CollectionNamespacedPodTemplate", + "parameters": [ + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodTemplate", + "version": "v1" + } + }, + "get": { + "description": "list or watch objects of kind PodTemplate", + "operationId": "listCoreV1NamespacedPodTemplate", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodTemplate", + "version": "v1" + } + }, + "parameters": [ + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create a PodTemplate", + "operationId": "createCoreV1NamespacedPodTemplate", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodTemplate", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/podtemplates/{name}": { + "delete": { + "description": "delete a PodTemplate", + "operationId": "deleteCoreV1NamespacedPodTemplate", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + } + }, + "description": "OK" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodTemplate", + "version": "v1" + } + }, + "get": { + "description": "read the specified PodTemplate", + "operationId": "readCoreV1NamespacedPodTemplate", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodTemplate", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the PodTemplate", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update the specified PodTemplate", + "operationId": "patchCoreV1NamespacedPodTemplate", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodTemplate", + "version": "v1" + } + }, + "put": { + "description": "replace the specified PodTemplate", + "operationId": "replaceCoreV1NamespacedPodTemplate", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplate" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodTemplate", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/replicationcontrollers": { + "delete": { + "description": "delete collection of ReplicationController", + "operationId": "deleteCoreV1CollectionNamespacedReplicationController", + "parameters": [ + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ReplicationController", + "version": "v1" + } + }, + "get": { + "description": "list or watch objects of kind ReplicationController", + "operationId": "listCoreV1NamespacedReplicationController", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationControllerList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationControllerList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationControllerList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationControllerList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationControllerList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationControllerList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationControllerList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ReplicationController", + "version": "v1" + } + }, + "parameters": [ + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create a ReplicationController", + "operationId": "createCoreV1NamespacedReplicationController", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ReplicationController", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/replicationcontrollers/{name}": { + "delete": { + "description": "delete a ReplicationController", + "operationId": "deleteCoreV1NamespacedReplicationController", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ReplicationController", + "version": "v1" + } + }, + "get": { + "description": "read the specified ReplicationController", + "operationId": "readCoreV1NamespacedReplicationController", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ReplicationController", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the ReplicationController", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update the specified ReplicationController", + "operationId": "patchCoreV1NamespacedReplicationController", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ReplicationController", + "version": "v1" + } + }, + "put": { + "description": "replace the specified ReplicationController", + "operationId": "replaceCoreV1NamespacedReplicationController", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ReplicationController", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/replicationcontrollers/{name}/scale": { + "get": { + "description": "read scale of the specified ReplicationController", + "operationId": "readCoreV1NamespacedReplicationControllerScale", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "autoscaling", + "kind": "Scale", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the Scale", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update scale of the specified ReplicationController", + "operationId": "patchCoreV1NamespacedReplicationControllerScale", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "autoscaling", + "kind": "Scale", + "version": "v1" + } + }, + "put": { + "description": "replace scale of the specified ReplicationController", + "operationId": "replaceCoreV1NamespacedReplicationControllerScale", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.autoscaling.v1.Scale" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "autoscaling", + "kind": "Scale", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/replicationcontrollers/{name}/status": { + "get": { + "description": "read status of the specified ReplicationController", + "operationId": "readCoreV1NamespacedReplicationControllerStatus", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ReplicationController", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the ReplicationController", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update status of the specified ReplicationController", + "operationId": "patchCoreV1NamespacedReplicationControllerStatus", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ReplicationController", + "version": "v1" + } + }, + "put": { + "description": "replace status of the specified ReplicationController", + "operationId": "replaceCoreV1NamespacedReplicationControllerStatus", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationController" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ReplicationController", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/resourcequotas": { + "delete": { + "description": "delete collection of ResourceQuota", + "operationId": "deleteCoreV1CollectionNamespacedResourceQuota", + "parameters": [ + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ResourceQuota", + "version": "v1" + } + }, + "get": { + "description": "list or watch objects of kind ResourceQuota", + "operationId": "listCoreV1NamespacedResourceQuota", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ResourceQuota", + "version": "v1" + } + }, + "parameters": [ + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create a ResourceQuota", + "operationId": "createCoreV1NamespacedResourceQuota", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ResourceQuota", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/resourcequotas/{name}": { + "delete": { + "description": "delete a ResourceQuota", + "operationId": "deleteCoreV1NamespacedResourceQuota", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "description": "OK" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ResourceQuota", + "version": "v1" + } + }, + "get": { + "description": "read the specified ResourceQuota", + "operationId": "readCoreV1NamespacedResourceQuota", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ResourceQuota", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the ResourceQuota", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update the specified ResourceQuota", + "operationId": "patchCoreV1NamespacedResourceQuota", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ResourceQuota", + "version": "v1" + } + }, + "put": { + "description": "replace the specified ResourceQuota", + "operationId": "replaceCoreV1NamespacedResourceQuota", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ResourceQuota", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/resourcequotas/{name}/status": { + "get": { + "description": "read status of the specified ResourceQuota", + "operationId": "readCoreV1NamespacedResourceQuotaStatus", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ResourceQuota", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the ResourceQuota", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update status of the specified ResourceQuota", + "operationId": "patchCoreV1NamespacedResourceQuotaStatus", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ResourceQuota", + "version": "v1" + } + }, + "put": { + "description": "replace status of the specified ResourceQuota", + "operationId": "replaceCoreV1NamespacedResourceQuotaStatus", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuota" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ResourceQuota", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/secrets": { + "delete": { + "description": "delete collection of Secret", + "operationId": "deleteCoreV1CollectionNamespacedSecret", + "parameters": [ + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Secret", + "version": "v1" + } + }, + "get": { + "description": "list or watch objects of kind Secret", + "operationId": "listCoreV1NamespacedSecret", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Secret", + "version": "v1" + } + }, + "parameters": [ + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create a Secret", + "operationId": "createCoreV1NamespacedSecret", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Secret", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/secrets/{name}": { + "delete": { + "description": "delete a Secret", + "operationId": "deleteCoreV1NamespacedSecret", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Secret", + "version": "v1" + } + }, + "get": { + "description": "read the specified Secret", + "operationId": "readCoreV1NamespacedSecret", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Secret", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the Secret", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update the specified Secret", + "operationId": "patchCoreV1NamespacedSecret", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Secret", + "version": "v1" + } + }, + "put": { + "description": "replace the specified Secret", + "operationId": "replaceCoreV1NamespacedSecret", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Secret" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Secret", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/serviceaccounts": { + "delete": { + "description": "delete collection of ServiceAccount", + "operationId": "deleteCoreV1CollectionNamespacedServiceAccount", + "parameters": [ + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceAccount", + "version": "v1" + } + }, + "get": { + "description": "list or watch objects of kind ServiceAccount", + "operationId": "listCoreV1NamespacedServiceAccount", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccountList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccountList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccountList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccountList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccountList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccountList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccountList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceAccount", + "version": "v1" + } + }, + "parameters": [ + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create a ServiceAccount", + "operationId": "createCoreV1NamespacedServiceAccount", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceAccount", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/serviceaccounts/{name}": { + "delete": { + "description": "delete a ServiceAccount", + "operationId": "deleteCoreV1NamespacedServiceAccount", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + } + }, + "description": "OK" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceAccount", + "version": "v1" + } + }, + "get": { + "description": "read the specified ServiceAccount", + "operationId": "readCoreV1NamespacedServiceAccount", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceAccount", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the ServiceAccount", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update the specified ServiceAccount", + "operationId": "patchCoreV1NamespacedServiceAccount", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceAccount", + "version": "v1" + } + }, + "put": { + "description": "replace the specified ServiceAccount", + "operationId": "replaceCoreV1NamespacedServiceAccount", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccount" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceAccount", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/serviceaccounts/{name}/token": { + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "name of the TokenRequest", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create token of a ServiceAccount", + "operationId": "createCoreV1NamespacedServiceAccountToken", + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenRequest" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenRequest" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenRequest" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenRequest" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenRequest" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenRequest" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenRequest" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenRequest" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenRequest" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenRequest" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenRequest" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenRequest" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenRequest" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "authentication.k8s.io", + "kind": "TokenRequest", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/services": { + "delete": { + "description": "delete collection of Service", + "operationId": "deleteCoreV1CollectionNamespacedService", + "parameters": [ + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Service", + "version": "v1" + } + }, + "get": { + "description": "list or watch objects of kind Service", + "operationId": "listCoreV1NamespacedService", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Service", + "version": "v1" + } + }, + "parameters": [ + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create a Service", + "operationId": "createCoreV1NamespacedService", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Service", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/services/{name}": { + "delete": { + "description": "delete a Service", + "operationId": "deleteCoreV1NamespacedService", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "description": "OK" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Service", + "version": "v1" + } + }, + "get": { + "description": "read the specified Service", + "operationId": "readCoreV1NamespacedService", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Service", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the Service", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update the specified Service", + "operationId": "patchCoreV1NamespacedService", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Service", + "version": "v1" + } + }, + "put": { + "description": "replace the specified Service", + "operationId": "replaceCoreV1NamespacedService", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Service", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/services/{name}/proxy": { + "delete": { + "description": "connect DELETE requests to proxy of Service", + "operationId": "connectCoreV1DeleteNamespacedServiceProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceProxyOptions", + "version": "v1" + } + }, + "get": { + "description": "connect GET requests to proxy of Service", + "operationId": "connectCoreV1GetNamespacedServiceProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceProxyOptions", + "version": "v1" + } + }, + "head": { + "description": "connect HEAD requests to proxy of Service", + "operationId": "connectCoreV1HeadNamespacedServiceProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceProxyOptions", + "version": "v1" + } + }, + "options": { + "description": "connect OPTIONS requests to proxy of Service", + "operationId": "connectCoreV1OptionsNamespacedServiceProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceProxyOptions", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the ServiceProxyOptions", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.", + "in": "query", + "name": "path", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "connect PATCH requests to proxy of Service", + "operationId": "connectCoreV1PatchNamespacedServiceProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceProxyOptions", + "version": "v1" + } + }, + "post": { + "description": "connect POST requests to proxy of Service", + "operationId": "connectCoreV1PostNamespacedServiceProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceProxyOptions", + "version": "v1" + } + }, + "put": { + "description": "connect PUT requests to proxy of Service", + "operationId": "connectCoreV1PutNamespacedServiceProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceProxyOptions", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/services/{name}/proxy/{path}": { + "delete": { + "description": "connect DELETE requests to proxy of Service", + "operationId": "connectCoreV1DeleteNamespacedServiceProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceProxyOptions", + "version": "v1" + } + }, + "get": { + "description": "connect GET requests to proxy of Service", + "operationId": "connectCoreV1GetNamespacedServiceProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceProxyOptions", + "version": "v1" + } + }, + "head": { + "description": "connect HEAD requests to proxy of Service", + "operationId": "connectCoreV1HeadNamespacedServiceProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceProxyOptions", + "version": "v1" + } + }, + "options": { + "description": "connect OPTIONS requests to proxy of Service", + "operationId": "connectCoreV1OptionsNamespacedServiceProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceProxyOptions", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the ServiceProxyOptions", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "path to the resource", + "in": "path", + "name": "path", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.", + "in": "query", + "name": "path", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "connect PATCH requests to proxy of Service", + "operationId": "connectCoreV1PatchNamespacedServiceProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceProxyOptions", + "version": "v1" + } + }, + "post": { + "description": "connect POST requests to proxy of Service", + "operationId": "connectCoreV1PostNamespacedServiceProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceProxyOptions", + "version": "v1" + } + }, + "put": { + "description": "connect PUT requests to proxy of Service", + "operationId": "connectCoreV1PutNamespacedServiceProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceProxyOptions", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{namespace}/services/{name}/status": { + "get": { + "description": "read status of the specified Service", + "operationId": "readCoreV1NamespacedServiceStatus", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Service", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the Service", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update status of the specified Service", + "operationId": "patchCoreV1NamespacedServiceStatus", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Service", + "version": "v1" + } + }, + "put": { + "description": "replace status of the specified Service", + "operationId": "replaceCoreV1NamespacedServiceStatus", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Service" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Service", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{name}": { + "delete": { + "description": "delete a Namespace", + "operationId": "deleteCoreV1Namespace", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Namespace", + "version": "v1" + } + }, + "get": { + "description": "read the specified Namespace", + "operationId": "readCoreV1Namespace", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Namespace", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the Namespace", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update the specified Namespace", + "operationId": "patchCoreV1Namespace", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Namespace", + "version": "v1" + } + }, + "put": { + "description": "replace the specified Namespace", + "operationId": "replaceCoreV1Namespace", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Namespace", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{name}/finalize": { + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "name of the Namespace", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "put": { + "description": "replace finalize of the specified Namespace", + "operationId": "replaceCoreV1NamespaceFinalize", + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Namespace", + "version": "v1" + } + } + }, + "/api/v1/namespaces/{name}/status": { + "get": { + "description": "read status of the specified Namespace", + "operationId": "readCoreV1NamespaceStatus", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Namespace", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the Namespace", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update status of the specified Namespace", + "operationId": "patchCoreV1NamespaceStatus", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Namespace", + "version": "v1" + } + }, + "put": { + "description": "replace status of the specified Namespace", + "operationId": "replaceCoreV1NamespaceStatus", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Namespace" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Namespace", + "version": "v1" + } + } + }, + "/api/v1/nodes": { + "delete": { + "description": "delete collection of Node", + "operationId": "deleteCoreV1CollectionNode", + "parameters": [ + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Node", + "version": "v1" + } + }, + "get": { + "description": "list or watch objects of kind Node", + "operationId": "listCoreV1Node", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.NodeList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Node", + "version": "v1" + } + }, + "parameters": [ + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create a Node", + "operationId": "createCoreV1Node", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Node", + "version": "v1" + } + } + }, + "/api/v1/nodes/{name}": { + "delete": { + "description": "delete a Node", + "operationId": "deleteCoreV1Node", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Node", + "version": "v1" + } + }, + "get": { + "description": "read the specified Node", + "operationId": "readCoreV1Node", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Node", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the Node", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update the specified Node", + "operationId": "patchCoreV1Node", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Node", + "version": "v1" + } + }, + "put": { + "description": "replace the specified Node", + "operationId": "replaceCoreV1Node", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Node", + "version": "v1" + } + } + }, + "/api/v1/nodes/{name}/proxy": { + "delete": { + "description": "connect DELETE requests to proxy of Node", + "operationId": "connectCoreV1DeleteNodeProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "NodeProxyOptions", + "version": "v1" + } + }, + "get": { + "description": "connect GET requests to proxy of Node", + "operationId": "connectCoreV1GetNodeProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "NodeProxyOptions", + "version": "v1" + } + }, + "head": { + "description": "connect HEAD requests to proxy of Node", + "operationId": "connectCoreV1HeadNodeProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "NodeProxyOptions", + "version": "v1" + } + }, + "options": { + "description": "connect OPTIONS requests to proxy of Node", + "operationId": "connectCoreV1OptionsNodeProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "NodeProxyOptions", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the NodeProxyOptions", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Path is the URL path to use for the current proxy request to node.", + "in": "query", + "name": "path", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "connect PATCH requests to proxy of Node", + "operationId": "connectCoreV1PatchNodeProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "NodeProxyOptions", + "version": "v1" + } + }, + "post": { + "description": "connect POST requests to proxy of Node", + "operationId": "connectCoreV1PostNodeProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "NodeProxyOptions", + "version": "v1" + } + }, + "put": { + "description": "connect PUT requests to proxy of Node", + "operationId": "connectCoreV1PutNodeProxy", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "NodeProxyOptions", + "version": "v1" + } + } + }, + "/api/v1/nodes/{name}/proxy/{path}": { + "delete": { + "description": "connect DELETE requests to proxy of Node", + "operationId": "connectCoreV1DeleteNodeProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "NodeProxyOptions", + "version": "v1" + } + }, + "get": { + "description": "connect GET requests to proxy of Node", + "operationId": "connectCoreV1GetNodeProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "NodeProxyOptions", + "version": "v1" + } + }, + "head": { + "description": "connect HEAD requests to proxy of Node", + "operationId": "connectCoreV1HeadNodeProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "NodeProxyOptions", + "version": "v1" + } + }, + "options": { + "description": "connect OPTIONS requests to proxy of Node", + "operationId": "connectCoreV1OptionsNodeProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "NodeProxyOptions", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the NodeProxyOptions", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "path to the resource", + "in": "path", + "name": "path", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Path is the URL path to use for the current proxy request to node.", + "in": "query", + "name": "path", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "connect PATCH requests to proxy of Node", + "operationId": "connectCoreV1PatchNodeProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "NodeProxyOptions", + "version": "v1" + } + }, + "post": { + "description": "connect POST requests to proxy of Node", + "operationId": "connectCoreV1PostNodeProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "NodeProxyOptions", + "version": "v1" + } + }, + "put": { + "description": "connect PUT requests to proxy of Node", + "operationId": "connectCoreV1PutNodeProxyWithPath", + "responses": { + "200": { + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "connect", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "NodeProxyOptions", + "version": "v1" + } + } + }, + "/api/v1/nodes/{name}/status": { + "get": { + "description": "read status of the specified Node", + "operationId": "readCoreV1NodeStatus", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Node", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the Node", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update status of the specified Node", + "operationId": "patchCoreV1NodeStatus", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Node", + "version": "v1" + } + }, + "put": { + "description": "replace status of the specified Node", + "operationId": "replaceCoreV1NodeStatus", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.Node" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Node", + "version": "v1" + } + } + }, + "/api/v1/persistentvolumeclaims": { + "get": { + "description": "list or watch objects of kind PersistentVolumeClaim", + "operationId": "listCoreV1PersistentVolumeClaimForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeClaimList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/persistentvolumes": { + "delete": { + "description": "delete collection of PersistentVolume", + "operationId": "deleteCoreV1CollectionPersistentVolume", + "parameters": [ + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "deletecollection", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolume", + "version": "v1" + } + }, + "get": { + "description": "list or watch objects of kind PersistentVolume", + "operationId": "listCoreV1PersistentVolume", + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolumeList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolume", + "version": "v1" + } + }, + "parameters": [ + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "post": { + "description": "create a PersistentVolume", + "operationId": "createCoreV1PersistentVolume", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "description": "Created" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "post", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolume", + "version": "v1" + } + } + }, + "/api/v1/persistentvolumes/{name}": { + "delete": { + "description": "delete a PersistentVolume", + "operationId": "deleteCoreV1PersistentVolume", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "in": "query", + "name": "gracePeriodSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "in": "query", + "name": "ignoreStoreReadErrorWithClusterBreakingPotential", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "in": "query", + "name": "orphanDependents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "in": "query", + "name": "propagationPolicy", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "description": "OK" + }, + "202": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "description": "Accepted" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "delete", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolume", + "version": "v1" + } + }, + "get": { + "description": "read the specified PersistentVolume", + "operationId": "readCoreV1PersistentVolume", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolume", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the PersistentVolume", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update the specified PersistentVolume", + "operationId": "patchCoreV1PersistentVolume", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolume", + "version": "v1" + } + }, + "put": { + "description": "replace the specified PersistentVolume", + "operationId": "replaceCoreV1PersistentVolume", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolume", + "version": "v1" + } + } + }, + "/api/v1/persistentvolumes/{name}/status": { + "get": { + "description": "read status of the specified PersistentVolume", + "operationId": "readCoreV1PersistentVolumeStatus", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "get", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolume", + "version": "v1" + } + }, + "parameters": [ + { + "description": "name of the PersistentVolume", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "patch": { + "description": "partially update status of the specified PersistentVolume", + "operationId": "patchCoreV1PersistentVolumeStatus", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "in": "query", + "name": "force", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "application/apply-patch+cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/apply-patch+yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/json-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + }, + "application/strategic-merge-patch+json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Patch" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "patch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolume", + "version": "v1" + } + }, + "put": { + "description": "replace status of the specified PersistentVolume", + "operationId": "replaceCoreV1PersistentVolumeStatus", + "parameters": [ + { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "in": "query", + "name": "dryRun", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "in": "query", + "name": "fieldManager", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "in": "query", + "name": "fieldValidation", + "schema": { + "type": "string", + "uniqueItems": true + } + } + ], + "requestBody": { + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "description": "OK" + }, + "201": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PersistentVolume" + } + } + }, + "description": "Created" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "put", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolume", + "version": "v1" + } + } + }, + "/api/v1/pods": { + "get": { + "description": "list or watch objects of kind Pod", + "operationId": "listCoreV1PodForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/podtemplates": { + "get": { + "description": "list or watch objects of kind PodTemplate", + "operationId": "listCoreV1PodTemplateForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodTemplate", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/replicationcontrollers": { + "get": { + "description": "list or watch objects of kind ReplicationController", + "operationId": "listCoreV1ReplicationControllerForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationControllerList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationControllerList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationControllerList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationControllerList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationControllerList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationControllerList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ReplicationControllerList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ReplicationController", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/resourcequotas": { + "get": { + "description": "list or watch objects of kind ResourceQuota", + "operationId": "listCoreV1ResourceQuotaForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ResourceQuota", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/secrets": { + "get": { + "description": "list or watch objects of kind Secret", + "operationId": "listCoreV1SecretForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Secret", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/serviceaccounts": { + "get": { + "description": "list or watch objects of kind ServiceAccount", + "operationId": "listCoreV1ServiceAccountForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccountList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccountList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccountList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccountList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccountList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccountList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceAccountList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceAccount", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/services": { + "get": { + "description": "list or watch objects of kind Service", + "operationId": "listCoreV1ServiceForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceList" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceList" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceList" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceList" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceList" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceList" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ServiceList" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "list", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Service", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/configmaps": { + "get": { + "description": "watch individual changes to a list of ConfigMap. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1ConfigMapListForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ConfigMap", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/endpoints": { + "get": { + "description": "watch individual changes to a list of Endpoints. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1EndpointsListForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Endpoints", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/events": { + "get": { + "description": "watch individual changes to a list of Event. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1EventListForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Event", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/limitranges": { + "get": { + "description": "watch individual changes to a list of LimitRange. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1LimitRangeListForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "LimitRange", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces": { + "get": { + "description": "watch individual changes to a list of Namespace. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1NamespaceList", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Namespace", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/configmaps": { + "get": { + "description": "watch individual changes to a list of ConfigMap. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1NamespacedConfigMapList", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ConfigMap", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/configmaps/{name}": { + "get": { + "description": "watch changes to an object of kind ConfigMap. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreV1NamespacedConfigMap", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ConfigMap", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "name of the ConfigMap", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/endpoints": { + "get": { + "description": "watch individual changes to a list of Endpoints. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1NamespacedEndpointsList", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Endpoints", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/endpoints/{name}": { + "get": { + "description": "watch changes to an object of kind Endpoints. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreV1NamespacedEndpoints", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Endpoints", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "name of the Endpoints", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/events": { + "get": { + "description": "watch individual changes to a list of Event. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1NamespacedEventList", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Event", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/events/{name}": { + "get": { + "description": "watch changes to an object of kind Event. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreV1NamespacedEvent", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Event", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "name of the Event", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/limitranges": { + "get": { + "description": "watch individual changes to a list of LimitRange. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1NamespacedLimitRangeList", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "LimitRange", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/limitranges/{name}": { + "get": { + "description": "watch changes to an object of kind LimitRange. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreV1NamespacedLimitRange", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "LimitRange", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "name of the LimitRange", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/persistentvolumeclaims": { + "get": { + "description": "watch individual changes to a list of PersistentVolumeClaim. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1NamespacedPersistentVolumeClaimList", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/persistentvolumeclaims/{name}": { + "get": { + "description": "watch changes to an object of kind PersistentVolumeClaim. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreV1NamespacedPersistentVolumeClaim", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "name of the PersistentVolumeClaim", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/pods": { + "get": { + "description": "watch individual changes to a list of Pod. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1NamespacedPodList", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/pods/{name}": { + "get": { + "description": "watch changes to an object of kind Pod. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreV1NamespacedPod", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "name of the Pod", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/podtemplates": { + "get": { + "description": "watch individual changes to a list of PodTemplate. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1NamespacedPodTemplateList", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodTemplate", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/podtemplates/{name}": { + "get": { + "description": "watch changes to an object of kind PodTemplate. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreV1NamespacedPodTemplate", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodTemplate", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "name of the PodTemplate", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/replicationcontrollers": { + "get": { + "description": "watch individual changes to a list of ReplicationController. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1NamespacedReplicationControllerList", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ReplicationController", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/replicationcontrollers/{name}": { + "get": { + "description": "watch changes to an object of kind ReplicationController. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreV1NamespacedReplicationController", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ReplicationController", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "name of the ReplicationController", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/resourcequotas": { + "get": { + "description": "watch individual changes to a list of ResourceQuota. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1NamespacedResourceQuotaList", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ResourceQuota", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/resourcequotas/{name}": { + "get": { + "description": "watch changes to an object of kind ResourceQuota. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreV1NamespacedResourceQuota", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ResourceQuota", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "name of the ResourceQuota", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/secrets": { + "get": { + "description": "watch individual changes to a list of Secret. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1NamespacedSecretList", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Secret", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/secrets/{name}": { + "get": { + "description": "watch changes to an object of kind Secret. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreV1NamespacedSecret", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Secret", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "name of the Secret", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/serviceaccounts": { + "get": { + "description": "watch individual changes to a list of ServiceAccount. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1NamespacedServiceAccountList", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceAccount", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/serviceaccounts/{name}": { + "get": { + "description": "watch changes to an object of kind ServiceAccount. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreV1NamespacedServiceAccount", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceAccount", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "name of the ServiceAccount", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/services": { + "get": { + "description": "watch individual changes to a list of Service. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1NamespacedServiceList", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Service", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{namespace}/services/{name}": { + "get": { + "description": "watch changes to an object of kind Service. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreV1NamespacedService", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Service", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "name of the Service", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "object name and auth scope, such as for teams and projects", + "in": "path", + "name": "namespace", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/namespaces/{name}": { + "get": { + "description": "watch changes to an object of kind Namespace. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreV1Namespace", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Namespace", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "name of the Namespace", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/nodes": { + "get": { + "description": "watch individual changes to a list of Node. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1NodeList", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Node", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/nodes/{name}": { + "get": { + "description": "watch changes to an object of kind Node. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreV1Node", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Node", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "name of the Node", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/persistentvolumeclaims": { + "get": { + "description": "watch individual changes to a list of PersistentVolumeClaim. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1PersistentVolumeClaimListForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolumeClaim", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/persistentvolumes": { + "get": { + "description": "watch individual changes to a list of PersistentVolume. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1PersistentVolumeList", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolume", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/persistentvolumes/{name}": { + "get": { + "description": "watch changes to an object of kind PersistentVolume. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.", + "operationId": "watchCoreV1PersistentVolume", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watch", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PersistentVolume", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "name of the PersistentVolume", + "in": "path", + "name": "name", + "required": true, + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/pods": { + "get": { + "description": "watch individual changes to a list of Pod. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1PodListForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Pod", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/podtemplates": { + "get": { + "description": "watch individual changes to a list of PodTemplate. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1PodTemplateListForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "PodTemplate", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/replicationcontrollers": { + "get": { + "description": "watch individual changes to a list of ReplicationController. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1ReplicationControllerListForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ReplicationController", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/resourcequotas": { + "get": { + "description": "watch individual changes to a list of ResourceQuota. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1ResourceQuotaListForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ResourceQuota", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/secrets": { + "get": { + "description": "watch individual changes to a list of Secret. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1SecretListForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Secret", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/serviceaccounts": { + "get": { + "description": "watch individual changes to a list of ServiceAccount. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1ServiceAccountListForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "ServiceAccount", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + }, + "/api/v1/watch/services": { + "get": { + "description": "watch individual changes to a list of Service. deprecated: use the 'watch' parameter with a list operation instead.", + "operationId": "watchCoreV1ServiceListForAllNamespaces", + "responses": { + "200": { + "content": { + "application/cbor": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/cbor-seq": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/json;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/vnd.kubernetes.protobuf;stream=watch": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core_v1" + ], + "x-kubernetes-action": "watchlist", + "x-kubernetes-group-version-kind": { + "group": "", + "kind": "Service", + "version": "v1" + } + }, + "parameters": [ + { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "in": "query", + "name": "allowWatchBookmarks", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "in": "query", + "name": "continue", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "in": "query", + "name": "fieldSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "in": "query", + "name": "labelSelector", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "in": "query", + "name": "limit", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "If 'true', then the output is pretty printed. Defaults to 'false' unless the user-agent indicates a browser or command-line HTTP tool (curl and wget).", + "in": "query", + "name": "pretty", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersion", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "in": "query", + "name": "resourceVersionMatch", + "schema": { + "type": "string", + "uniqueItems": true + } + }, + { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "in": "query", + "name": "sendInitialEvents", + "schema": { + "type": "boolean", + "uniqueItems": true + } + }, + { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "in": "query", + "name": "timeoutSeconds", + "schema": { + "type": "integer", + "uniqueItems": true + } + }, + { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "in": "query", + "name": "watch", + "schema": { + "type": "boolean", + "uniqueItems": true + } + } + ] + } + } +} diff --git a/internal/schemas/generator/testdata/api_openapi.json b/internal/schemas/generator/testdata/api_openapi.json new file mode 100644 index 0000000..3a8438a --- /dev/null +++ b/internal/schemas/generator/testdata/api_openapi.json @@ -0,0 +1,122 @@ +{ + "components": { + "schemas": { + "io.k8s.apimachinery.pkg.apis.meta.v1.APIVersions": { + "description": "APIVersions lists the versions that are available, to allow clients to discover the API at /api, which is the root path of the legacy v1 API.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "serverAddressByClientCIDRs": { + "description": "a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ServerAddressByClientCIDR" + } + ], + "default": {} + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "versions": { + "description": "versions are the api versions that are available.", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "versions", + "serverAddressByClientCIDRs" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "", + "kind": "APIVersions", + "version": "v1" + } + ] + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.ServerAddressByClientCIDR": { + "description": "ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match.", + "properties": { + "clientCIDR": { + "default": "", + "description": "The CIDR with which clients can match their IP to figure out the server address that they should use.", + "type": "string" + }, + "serverAddress": { + "default": "", + "description": "Address of this server, suitable for a client that matches the above CIDR. This can be a hostname, hostname:port, IP or IP:port.", + "type": "string" + } + }, + "required": [ + "clientCIDR", + "serverAddress" + ], + "type": "object" + } + }, + "securitySchemes": { + "BearerToken": { + "description": "Bearer Token authentication", + "in": "header", + "name": "authorization", + "type": "apiKey" + } + } + }, + "info": { + "title": "Kubernetes", + "version": "unversioned" + }, + "openapi": "3.0.0", + "paths": { + "/api/": { + "get": { + "description": "get available API versions", + "operationId": "getCoreAPIVersions", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.APIVersions" + } + }, + "application/vnd.kubernetes.protobuf": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.APIVersions" + } + }, + "application/yaml": { + "schema": { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.APIVersions" + } + } + }, + "description": "OK" + }, + "401": { + "description": "Unauthorized" + } + }, + "tags": [ + "core" + ] + } + } + } +} diff --git a/internal/schemas/generator/testdata/azure_linux_function_app.yaml b/internal/schemas/generator/testdata/azure_linux_function_app.yaml new file mode 100644 index 0000000..d25b7a9 --- /dev/null +++ b/internal/schemas/generator/testdata/azure_linux_function_app.yaml @@ -0,0 +1,10878 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + kustomize.config.k8s.io/id: | + group: apiextensions.k8s.io + kind: CustomResourceDefinition + name: linuxfunctionapps.web.azure.upbound.io + version: v1 + creationTimestamp: null + name: linuxfunctionapps.web.azure.upbound.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: "" + namespace: "" + path: /convert + conversionReviewVersions: + - v1 + group: web.azure.upbound.io + names: + categories: + - crossplane + - managed + - azure + kind: LinuxFunctionApp + listKind: LinuxFunctionAppList + plural: linuxfunctionapps + singular: linuxfunctionapp + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: LinuxFunctionApp is the Schema for the LinuxFunctionApps API. + Manages a Linux Function App. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: LinuxFunctionAppSpec defines the desired state of LinuxFunctionApp + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + appSettings: + additionalProperties: + type: string + description: |- + A map of key-value pairs for App Settings and custom values. + A map of key-value pairs for [App Settings](https://docs.microsoft.com/en-us/azure/azure-functions/functions-app-settings) and custom values. + type: object + x-kubernetes-map-type: granular + authSettings: + description: A auth_settings block as defined below. + items: + properties: + activeDirectory: + description: An active_directory block as defined above. + items: + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Active Directory. + type: string + clientSecretSecretRef: + description: |- + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret_setting_name. + The Client Secret for the Client ID. Cannot be used with `client_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The App Setting name that contains the client secret of the Client. Cannot be used with `client_secret`. + type: string + type: object + type: array + additionalLoginParameters: + additionalProperties: + type: string + description: |- + Specifies a map of login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. + Specifies a map of Login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. + type: object + x-kubernetes-map-type: granular + allowedExternalRedirectUrls: + description: |- + Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Linux Web App. + Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Windows Web App. + items: + type: string + type: array + defaultProvider: + description: |- + The default authentication provider to use when multiple providers are configured. Possible values include: AzureActiveDirectory, Facebook, Google, MicrosoftAccount, Twitter, Github + The default authentication provider to use when multiple providers are configured. Possible values include: `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount`, `Twitter`, `Github`. + type: string + enabled: + description: |- + Should the Authentication / Authorization feature be enabled for the Linux Web App? + Should the Authentication / Authorization feature be enabled? + type: boolean + facebook: + description: A facebook block as defined below. + items: + properties: + appId: + description: |- + The App ID of the Facebook app used for login. + The App ID of the Facebook app used for login. + type: string + appSecretSecretRef: + description: |- + The App Secret of the Facebook app used for Facebook login. Cannot be specified with app_secret_setting_name. + The App Secret of the Facebook app used for Facebook Login. Cannot be specified with `app_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + appSecretSettingName: + description: |- + The app setting name that contains the app_secret value used for Facebook Login. + The app setting name that contains the `app_secret` value used for Facebook Login. Cannot be specified with `app_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes to be requested as part of Facebook Login authentication. + items: + type: string + type: array + type: object + type: array + github: + description: A github block as defined below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the GitHub app used for login. + type: string + clientSecretSecretRef: + description: |- + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret_setting_name. + The Client Secret of the GitHub app used for GitHub Login. Cannot be specified with `client_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for GitHub Login. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub Login authentication. + items: + type: string + type: array + type: object + type: array + google: + description: A google block as defined below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Google web application. + type: string + clientSecretSecretRef: + description: |- + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret_setting_name. + The client secret associated with the Google web application. Cannot be specified with `client_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Google Login. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. If not specified, "openid", "profile", and "email" are used as default scopes. + items: + type: string + type: array + type: object + type: array + issuer: + description: |- + The OpenID Connect Issuer URI that represents the entity which issues access tokens for this Linux Web App. + The OpenID Connect Issuer URI that represents the entity which issues access tokens. + type: string + microsoft: + description: A microsoft block as defined below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OAuth 2.0 client ID that was created for the app used for authentication. + type: string + clientSecretSecretRef: + description: |- + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret_setting_name. + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `client_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + The list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, `wl.basic` is used as the default scope. + items: + type: string + type: array + type: object + type: array + runtimeVersion: + description: |- + The RuntimeVersion of the Authentication / Authorization feature in use for the Linux Web App. + The RuntimeVersion of the Authentication / Authorization feature in use. + type: string + tokenRefreshExtensionHours: + description: |- + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to 72 hours. + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. + type: number + tokenStoreEnabled: + description: |- + Should the Linux Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to false. + Should the Windows Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to `false`. + type: boolean + twitter: + description: A twitter block as defined below. + items: + properties: + consumerKey: + description: |- + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + type: string + consumerSecretSecretRef: + description: |- + The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with consumer_secret_setting_name. + The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumer_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + consumerSecretSettingName: + description: |- + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumer_secret`. + type: string + type: object + type: array + unauthenticatedClientAction: + description: |- + The action to take when an unauthenticated client attempts to access the app. Possible values include: RedirectToLoginPage, AllowAnonymous. + The action to take when an unauthenticated client attempts to access the app. Possible values include: `RedirectToLoginPage`, `AllowAnonymous`. + type: string + type: object + type: array + authSettingsV2: + description: An auth_settings_v2 block as defined below. + items: + properties: + activeDirectoryV2: + description: An active_directory_v2 block as defined below. + items: + properties: + allowedApplications: + description: |- + The list of allowed Applications for the Default Authorisation Policy. + The list of allowed Applications for the Default Authorisation Policy. + items: + type: string + type: array + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. + items: + type: string + type: array + allowedGroups: + description: |- + The list of allowed Group Names for the Default Authorisation Policy. + The list of allowed Group Names for the Default Authorisation Policy. + items: + type: string + type: array + allowedIdentities: + description: |- + The list of allowed Identities for the Default Authorisation Policy. + The list of allowed Identities for the Default Authorisation Policy. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Active Directory. + type: string + clientSecretCertificateThumbprint: + description: |- + The thumbprint of the certificate used for signing purposes. + The thumbprint of the certificate used for signing purposes. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The App Setting name that contains the client secret of the Client. + type: string + jwtAllowedClientApplications: + description: |- + A list of Allowed Client Applications in the JWT Claim. + A list of Allowed Client Applications in the JWT Claim. + items: + type: string + type: array + jwtAllowedGroups: + description: |- + A list of Allowed Groups in the JWT Claim. + A list of Allowed Groups in the JWT Claim. + items: + type: string + type: array + loginParameters: + additionalProperties: + type: string + description: |- + A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. + A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. + type: object + x-kubernetes-map-type: granular + tenantAuthEndpoint: + description: |- + The Azure Tenant Endpoint for the Authenticating Tenant. e.g. https://login.microsoftonline.com/v2.0/{tenant-guid}/ + The Azure Tenant Endpoint for the Authenticating Tenant. e.g. `https://login.microsoftonline.com/v2.0/{tenant-guid}/`. + type: string + wwwAuthenticationDisabled: + description: |- + Should the www-authenticate provider should be omitted from the request? Defaults to false. + Should the www-authenticate provider should be omitted from the request? Defaults to `false` + type: boolean + type: object + type: array + appleV2: + description: An apple_v2 block as defined below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Apple web application. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Apple Login. + type: string + type: object + type: array + authEnabled: + description: |- + Should the AuthV2 Settings be enabled. Defaults to false. + Should the AuthV2 Settings be enabled. Defaults to `false` + type: boolean + azureStaticWebAppV2: + description: An azure_static_web_app_v2 block as defined + below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Static Web App Authentication. + type: string + type: object + type: array + configFilePath: + description: |- + The path to the App Auth settings. + The path to the App Auth settings. **Note:** Relative Paths are evaluated from the Site Root directory. + type: string + customOidcV2: + description: Zero or more custom_oidc_v2 blocks as defined + below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with this Custom OIDC. + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name of the Custom OIDC Authentication Provider. + type: string + nameClaimType: + description: |- + The name of the claim that contains the users name. + The name of the claim that contains the users name. + type: string + openidConfigurationEndpoint: + description: |- + The app setting name that contains the client_secret value used for the Custom OIDC Login. + The endpoint that contains all the configuration endpoints for this Custom OIDC provider. + type: string + scopes: + description: |- + The list of the scopes that should be requested while authenticating. + The list of the scopes that should be requested while authenticating. + items: + type: string + type: array + type: object + type: array + defaultProvider: + description: |- + The Default Authentication Provider to use when the unauthenticated_action is set to RedirectToLoginPage. Possible values include: apple, azureactivedirectory, facebook, github, google, twitter and the name of your custom_oidc_v2 provider. + The Default Authentication Provider to use when the `unauthenticated_action` is set to `RedirectToLoginPage`. Possible values include: `apple`, `azureactivedirectory`, `facebook`, `github`, `google`, `twitter` and the `name` of your `custom_oidc_v2` provider. + type: string + excludedPaths: + description: |- + The paths which should be excluded from the unauthenticated_action when it is set to RedirectToLoginPage. + The paths which should be excluded from the `unauthenticated_action` when it is set to `RedirectToLoginPage`. + items: + type: string + type: array + facebookV2: + description: A facebook_v2 block as defined below. + items: + properties: + appId: + description: |- + The App ID of the Facebook app used for login. + The App ID of the Facebook app used for login. + type: string + appSecretSettingName: + description: |- + The app setting name that contains the app_secret value used for Facebook Login. + The app setting name that contains the `app_secret` value used for Facebook Login. + type: string + graphApiVersion: + description: |- + The version of the Facebook API to be used while logging in. + The version of the Facebook API to be used while logging in. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of scopes to be requested as part of Facebook Login authentication. + items: + type: string + type: array + type: object + type: array + forwardProxyConvention: + description: |- + The convention used to determine the url of the request made. Possible values include NoProxy, Standard, Custom. Defaults to NoProxy. + The convention used to determine the url of the request made. Possible values include `ForwardProxyConventionNoProxy`, `ForwardProxyConventionStandard`, `ForwardProxyConventionCustom`. Defaults to `ForwardProxyConventionNoProxy` + type: string + forwardProxyCustomHostHeaderName: + description: |- + The name of the custom header containing the host of the request. + The name of the header containing the host of the request. + type: string + forwardProxyCustomSchemeHeaderName: + description: |- + The name of the custom header containing the scheme of the request. + The name of the header containing the scheme of the request. + type: string + githubV2: + description: A github_v2 block as defined below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the GitHub app used for login. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for GitHub Login. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub Login authentication. + items: + type: string + type: array + type: object + type: array + googleV2: + description: A google_v2 block as defined below. + items: + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed Audiences that will be requested as part of Google Sign-In authentication. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Google web application. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Google Login. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of Login scopes that will be requested as part of Google Sign-In authentication. + items: + type: string + type: array + type: object + type: array + httpRouteApiPrefix: + description: |- + The prefix that should precede all the authentication and authorisation paths. Defaults to /.auth. + The prefix that should precede all the authentication and authorisation paths. Defaults to `/.auth` + type: string + login: + description: A login block as defined below. + items: + properties: + allowedExternalRedirectUrls: + description: |- + External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. + External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. **Note:** URLs within the current domain are always implicitly allowed. + items: + type: string + type: array + cookieExpirationConvention: + description: |- + The method by which cookies expire. Possible values include: FixedTime, and IdentityProviderDerived. Defaults to FixedTime. + The method by which cookies expire. Possible values include: `FixedTime`, and `IdentityProviderDerived`. Defaults to `FixedTime`. + type: string + cookieExpirationTime: + description: |- + The time after the request is made when the session cookie should expire. Defaults to 08:00:00. + The time after the request is made when the session cookie should expire. Defaults to `08:00:00`. + type: string + logoutEndpoint: + description: |- + The endpoint to which logout requests should be made. + The endpoint to which logout requests should be made. + type: string + nonceExpirationTime: + description: |- + The time after the request is made when the nonce should expire. Defaults to 00:05:00. + The time after the request is made when the nonce should expire. Defaults to `00:05:00`. + type: string + preserveUrlFragmentsForLogins: + description: |- + Should the fragments from the request be preserved after the login request is made. Defaults to false. + Should the fragments from the request be preserved after the login request is made. Defaults to `false`. + type: boolean + tokenRefreshExtensionTime: + description: |- + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to 72 hours. + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. + type: number + tokenStoreEnabled: + description: |- + Should the Token Store configuration Enabled. Defaults to false + Should the Token Store configuration Enabled. Defaults to `false` + type: boolean + tokenStorePath: + description: |- + The directory path in the App Filesystem in which the tokens will be stored. + The directory path in the App Filesystem in which the tokens will be stored. + type: string + tokenStoreSasSettingName: + description: |- + The name of the app setting which contains the SAS URL of the blob storage containing the tokens. + The name of the app setting which contains the SAS URL of the blob storage containing the tokens. + type: string + validateNonce: + description: |- + Should the nonce be validated while completing the login flow. Defaults to true. + Should the nonce be validated while completing the login flow. Defaults to `true`. + type: boolean + type: object + type: array + microsoftV2: + description: A microsoft_v2 block as defined below. + items: + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OAuth 2.0 client ID that was created for the app used for authentication. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + The list of Login scopes that will be requested as part of Microsoft Account authentication. + items: + type: string + type: array + type: object + type: array + requireAuthentication: + description: |- + Should the authentication flow be used for all requests. + Should the authentication flow be used for all requests. + type: boolean + requireHttps: + description: |- + Should HTTPS be required on connections? Defaults to true. + Should HTTPS be required on connections? Defaults to true. + type: boolean + runtimeVersion: + description: |- + The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to ~1. + The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to `~1` + type: string + twitterV2: + description: A twitter_v2 block as defined below. + items: + properties: + consumerKey: + description: |- + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + type: string + consumerSecretSettingName: + description: |- + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + type: string + type: object + type: array + unauthenticatedAction: + description: |- + The action to take for requests made without authentication. Possible values include RedirectToLoginPage, AllowAnonymous, Return401, and Return403. Defaults to RedirectToLoginPage. + The action to take for requests made without authentication. Possible values include `RedirectToLoginPage`, `AllowAnonymous`, `Return401`, and `Return403`. Defaults to `RedirectToLoginPage`. + type: string + type: object + type: array + backup: + description: A backup block as defined below. + items: + properties: + enabled: + description: |- + Should this backup job be enabled? Defaults to true. + Should this backup job be enabled? + type: boolean + name: + description: |- + The name which should be used for this Backup. + The name which should be used for this Backup. + type: string + schedule: + description: A schedule block as defined below. + items: + properties: + frequencyInterval: + description: |- + How often the backup should be executed (e.g. for weekly backup, this should be set to 7 and frequency_unit should be set to Day). + How often the backup should be executed (e.g. for weekly backup, this should be set to `7` and `frequency_unit` should be set to `Day`). + type: number + frequencyUnit: + description: |- + The unit of time for how often the backup should take place. Possible values include: Day and Hour. + The unit of time for how often the backup should take place. Possible values include: `Day` and `Hour`. + type: string + keepAtLeastOneBackup: + description: |- + Should the service keep at least one backup, regardless of age of backup. Defaults to false. + Should the service keep at least one backup, regardless of age of backup. Defaults to `false`. + type: boolean + retentionPeriodDays: + description: |- + After how many days backups should be deleted. Defaults to 30. + After how many days backups should be deleted. + type: number + startTime: + description: |- + When the schedule should start working in RFC-3339 format. + When the schedule should start working in RFC-3339 format. + type: string + type: object + type: array + storageAccountUrlSecretRef: + description: |- + The SAS URL to the container. + The SAS URL to the container. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + required: + - storageAccountUrlSecretRef + type: object + type: array + builtinLoggingEnabled: + description: |- + Should built in logging be enabled. Configures AzureWebJobsDashboard app setting based on the configured storage setting. Defaults to true. + Should built in logging be enabled. Configures `AzureWebJobsDashboard` app setting based on the configured storage setting + type: boolean + clientCertificateEnabled: + description: |- + Should the function app use Client Certificates. + Should the function app use Client Certificates + type: boolean + clientCertificateExclusionPaths: + description: |- + Paths to exclude when using client certificates, separated by ; + Paths to exclude when using client certificates, separated by ; + type: string + clientCertificateMode: + description: |- + The mode of the Function App's client certificates requirement for incoming requests. Possible values are Required, Optional, and OptionalInteractiveUser. Defaults to Optional. + The mode of the Function App's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser` + type: string + connectionString: + description: One or more connection_string blocks as defined below. + items: + properties: + name: + description: |- + The name which should be used for this Connection. + The name which should be used for this Connection. + type: string + type: + description: |- + Type of database. Possible values include: MySQL, SQLServer, SQLAzure, Custom, NotificationHub, ServiceBus, EventHub, APIHub, DocDb, RedisCache, and PostgreSQL. + Type of database. Possible values include: `MySQL`, `SQLServer`, `SQLAzure`, `Custom`, `NotificationHub`, `ServiceBus`, `EventHub`, `APIHub`, `DocDb`, `RedisCache`, and `PostgreSQL`. + type: string + valueSecretRef: + description: |- + The connection string value. + The connection string value. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + required: + - valueSecretRef + type: object + type: array + contentShareForceDisabled: + description: |- + Should the settings for linking the Function App to storage be suppressed. + Force disable the content share settings. + type: boolean + dailyMemoryTimeQuota: + description: |- + The amount of memory in gigabyte-seconds that your application is allowed to consume per day. Setting this value only affects function apps under the consumption plan. Defaults to 0. + The amount of memory in gigabyte-seconds that your application is allowed to consume per day. Setting this value only affects function apps in Consumption Plans. + type: number + enabled: + description: |- + Is the Function App enabled? Defaults to true. + Is the Linux Function App enabled. + type: boolean + ftpPublishBasicAuthenticationEnabled: + description: Should the default FTP Basic Authentication publishing + profile be enabled. Defaults to true. + type: boolean + functionsExtensionVersion: + description: |- + The runtime version associated with the Function App. Defaults to ~4. + The runtime version associated with the Function App. + type: string + httpsOnly: + description: |- + Can the Function App only be accessed via HTTPS? Defaults to false. + Can the Function App only be accessed via HTTPS? + type: boolean + identity: + description: A identity block as defined below. + items: + properties: + identityIds: + description: A list of User Assigned Managed Identity IDs + to be assigned to this Linux Function App. + items: + type: string + type: array + x-kubernetes-list-type: set + type: + description: Specifies the type of Managed Service Identity + that should be configured on this Linux Function App. + Possible values are SystemAssigned, UserAssigned, SystemAssigned, + UserAssigned (to enable both). + type: string + type: object + type: array + keyVaultReferenceIdentityId: + description: |- + The User Assigned Identity ID used for accessing KeyVault secrets. The identity must be assigned to the application in the identity block. For more information see - Access vaults with a user-assigned identity + The User Assigned Identity to use for Key Vault access. + type: string + location: + description: The Azure Region where the Linux Function App should + exist. Changing this forces a new Linux Function App to be created. + type: string + name: + description: |- + The name which should be used for this Linux Function App. Changing this forces a new Linux Function App to be created. Limit the function name to 32 characters to avoid naming collisions. For more information about Function App naming rule and Host ID Collisions + Specifies the name of the Function App. + type: string + publicNetworkAccessEnabled: + description: Should public network access be enabled for the Function + App. Defaults to true. + type: boolean + resourceGroupName: + description: The name of the Resource Group where the Linux Function + App should exist. Changing this forces a new Linux Function + App to be created. + type: string + resourceGroupNameRef: + description: Reference to a ResourceGroup in azure to populate + resourceGroupName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + resourceGroupNameSelector: + description: Selector for a ResourceGroup in azure to populate + resourceGroupName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + servicePlanId: + description: |- + The ID of the App Service Plan within which to create this Function App. + The ID of the App Service Plan within which to create this Function App + type: string + servicePlanIdRef: + description: Reference to a ServicePlan in web to populate servicePlanId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + servicePlanIdSelector: + description: Selector for a ServicePlan in web to populate servicePlanId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + siteConfig: + description: A site_config block as defined below. + items: + properties: + alwaysOn: + description: |- + If this Linux Web App is Always On enabled. Defaults to false. + If this Linux Web App is Always On enabled. Defaults to `false`. + type: boolean + apiDefinitionUrl: + description: |- + The URL of the API definition that describes this Linux Function App. + The URL of the API definition that describes this Linux Function App. + type: string + apiManagementApiId: + description: |- + The ID of the API Management API for this Linux Function App. + The ID of the API Management API for this Linux Function App. + type: string + appCommandLine: + description: |- + The App command line to launch. + The program and any arguments used to launch this app via the command line. (Example `node myapp.js`). + type: string + appScaleLimit: + description: |- + The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. + The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. + type: number + appServiceLogs: + description: An app_service_logs block as defined above. + items: + properties: + diskQuotaMb: + description: |- + The amount of disk space to use for logs. Valid values are between 25 and 100. Defaults to 35. + The amount of disk space to use for logs. Valid values are between `25` and `100`. + type: number + retentionPeriodDays: + description: |- + After how many days backups should be deleted. Defaults to 30. + The retention period for logs in days. Valid values are between `0` and `99999`. Defaults to `0` (never delete). + type: number + type: object + type: array + applicationInsightsConnectionStringSecretRef: + description: |- + The Connection String for linking the Linux Function App to Application Insights. + The Connection String for linking the Linux Function App to Application Insights. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + applicationInsightsKeySecretRef: + description: |- + The Instrumentation Key for connecting the Linux Function App to Application Insights. + The Instrumentation Key for connecting the Linux Function App to Application Insights. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + applicationStack: + description: An application_stack block as defined above. + items: + properties: + docker: + description: |- + One or more docker blocks as defined below. + A docker block + items: + properties: + imageName: + description: |- + The name of the Docker image to use. + The name of the Docker image to use. + type: string + imageTag: + description: |- + The image tag of the image to use. + The image tag of the image to use. + type: string + registryPasswordSecretRef: + description: |- + The password for the account to use to connect to the registry. + The password for the account to use to connect to the registry. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + registryUrl: + description: |- + The URL of the docker registry. + The URL of the docker registry. + type: string + registryUsernameSecretRef: + description: |- + The username to use for connections to the registry. + The username to use for connections to the registry. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + type: array + dotnetVersion: + description: |- + The version of .NET to use. Possible values include 3.1, 6.0, 7.0 and 8.0. + The version of .Net. Possible values are `3.1`, `6.0` and `7.0` + type: string + javaVersion: + description: |- + The Version of Java to use. Supported versions include 8, 11 & 17. + The version of Java to use. Possible values are `8`, `11`, and `17` + type: string + nodeVersion: + description: |- + The version of Node to run. Possible values include 12, 14, 16 and 18. + The version of Node to use. Possible values include `12`, `14`, `16` and `18` + type: string + powershellCoreVersion: + description: |- + The version of PowerShell Core to run. Possible values are 7, and 7.2. + The version of PowerShell Core to use. Possibles values are `7`, and `7.2` + type: string + pythonVersion: + description: |- + The version of Python to run. Possible values are 3.12, 3.11, 3.10, 3.9, 3.8 and 3.7. + The version of Python to use. Possible values include `3.12`, `3.11`, `3.10`, `3.9`, `3.8`, and `3.7`. + type: string + useCustomRuntime: + description: Should the Linux Function App use a custom + runtime? + type: boolean + useDotnetIsolatedRuntime: + description: |- + Should the DotNet process use an isolated runtime. Defaults to false. + Should the DotNet process use an isolated runtime. Defaults to `false`. + type: boolean + type: object + type: array + containerRegistryManagedIdentityClientId: + description: |- + The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. + The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. + type: string + containerRegistryUseManagedIdentity: + description: |- + Should connections for Azure Container Registry use Managed Identity. + Should connections for Azure Container Registry use Managed Identity. + type: boolean + cors: + description: A cors block as defined above. + items: + properties: + allowedOrigins: + description: |- + Specifies a list of origins that should be allowed to make cross-origin calls. + Specifies a list of origins that should be allowed to make cross-origin calls. + items: + type: string + type: array + x-kubernetes-list-type: set + supportCredentials: + description: |- + Are credentials allowed in CORS requests? Defaults to false. + Are credentials allowed in CORS requests? Defaults to `false`. + type: boolean + type: object + type: array + defaultDocuments: + description: |- + Specifies a list of Default Documents for the Linux Web App. + Specifies a list of Default Documents for the Linux Web App. + items: + type: string + type: array + elasticInstanceMinimum: + description: |- + The number of minimum instances for this Linux Function App. Only affects apps on Elastic Premium plans. + The number of minimum instances for this Linux Function App. Only affects apps on Elastic Premium plans. + type: number + ftpsState: + description: |- + State of FTP / FTPS service for this function app. Possible values include: AllAllowed, FtpsOnly and Disabled. Defaults to Disabled. + State of FTP / FTPS service for this function app. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. Defaults to `Disabled`. + type: string + healthCheckEvictionTimeInMin: + description: |- + The amount of time in minutes that a node can be unhealthy before being removed from the load balancer. Possible values are between 2 and 10. Only valid in conjunction with health_check_path. + The amount of time in minutes that a node is unhealthy before being removed from the load balancer. Possible values are between `2` and `10`. Defaults to `10`. Only valid in conjunction with `health_check_path` + type: number + healthCheckPath: + description: |- + The path to be checked for this function app health. + The path to be checked for this function app health. + type: string + http2Enabled: + description: |- + Specifies if the HTTP2 protocol should be enabled. Defaults to false. + Specifies if the http2 protocol should be enabled. Defaults to `false`. + type: boolean + ipRestriction: + description: One or more ip_restriction blocks as defined + above. + items: + properties: + action: + description: |- + The action to take. Possible values are Allow or Deny. Defaults to Allow. + The action to take. Possible values are `Allow` or `Deny`. + type: string + description: + description: |- + The Description of this IP Restriction. + The description of the IP restriction rule. + type: string + headers: + description: A headers block as defined above. + items: + properties: + xAzureFdid: + description: Specifies a list of Azure Front + Door IDs. + items: + type: string + type: array + xFdHealthProbe: + description: Specifies if a Front Door Health + Probe should be expected. The only possible + value is 1. + items: + type: string + type: array + xForwardedFor: + description: Specifies a list of addresses for + which matching should be applied. Omitting + this value means allow any. + items: + type: string + type: array + xForwardedHost: + description: Specifies a list of Hosts for which + matching should be applied. + items: + type: string + type: array + type: object + type: array + ipAddress: + description: |- + The CIDR notation of the IP or IP Range to match. For example: 10.0.0.0/24 or 192.168.10.1/32 + The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` or `fe80::/64` or `13.107.6.152/31,13.107.128.0/22` + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name which should be used for this `ip_restriction`. + type: string + priority: + description: |- + The priority value of this ip_restriction. Defaults to 65000. + The priority value of this `ip_restriction`. + type: number + serviceTag: + description: |- + The Service Tag used for this IP Restriction. + The Service Tag used for this IP Restriction. + type: string + virtualNetworkSubnetId: + description: |- + The subnet id which will be used by this Function App for regional virtual network integration. + The Virtual Network Subnet ID used for this IP Restriction. + type: string + virtualNetworkSubnetIdRef: + description: Reference to a Subnet in network to populate + virtualNetworkSubnetId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + virtualNetworkSubnetIdSelector: + description: Selector for a Subnet in network to populate + virtualNetworkSubnetId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with + matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + ipRestrictionDefaultAction: + description: The Default action for traffic that does not + match any ip_restriction rule. possible values include + Allow and Deny. Defaults to Allow. + type: string + loadBalancingMode: + description: |- + The Site load balancing mode. Possible values include: WeightedRoundRobin, LeastRequests, LeastResponseTime, WeightedTotalTraffic, RequestHash, PerSiteRoundRobin. Defaults to LeastRequests if omitted. + The Site load balancing mode. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. + type: string + managedPipelineMode: + description: |- + Managed pipeline mode. Possible values include: Integrated, Classic. Defaults to Integrated. + The Managed Pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. + type: string + minimumTlsVersion: + description: |- + The configures the minimum version of TLS required for SSL requests. Possible values include: 1.0, 1.1, and 1.2. Defaults to 1.2. + The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. + type: string + preWarmedInstanceCount: + description: |- + The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan. + The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan. + type: number + remoteDebuggingEnabled: + description: |- + Should Remote Debugging be enabled. Defaults to false. + Should Remote Debugging be enabled. Defaults to `false`. + type: boolean + remoteDebuggingVersion: + description: |- + The Remote Debugging Version. Possible values include VS2017, VS2019, and VS2022. + The Remote Debugging Version. Possible values include `VS2017`, `VS2019`, and `VS2022“ + type: string + runtimeScaleMonitoringEnabled: + description: |- + Should Scale Monitoring of the Functions Runtime be enabled? + Should Functions Runtime Scale Monitoring be enabled. + type: boolean + scmIpRestriction: + description: One or more scm_ip_restriction blocks as defined + above. + items: + properties: + action: + description: |- + The action to take. Possible values are Allow or Deny. Defaults to Allow. + The action to take. Possible values are `Allow` or `Deny`. + type: string + description: + description: |- + The Description of this IP Restriction. + The description of the IP restriction rule. + type: string + headers: + description: A headers block as defined above. + items: + properties: + xAzureFdid: + description: Specifies a list of Azure Front + Door IDs. + items: + type: string + type: array + xFdHealthProbe: + description: Specifies if a Front Door Health + Probe should be expected. The only possible + value is 1. + items: + type: string + type: array + xForwardedFor: + description: Specifies a list of addresses for + which matching should be applied. Omitting + this value means allow any. + items: + type: string + type: array + xForwardedHost: + description: Specifies a list of Hosts for which + matching should be applied. + items: + type: string + type: array + type: object + type: array + ipAddress: + description: |- + The CIDR notation of the IP or IP Range to match. For example: 10.0.0.0/24 or 192.168.10.1/32 + The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` or `fe80::/64` or `13.107.6.152/31,13.107.128.0/22` + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name which should be used for this `ip_restriction`. + type: string + priority: + description: |- + The priority value of this ip_restriction. Defaults to 65000. + The priority value of this `ip_restriction`. + type: number + serviceTag: + description: |- + The Service Tag used for this IP Restriction. + The Service Tag used for this IP Restriction. + type: string + virtualNetworkSubnetId: + description: |- + The subnet id which will be used by this Function App for regional virtual network integration. + The Virtual Network Subnet ID used for this IP Restriction. + type: string + virtualNetworkSubnetIdRef: + description: Reference to a Subnet in network to populate + virtualNetworkSubnetId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + virtualNetworkSubnetIdSelector: + description: Selector for a Subnet in network to populate + virtualNetworkSubnetId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with + matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + scmIpRestrictionDefaultAction: + description: The Default action for traffic that does not + match any scm_ip_restriction rule. possible values include + Allow and Deny. Defaults to Allow. + type: string + scmMinimumTlsVersion: + description: |- + Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: 1.0, 1.1, and 1.2. Defaults to 1.2. + Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. + type: string + scmUseMainIpRestriction: + description: |- + Should the Linux Function App ip_restriction configuration be used for the SCM also. + Should the Linux Function App `ip_restriction` configuration be used for the SCM also. + type: boolean + use32BitWorker: + description: |- + Should the Linux Web App use a 32-bit worker process. Defaults to false. + Should the Linux Web App use a 32-bit worker. + type: boolean + vnetRouteAllEnabled: + description: |- + Should all outbound traffic to have NAT Gateways, Network Security Groups and User Defined Routes applied? Defaults to false. + Should all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied? Defaults to `false`. + type: boolean + websocketsEnabled: + description: |- + Should Web Sockets be enabled. Defaults to false. + Should Web Sockets be enabled. Defaults to `false`. + type: boolean + workerCount: + description: |- + The number of Workers for this Linux Function App. + The number of Workers for this Linux Function App. + type: number + type: object + type: array + stickySettings: + description: A sticky_settings block as defined below. + items: + properties: + appSettingNames: + description: A list of app_setting names that the Linux + Function App will not swap between Slots when a swap operation + is triggered. + items: + type: string + type: array + connectionStringNames: + description: A list of connection_string names that the + Linux Function App will not swap between Slots when a + swap operation is triggered. + items: + type: string + type: array + type: object + type: array + storageAccount: + description: One or more storage_account blocks as defined below. + items: + properties: + accessKeySecretRef: + description: The Access key for the storage account. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + accountName: + description: The Name of the Storage Account. + type: string + mountPath: + description: The path at which to mount the storage share. + type: string + name: + description: The name which should be used for this Storage + Account. + type: string + shareName: + description: The Name of the File Share or Container Name + for Blob storage. + type: string + type: + description: The Azure Storage Type. Possible values include + AzureFiles and AzureBlob. + type: string + required: + - accessKeySecretRef + type: object + type: array + storageAccountAccessKeySecretRef: + description: |- + The access key which will be used to access the backend storage account for the Function App. Conflicts with storage_uses_managed_identity. + The access key which will be used to access the storage account for the Function App. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + storageAccountName: + description: |- + The backend storage account name which will be used by this Function App. + The backend storage account name which will be used by this Function App. + type: string + storageAccountNameRef: + description: Reference to a Account in storage to populate storageAccountName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + storageAccountNameSelector: + description: Selector for a Account in storage to populate storageAccountName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + storageKeyVaultSecretId: + description: |- + The Key Vault Secret ID, optionally including version, that contains the Connection String to connect to the storage account for this Function App. + The Key Vault Secret ID, including version, that contains the Connection String to connect to the storage account for this Function App. + type: string + storageUsesManagedIdentity: + description: |- + Should the Function App use Managed Identity to access the storage account. Conflicts with storage_account_access_key. + Should the Function App use its Managed Identity to access storage? + type: boolean + tags: + additionalProperties: + type: string + description: A mapping of tags which should be assigned to the + Linux Function App. + type: object + x-kubernetes-map-type: granular + virtualNetworkSubnetId: + description: The subnet id which will be used by this Function + App for regional virtual network integration. + type: string + virtualNetworkSubnetIdRef: + description: Reference to a Subnet in network to populate virtualNetworkSubnetId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + virtualNetworkSubnetIdSelector: + description: Selector for a Subnet in network to populate virtualNetworkSubnetId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + webdeployPublishBasicAuthenticationEnabled: + description: Should the default WebDeploy Basic Authentication + publishing credentials enabled. Defaults to true. + type: boolean + zipDeployFile: + description: |- + The local path and filename of the Zip packaged application to deploy to this Linux Function App. + The local path and filename of the Zip packaged application to deploy to this Linux Function App. **Note:** Using this value requires either `WEBSITE_RUN_FROM_PACKAGE=1` or `SCM_DO_BUILD_DURING_DEPLOYMENT=true` to be set on the App in `app_settings`. + type: string + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + appSettings: + additionalProperties: + type: string + description: |- + A map of key-value pairs for App Settings and custom values. + A map of key-value pairs for [App Settings](https://docs.microsoft.com/en-us/azure/azure-functions/functions-app-settings) and custom values. + type: object + x-kubernetes-map-type: granular + authSettings: + description: A auth_settings block as defined below. + items: + properties: + activeDirectory: + description: An active_directory block as defined above. + items: + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Active Directory. + type: string + clientSecretSecretRef: + description: |- + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret_setting_name. + The Client Secret for the Client ID. Cannot be used with `client_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The App Setting name that contains the client secret of the Client. Cannot be used with `client_secret`. + type: string + type: object + type: array + additionalLoginParameters: + additionalProperties: + type: string + description: |- + Specifies a map of login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. + Specifies a map of Login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. + type: object + x-kubernetes-map-type: granular + allowedExternalRedirectUrls: + description: |- + Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Linux Web App. + Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Windows Web App. + items: + type: string + type: array + defaultProvider: + description: |- + The default authentication provider to use when multiple providers are configured. Possible values include: AzureActiveDirectory, Facebook, Google, MicrosoftAccount, Twitter, Github + The default authentication provider to use when multiple providers are configured. Possible values include: `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount`, `Twitter`, `Github`. + type: string + enabled: + description: |- + Should the Authentication / Authorization feature be enabled for the Linux Web App? + Should the Authentication / Authorization feature be enabled? + type: boolean + facebook: + description: A facebook block as defined below. + items: + properties: + appId: + description: |- + The App ID of the Facebook app used for login. + The App ID of the Facebook app used for login. + type: string + appSecretSecretRef: + description: |- + The App Secret of the Facebook app used for Facebook login. Cannot be specified with app_secret_setting_name. + The App Secret of the Facebook app used for Facebook Login. Cannot be specified with `app_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + appSecretSettingName: + description: |- + The app setting name that contains the app_secret value used for Facebook Login. + The app setting name that contains the `app_secret` value used for Facebook Login. Cannot be specified with `app_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes to be requested as part of Facebook Login authentication. + items: + type: string + type: array + type: object + type: array + github: + description: A github block as defined below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the GitHub app used for login. + type: string + clientSecretSecretRef: + description: |- + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret_setting_name. + The Client Secret of the GitHub app used for GitHub Login. Cannot be specified with `client_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for GitHub Login. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub Login authentication. + items: + type: string + type: array + type: object + type: array + google: + description: A google block as defined below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Google web application. + type: string + clientSecretSecretRef: + description: |- + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret_setting_name. + The client secret associated with the Google web application. Cannot be specified with `client_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Google Login. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. If not specified, "openid", "profile", and "email" are used as default scopes. + items: + type: string + type: array + type: object + type: array + issuer: + description: |- + The OpenID Connect Issuer URI that represents the entity which issues access tokens for this Linux Web App. + The OpenID Connect Issuer URI that represents the entity which issues access tokens. + type: string + microsoft: + description: A microsoft block as defined below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OAuth 2.0 client ID that was created for the app used for authentication. + type: string + clientSecretSecretRef: + description: |- + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret_setting_name. + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `client_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + The list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, `wl.basic` is used as the default scope. + items: + type: string + type: array + type: object + type: array + runtimeVersion: + description: |- + The RuntimeVersion of the Authentication / Authorization feature in use for the Linux Web App. + The RuntimeVersion of the Authentication / Authorization feature in use. + type: string + tokenRefreshExtensionHours: + description: |- + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to 72 hours. + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. + type: number + tokenStoreEnabled: + description: |- + Should the Linux Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to false. + Should the Windows Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to `false`. + type: boolean + twitter: + description: A twitter block as defined below. + items: + properties: + consumerKey: + description: |- + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + type: string + consumerSecretSecretRef: + description: |- + The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with consumer_secret_setting_name. + The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumer_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + consumerSecretSettingName: + description: |- + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumer_secret`. + type: string + type: object + type: array + unauthenticatedClientAction: + description: |- + The action to take when an unauthenticated client attempts to access the app. Possible values include: RedirectToLoginPage, AllowAnonymous. + The action to take when an unauthenticated client attempts to access the app. Possible values include: `RedirectToLoginPage`, `AllowAnonymous`. + type: string + type: object + type: array + authSettingsV2: + description: An auth_settings_v2 block as defined below. + items: + properties: + activeDirectoryV2: + description: An active_directory_v2 block as defined below. + items: + properties: + allowedApplications: + description: |- + The list of allowed Applications for the Default Authorisation Policy. + The list of allowed Applications for the Default Authorisation Policy. + items: + type: string + type: array + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. + items: + type: string + type: array + allowedGroups: + description: |- + The list of allowed Group Names for the Default Authorisation Policy. + The list of allowed Group Names for the Default Authorisation Policy. + items: + type: string + type: array + allowedIdentities: + description: |- + The list of allowed Identities for the Default Authorisation Policy. + The list of allowed Identities for the Default Authorisation Policy. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Active Directory. + type: string + clientSecretCertificateThumbprint: + description: |- + The thumbprint of the certificate used for signing purposes. + The thumbprint of the certificate used for signing purposes. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The App Setting name that contains the client secret of the Client. + type: string + jwtAllowedClientApplications: + description: |- + A list of Allowed Client Applications in the JWT Claim. + A list of Allowed Client Applications in the JWT Claim. + items: + type: string + type: array + jwtAllowedGroups: + description: |- + A list of Allowed Groups in the JWT Claim. + A list of Allowed Groups in the JWT Claim. + items: + type: string + type: array + loginParameters: + additionalProperties: + type: string + description: |- + A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. + A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. + type: object + x-kubernetes-map-type: granular + tenantAuthEndpoint: + description: |- + The Azure Tenant Endpoint for the Authenticating Tenant. e.g. https://login.microsoftonline.com/v2.0/{tenant-guid}/ + The Azure Tenant Endpoint for the Authenticating Tenant. e.g. `https://login.microsoftonline.com/v2.0/{tenant-guid}/`. + type: string + wwwAuthenticationDisabled: + description: |- + Should the www-authenticate provider should be omitted from the request? Defaults to false. + Should the www-authenticate provider should be omitted from the request? Defaults to `false` + type: boolean + type: object + type: array + appleV2: + description: An apple_v2 block as defined below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Apple web application. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Apple Login. + type: string + type: object + type: array + authEnabled: + description: |- + Should the AuthV2 Settings be enabled. Defaults to false. + Should the AuthV2 Settings be enabled. Defaults to `false` + type: boolean + azureStaticWebAppV2: + description: An azure_static_web_app_v2 block as defined + below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Static Web App Authentication. + type: string + type: object + type: array + configFilePath: + description: |- + The path to the App Auth settings. + The path to the App Auth settings. **Note:** Relative Paths are evaluated from the Site Root directory. + type: string + customOidcV2: + description: Zero or more custom_oidc_v2 blocks as defined + below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with this Custom OIDC. + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name of the Custom OIDC Authentication Provider. + type: string + nameClaimType: + description: |- + The name of the claim that contains the users name. + The name of the claim that contains the users name. + type: string + openidConfigurationEndpoint: + description: |- + The app setting name that contains the client_secret value used for the Custom OIDC Login. + The endpoint that contains all the configuration endpoints for this Custom OIDC provider. + type: string + scopes: + description: |- + The list of the scopes that should be requested while authenticating. + The list of the scopes that should be requested while authenticating. + items: + type: string + type: array + type: object + type: array + defaultProvider: + description: |- + The Default Authentication Provider to use when the unauthenticated_action is set to RedirectToLoginPage. Possible values include: apple, azureactivedirectory, facebook, github, google, twitter and the name of your custom_oidc_v2 provider. + The Default Authentication Provider to use when the `unauthenticated_action` is set to `RedirectToLoginPage`. Possible values include: `apple`, `azureactivedirectory`, `facebook`, `github`, `google`, `twitter` and the `name` of your `custom_oidc_v2` provider. + type: string + excludedPaths: + description: |- + The paths which should be excluded from the unauthenticated_action when it is set to RedirectToLoginPage. + The paths which should be excluded from the `unauthenticated_action` when it is set to `RedirectToLoginPage`. + items: + type: string + type: array + facebookV2: + description: A facebook_v2 block as defined below. + items: + properties: + appId: + description: |- + The App ID of the Facebook app used for login. + The App ID of the Facebook app used for login. + type: string + appSecretSettingName: + description: |- + The app setting name that contains the app_secret value used for Facebook Login. + The app setting name that contains the `app_secret` value used for Facebook Login. + type: string + graphApiVersion: + description: |- + The version of the Facebook API to be used while logging in. + The version of the Facebook API to be used while logging in. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of scopes to be requested as part of Facebook Login authentication. + items: + type: string + type: array + type: object + type: array + forwardProxyConvention: + description: |- + The convention used to determine the url of the request made. Possible values include NoProxy, Standard, Custom. Defaults to NoProxy. + The convention used to determine the url of the request made. Possible values include `ForwardProxyConventionNoProxy`, `ForwardProxyConventionStandard`, `ForwardProxyConventionCustom`. Defaults to `ForwardProxyConventionNoProxy` + type: string + forwardProxyCustomHostHeaderName: + description: |- + The name of the custom header containing the host of the request. + The name of the header containing the host of the request. + type: string + forwardProxyCustomSchemeHeaderName: + description: |- + The name of the custom header containing the scheme of the request. + The name of the header containing the scheme of the request. + type: string + githubV2: + description: A github_v2 block as defined below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the GitHub app used for login. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for GitHub Login. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub Login authentication. + items: + type: string + type: array + type: object + type: array + googleV2: + description: A google_v2 block as defined below. + items: + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed Audiences that will be requested as part of Google Sign-In authentication. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Google web application. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Google Login. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of Login scopes that will be requested as part of Google Sign-In authentication. + items: + type: string + type: array + type: object + type: array + httpRouteApiPrefix: + description: |- + The prefix that should precede all the authentication and authorisation paths. Defaults to /.auth. + The prefix that should precede all the authentication and authorisation paths. Defaults to `/.auth` + type: string + login: + description: A login block as defined below. + items: + properties: + allowedExternalRedirectUrls: + description: |- + External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. + External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. **Note:** URLs within the current domain are always implicitly allowed. + items: + type: string + type: array + cookieExpirationConvention: + description: |- + The method by which cookies expire. Possible values include: FixedTime, and IdentityProviderDerived. Defaults to FixedTime. + The method by which cookies expire. Possible values include: `FixedTime`, and `IdentityProviderDerived`. Defaults to `FixedTime`. + type: string + cookieExpirationTime: + description: |- + The time after the request is made when the session cookie should expire. Defaults to 08:00:00. + The time after the request is made when the session cookie should expire. Defaults to `08:00:00`. + type: string + logoutEndpoint: + description: |- + The endpoint to which logout requests should be made. + The endpoint to which logout requests should be made. + type: string + nonceExpirationTime: + description: |- + The time after the request is made when the nonce should expire. Defaults to 00:05:00. + The time after the request is made when the nonce should expire. Defaults to `00:05:00`. + type: string + preserveUrlFragmentsForLogins: + description: |- + Should the fragments from the request be preserved after the login request is made. Defaults to false. + Should the fragments from the request be preserved after the login request is made. Defaults to `false`. + type: boolean + tokenRefreshExtensionTime: + description: |- + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to 72 hours. + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. + type: number + tokenStoreEnabled: + description: |- + Should the Token Store configuration Enabled. Defaults to false + Should the Token Store configuration Enabled. Defaults to `false` + type: boolean + tokenStorePath: + description: |- + The directory path in the App Filesystem in which the tokens will be stored. + The directory path in the App Filesystem in which the tokens will be stored. + type: string + tokenStoreSasSettingName: + description: |- + The name of the app setting which contains the SAS URL of the blob storage containing the tokens. + The name of the app setting which contains the SAS URL of the blob storage containing the tokens. + type: string + validateNonce: + description: |- + Should the nonce be validated while completing the login flow. Defaults to true. + Should the nonce be validated while completing the login flow. Defaults to `true`. + type: boolean + type: object + type: array + microsoftV2: + description: A microsoft_v2 block as defined below. + items: + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OAuth 2.0 client ID that was created for the app used for authentication. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + The list of Login scopes that will be requested as part of Microsoft Account authentication. + items: + type: string + type: array + type: object + type: array + requireAuthentication: + description: |- + Should the authentication flow be used for all requests. + Should the authentication flow be used for all requests. + type: boolean + requireHttps: + description: |- + Should HTTPS be required on connections? Defaults to true. + Should HTTPS be required on connections? Defaults to true. + type: boolean + runtimeVersion: + description: |- + The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to ~1. + The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to `~1` + type: string + twitterV2: + description: A twitter_v2 block as defined below. + items: + properties: + consumerKey: + description: |- + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + type: string + consumerSecretSettingName: + description: |- + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + type: string + type: object + type: array + unauthenticatedAction: + description: |- + The action to take for requests made without authentication. Possible values include RedirectToLoginPage, AllowAnonymous, Return401, and Return403. Defaults to RedirectToLoginPage. + The action to take for requests made without authentication. Possible values include `RedirectToLoginPage`, `AllowAnonymous`, `Return401`, and `Return403`. Defaults to `RedirectToLoginPage`. + type: string + type: object + type: array + backup: + description: A backup block as defined below. + items: + properties: + enabled: + description: |- + Should this backup job be enabled? Defaults to true. + Should this backup job be enabled? + type: boolean + name: + description: |- + The name which should be used for this Backup. + The name which should be used for this Backup. + type: string + schedule: + description: A schedule block as defined below. + items: + properties: + frequencyInterval: + description: |- + How often the backup should be executed (e.g. for weekly backup, this should be set to 7 and frequency_unit should be set to Day). + How often the backup should be executed (e.g. for weekly backup, this should be set to `7` and `frequency_unit` should be set to `Day`). + type: number + frequencyUnit: + description: |- + The unit of time for how often the backup should take place. Possible values include: Day and Hour. + The unit of time for how often the backup should take place. Possible values include: `Day` and `Hour`. + type: string + keepAtLeastOneBackup: + description: |- + Should the service keep at least one backup, regardless of age of backup. Defaults to false. + Should the service keep at least one backup, regardless of age of backup. Defaults to `false`. + type: boolean + retentionPeriodDays: + description: |- + After how many days backups should be deleted. Defaults to 30. + After how many days backups should be deleted. + type: number + startTime: + description: |- + When the schedule should start working in RFC-3339 format. + When the schedule should start working in RFC-3339 format. + type: string + type: object + type: array + type: object + type: array + builtinLoggingEnabled: + description: |- + Should built in logging be enabled. Configures AzureWebJobsDashboard app setting based on the configured storage setting. Defaults to true. + Should built in logging be enabled. Configures `AzureWebJobsDashboard` app setting based on the configured storage setting + type: boolean + clientCertificateEnabled: + description: |- + Should the function app use Client Certificates. + Should the function app use Client Certificates + type: boolean + clientCertificateExclusionPaths: + description: |- + Paths to exclude when using client certificates, separated by ; + Paths to exclude when using client certificates, separated by ; + type: string + clientCertificateMode: + description: |- + The mode of the Function App's client certificates requirement for incoming requests. Possible values are Required, Optional, and OptionalInteractiveUser. Defaults to Optional. + The mode of the Function App's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser` + type: string + connectionString: + description: One or more connection_string blocks as defined below. + items: + properties: + name: + description: |- + The name which should be used for this Connection. + The name which should be used for this Connection. + type: string + type: + description: |- + Type of database. Possible values include: MySQL, SQLServer, SQLAzure, Custom, NotificationHub, ServiceBus, EventHub, APIHub, DocDb, RedisCache, and PostgreSQL. + Type of database. Possible values include: `MySQL`, `SQLServer`, `SQLAzure`, `Custom`, `NotificationHub`, `ServiceBus`, `EventHub`, `APIHub`, `DocDb`, `RedisCache`, and `PostgreSQL`. + type: string + type: object + type: array + contentShareForceDisabled: + description: |- + Should the settings for linking the Function App to storage be suppressed. + Force disable the content share settings. + type: boolean + dailyMemoryTimeQuota: + description: |- + The amount of memory in gigabyte-seconds that your application is allowed to consume per day. Setting this value only affects function apps under the consumption plan. Defaults to 0. + The amount of memory in gigabyte-seconds that your application is allowed to consume per day. Setting this value only affects function apps in Consumption Plans. + type: number + enabled: + description: |- + Is the Function App enabled? Defaults to true. + Is the Linux Function App enabled. + type: boolean + ftpPublishBasicAuthenticationEnabled: + description: Should the default FTP Basic Authentication publishing + profile be enabled. Defaults to true. + type: boolean + functionsExtensionVersion: + description: |- + The runtime version associated with the Function App. Defaults to ~4. + The runtime version associated with the Function App. + type: string + httpsOnly: + description: |- + Can the Function App only be accessed via HTTPS? Defaults to false. + Can the Function App only be accessed via HTTPS? + type: boolean + identity: + description: A identity block as defined below. + items: + properties: + identityIds: + description: A list of User Assigned Managed Identity IDs + to be assigned to this Linux Function App. + items: + type: string + type: array + x-kubernetes-list-type: set + type: + description: Specifies the type of Managed Service Identity + that should be configured on this Linux Function App. + Possible values are SystemAssigned, UserAssigned, SystemAssigned, + UserAssigned (to enable both). + type: string + type: object + type: array + keyVaultReferenceIdentityId: + description: |- + The User Assigned Identity ID used for accessing KeyVault secrets. The identity must be assigned to the application in the identity block. For more information see - Access vaults with a user-assigned identity + The User Assigned Identity to use for Key Vault access. + type: string + location: + description: The Azure Region where the Linux Function App should + exist. Changing this forces a new Linux Function App to be created. + type: string + name: + description: |- + The name which should be used for this Linux Function App. Changing this forces a new Linux Function App to be created. Limit the function name to 32 characters to avoid naming collisions. For more information about Function App naming rule and Host ID Collisions + Specifies the name of the Function App. + type: string + publicNetworkAccessEnabled: + description: Should public network access be enabled for the Function + App. Defaults to true. + type: boolean + resourceGroupName: + description: The name of the Resource Group where the Linux Function + App should exist. Changing this forces a new Linux Function + App to be created. + type: string + resourceGroupNameRef: + description: Reference to a ResourceGroup in azure to populate + resourceGroupName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + resourceGroupNameSelector: + description: Selector for a ResourceGroup in azure to populate + resourceGroupName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + servicePlanId: + description: |- + The ID of the App Service Plan within which to create this Function App. + The ID of the App Service Plan within which to create this Function App + type: string + servicePlanIdRef: + description: Reference to a ServicePlan in web to populate servicePlanId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + servicePlanIdSelector: + description: Selector for a ServicePlan in web to populate servicePlanId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + siteConfig: + description: A site_config block as defined below. + items: + properties: + alwaysOn: + description: |- + If this Linux Web App is Always On enabled. Defaults to false. + If this Linux Web App is Always On enabled. Defaults to `false`. + type: boolean + apiDefinitionUrl: + description: |- + The URL of the API definition that describes this Linux Function App. + The URL of the API definition that describes this Linux Function App. + type: string + apiManagementApiId: + description: |- + The ID of the API Management API for this Linux Function App. + The ID of the API Management API for this Linux Function App. + type: string + appCommandLine: + description: |- + The App command line to launch. + The program and any arguments used to launch this app via the command line. (Example `node myapp.js`). + type: string + appScaleLimit: + description: |- + The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. + The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. + type: number + appServiceLogs: + description: An app_service_logs block as defined above. + items: + properties: + diskQuotaMb: + description: |- + The amount of disk space to use for logs. Valid values are between 25 and 100. Defaults to 35. + The amount of disk space to use for logs. Valid values are between `25` and `100`. + type: number + retentionPeriodDays: + description: |- + After how many days backups should be deleted. Defaults to 30. + The retention period for logs in days. Valid values are between `0` and `99999`. Defaults to `0` (never delete). + type: number + type: object + type: array + applicationInsightsConnectionStringSecretRef: + description: |- + The Connection String for linking the Linux Function App to Application Insights. + The Connection String for linking the Linux Function App to Application Insights. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + applicationInsightsKeySecretRef: + description: |- + The Instrumentation Key for connecting the Linux Function App to Application Insights. + The Instrumentation Key for connecting the Linux Function App to Application Insights. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + applicationStack: + description: An application_stack block as defined above. + items: + properties: + docker: + description: |- + One or more docker blocks as defined below. + A docker block + items: + properties: + imageName: + description: |- + The name of the Docker image to use. + The name of the Docker image to use. + type: string + imageTag: + description: |- + The image tag of the image to use. + The image tag of the image to use. + type: string + registryPasswordSecretRef: + description: |- + The password for the account to use to connect to the registry. + The password for the account to use to connect to the registry. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + registryUrl: + description: |- + The URL of the docker registry. + The URL of the docker registry. + type: string + registryUsernameSecretRef: + description: |- + The username to use for connections to the registry. + The username to use for connections to the registry. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + type: array + dotnetVersion: + description: |- + The version of .NET to use. Possible values include 3.1, 6.0, 7.0 and 8.0. + The version of .Net. Possible values are `3.1`, `6.0` and `7.0` + type: string + javaVersion: + description: |- + The Version of Java to use. Supported versions include 8, 11 & 17. + The version of Java to use. Possible values are `8`, `11`, and `17` + type: string + nodeVersion: + description: |- + The version of Node to run. Possible values include 12, 14, 16 and 18. + The version of Node to use. Possible values include `12`, `14`, `16` and `18` + type: string + powershellCoreVersion: + description: |- + The version of PowerShell Core to run. Possible values are 7, and 7.2. + The version of PowerShell Core to use. Possibles values are `7`, and `7.2` + type: string + pythonVersion: + description: |- + The version of Python to run. Possible values are 3.12, 3.11, 3.10, 3.9, 3.8 and 3.7. + The version of Python to use. Possible values include `3.12`, `3.11`, `3.10`, `3.9`, `3.8`, and `3.7`. + type: string + useCustomRuntime: + description: Should the Linux Function App use a custom + runtime? + type: boolean + useDotnetIsolatedRuntime: + description: |- + Should the DotNet process use an isolated runtime. Defaults to false. + Should the DotNet process use an isolated runtime. Defaults to `false`. + type: boolean + type: object + type: array + containerRegistryManagedIdentityClientId: + description: |- + The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. + The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. + type: string + containerRegistryUseManagedIdentity: + description: |- + Should connections for Azure Container Registry use Managed Identity. + Should connections for Azure Container Registry use Managed Identity. + type: boolean + cors: + description: A cors block as defined above. + items: + properties: + allowedOrigins: + description: |- + Specifies a list of origins that should be allowed to make cross-origin calls. + Specifies a list of origins that should be allowed to make cross-origin calls. + items: + type: string + type: array + x-kubernetes-list-type: set + supportCredentials: + description: |- + Are credentials allowed in CORS requests? Defaults to false. + Are credentials allowed in CORS requests? Defaults to `false`. + type: boolean + type: object + type: array + defaultDocuments: + description: |- + Specifies a list of Default Documents for the Linux Web App. + Specifies a list of Default Documents for the Linux Web App. + items: + type: string + type: array + elasticInstanceMinimum: + description: |- + The number of minimum instances for this Linux Function App. Only affects apps on Elastic Premium plans. + The number of minimum instances for this Linux Function App. Only affects apps on Elastic Premium plans. + type: number + ftpsState: + description: |- + State of FTP / FTPS service for this function app. Possible values include: AllAllowed, FtpsOnly and Disabled. Defaults to Disabled. + State of FTP / FTPS service for this function app. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. Defaults to `Disabled`. + type: string + healthCheckEvictionTimeInMin: + description: |- + The amount of time in minutes that a node can be unhealthy before being removed from the load balancer. Possible values are between 2 and 10. Only valid in conjunction with health_check_path. + The amount of time in minutes that a node is unhealthy before being removed from the load balancer. Possible values are between `2` and `10`. Defaults to `10`. Only valid in conjunction with `health_check_path` + type: number + healthCheckPath: + description: |- + The path to be checked for this function app health. + The path to be checked for this function app health. + type: string + http2Enabled: + description: |- + Specifies if the HTTP2 protocol should be enabled. Defaults to false. + Specifies if the http2 protocol should be enabled. Defaults to `false`. + type: boolean + ipRestriction: + description: One or more ip_restriction blocks as defined + above. + items: + properties: + action: + description: |- + The action to take. Possible values are Allow or Deny. Defaults to Allow. + The action to take. Possible values are `Allow` or `Deny`. + type: string + description: + description: |- + The Description of this IP Restriction. + The description of the IP restriction rule. + type: string + headers: + description: A headers block as defined above. + items: + properties: + xAzureFdid: + description: Specifies a list of Azure Front + Door IDs. + items: + type: string + type: array + xFdHealthProbe: + description: Specifies if a Front Door Health + Probe should be expected. The only possible + value is 1. + items: + type: string + type: array + xForwardedFor: + description: Specifies a list of addresses for + which matching should be applied. Omitting + this value means allow any. + items: + type: string + type: array + xForwardedHost: + description: Specifies a list of Hosts for which + matching should be applied. + items: + type: string + type: array + type: object + type: array + ipAddress: + description: |- + The CIDR notation of the IP or IP Range to match. For example: 10.0.0.0/24 or 192.168.10.1/32 + The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` or `fe80::/64` or `13.107.6.152/31,13.107.128.0/22` + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name which should be used for this `ip_restriction`. + type: string + priority: + description: |- + The priority value of this ip_restriction. Defaults to 65000. + The priority value of this `ip_restriction`. + type: number + serviceTag: + description: |- + The Service Tag used for this IP Restriction. + The Service Tag used for this IP Restriction. + type: string + virtualNetworkSubnetId: + description: |- + The subnet id which will be used by this Function App for regional virtual network integration. + The Virtual Network Subnet ID used for this IP Restriction. + type: string + virtualNetworkSubnetIdRef: + description: Reference to a Subnet in network to populate + virtualNetworkSubnetId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + virtualNetworkSubnetIdSelector: + description: Selector for a Subnet in network to populate + virtualNetworkSubnetId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with + matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + ipRestrictionDefaultAction: + description: The Default action for traffic that does not + match any ip_restriction rule. possible values include + Allow and Deny. Defaults to Allow. + type: string + loadBalancingMode: + description: |- + The Site load balancing mode. Possible values include: WeightedRoundRobin, LeastRequests, LeastResponseTime, WeightedTotalTraffic, RequestHash, PerSiteRoundRobin. Defaults to LeastRequests if omitted. + The Site load balancing mode. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. + type: string + managedPipelineMode: + description: |- + Managed pipeline mode. Possible values include: Integrated, Classic. Defaults to Integrated. + The Managed Pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. + type: string + minimumTlsVersion: + description: |- + The configures the minimum version of TLS required for SSL requests. Possible values include: 1.0, 1.1, and 1.2. Defaults to 1.2. + The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. + type: string + preWarmedInstanceCount: + description: |- + The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan. + The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan. + type: number + remoteDebuggingEnabled: + description: |- + Should Remote Debugging be enabled. Defaults to false. + Should Remote Debugging be enabled. Defaults to `false`. + type: boolean + remoteDebuggingVersion: + description: |- + The Remote Debugging Version. Possible values include VS2017, VS2019, and VS2022. + The Remote Debugging Version. Possible values include `VS2017`, `VS2019`, and `VS2022“ + type: string + runtimeScaleMonitoringEnabled: + description: |- + Should Scale Monitoring of the Functions Runtime be enabled? + Should Functions Runtime Scale Monitoring be enabled. + type: boolean + scmIpRestriction: + description: One or more scm_ip_restriction blocks as defined + above. + items: + properties: + action: + description: |- + The action to take. Possible values are Allow or Deny. Defaults to Allow. + The action to take. Possible values are `Allow` or `Deny`. + type: string + description: + description: |- + The Description of this IP Restriction. + The description of the IP restriction rule. + type: string + headers: + description: A headers block as defined above. + items: + properties: + xAzureFdid: + description: Specifies a list of Azure Front + Door IDs. + items: + type: string + type: array + xFdHealthProbe: + description: Specifies if a Front Door Health + Probe should be expected. The only possible + value is 1. + items: + type: string + type: array + xForwardedFor: + description: Specifies a list of addresses for + which matching should be applied. Omitting + this value means allow any. + items: + type: string + type: array + xForwardedHost: + description: Specifies a list of Hosts for which + matching should be applied. + items: + type: string + type: array + type: object + type: array + ipAddress: + description: |- + The CIDR notation of the IP or IP Range to match. For example: 10.0.0.0/24 or 192.168.10.1/32 + The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` or `fe80::/64` or `13.107.6.152/31,13.107.128.0/22` + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name which should be used for this `ip_restriction`. + type: string + priority: + description: |- + The priority value of this ip_restriction. Defaults to 65000. + The priority value of this `ip_restriction`. + type: number + serviceTag: + description: |- + The Service Tag used for this IP Restriction. + The Service Tag used for this IP Restriction. + type: string + virtualNetworkSubnetId: + description: |- + The subnet id which will be used by this Function App for regional virtual network integration. + The Virtual Network Subnet ID used for this IP Restriction. + type: string + virtualNetworkSubnetIdRef: + description: Reference to a Subnet in network to populate + virtualNetworkSubnetId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + virtualNetworkSubnetIdSelector: + description: Selector for a Subnet in network to populate + virtualNetworkSubnetId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with + matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + scmIpRestrictionDefaultAction: + description: The Default action for traffic that does not + match any scm_ip_restriction rule. possible values include + Allow and Deny. Defaults to Allow. + type: string + scmMinimumTlsVersion: + description: |- + Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: 1.0, 1.1, and 1.2. Defaults to 1.2. + Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. + type: string + scmUseMainIpRestriction: + description: |- + Should the Linux Function App ip_restriction configuration be used for the SCM also. + Should the Linux Function App `ip_restriction` configuration be used for the SCM also. + type: boolean + use32BitWorker: + description: |- + Should the Linux Web App use a 32-bit worker process. Defaults to false. + Should the Linux Web App use a 32-bit worker. + type: boolean + vnetRouteAllEnabled: + description: |- + Should all outbound traffic to have NAT Gateways, Network Security Groups and User Defined Routes applied? Defaults to false. + Should all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied? Defaults to `false`. + type: boolean + websocketsEnabled: + description: |- + Should Web Sockets be enabled. Defaults to false. + Should Web Sockets be enabled. Defaults to `false`. + type: boolean + workerCount: + description: |- + The number of Workers for this Linux Function App. + The number of Workers for this Linux Function App. + type: number + type: object + type: array + stickySettings: + description: A sticky_settings block as defined below. + items: + properties: + appSettingNames: + description: A list of app_setting names that the Linux + Function App will not swap between Slots when a swap operation + is triggered. + items: + type: string + type: array + connectionStringNames: + description: A list of connection_string names that the + Linux Function App will not swap between Slots when a + swap operation is triggered. + items: + type: string + type: array + type: object + type: array + storageAccount: + description: One or more storage_account blocks as defined below. + items: + properties: + accountName: + description: The Name of the Storage Account. + type: string + mountPath: + description: The path at which to mount the storage share. + type: string + name: + description: The name which should be used for this Storage + Account. + type: string + shareName: + description: The Name of the File Share or Container Name + for Blob storage. + type: string + type: + description: The Azure Storage Type. Possible values include + AzureFiles and AzureBlob. + type: string + type: object + type: array + storageAccountAccessKeySecretRef: + description: |- + The access key which will be used to access the backend storage account for the Function App. Conflicts with storage_uses_managed_identity. + The access key which will be used to access the storage account for the Function App. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + storageAccountName: + description: |- + The backend storage account name which will be used by this Function App. + The backend storage account name which will be used by this Function App. + type: string + storageAccountNameRef: + description: Reference to a Account in storage to populate storageAccountName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + storageAccountNameSelector: + description: Selector for a Account in storage to populate storageAccountName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + storageKeyVaultSecretId: + description: |- + The Key Vault Secret ID, optionally including version, that contains the Connection String to connect to the storage account for this Function App. + The Key Vault Secret ID, including version, that contains the Connection String to connect to the storage account for this Function App. + type: string + storageUsesManagedIdentity: + description: |- + Should the Function App use Managed Identity to access the storage account. Conflicts with storage_account_access_key. + Should the Function App use its Managed Identity to access storage? + type: boolean + tags: + additionalProperties: + type: string + description: A mapping of tags which should be assigned to the + Linux Function App. + type: object + x-kubernetes-map-type: granular + virtualNetworkSubnetId: + description: The subnet id which will be used by this Function + App for regional virtual network integration. + type: string + virtualNetworkSubnetIdRef: + description: Reference to a Subnet in network to populate virtualNetworkSubnetId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + virtualNetworkSubnetIdSelector: + description: Selector for a Subnet in network to populate virtualNetworkSubnetId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + webdeployPublishBasicAuthenticationEnabled: + description: Should the default WebDeploy Basic Authentication + publishing credentials enabled. Defaults to true. + type: boolean + zipDeployFile: + description: |- + The local path and filename of the Zip packaged application to deploy to this Linux Function App. + The local path and filename of the Zip packaged application to deploy to this Linux Function App. **Note:** Using this value requires either `WEBSITE_RUN_FROM_PACKAGE=1` or `SCM_DO_BUILD_DURING_DEPLOYMENT=true` to be set on the App in `app_settings`. + type: string + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.location is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.location) + || (has(self.initProvider) && has(self.initProvider.location))' + - message: spec.forProvider.name is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.name) + || (has(self.initProvider) && has(self.initProvider.name))' + - message: spec.forProvider.siteConfig is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.siteConfig) + || (has(self.initProvider) && has(self.initProvider.siteConfig))' + status: + description: LinuxFunctionAppStatus defines the observed state of LinuxFunctionApp. + properties: + atProvider: + properties: + appSettings: + additionalProperties: + type: string + description: |- + A map of key-value pairs for App Settings and custom values. + A map of key-value pairs for [App Settings](https://docs.microsoft.com/en-us/azure/azure-functions/functions-app-settings) and custom values. + type: object + x-kubernetes-map-type: granular + authSettings: + description: A auth_settings block as defined below. + items: + properties: + activeDirectory: + description: An active_directory block as defined above. + items: + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Active Directory. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The App Setting name that contains the client secret of the Client. Cannot be used with `client_secret`. + type: string + type: object + type: array + additionalLoginParameters: + additionalProperties: + type: string + description: |- + Specifies a map of login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. + Specifies a map of Login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. + type: object + x-kubernetes-map-type: granular + allowedExternalRedirectUrls: + description: |- + Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Linux Web App. + Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Windows Web App. + items: + type: string + type: array + defaultProvider: + description: |- + The default authentication provider to use when multiple providers are configured. Possible values include: AzureActiveDirectory, Facebook, Google, MicrosoftAccount, Twitter, Github + The default authentication provider to use when multiple providers are configured. Possible values include: `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount`, `Twitter`, `Github`. + type: string + enabled: + description: |- + Should the Authentication / Authorization feature be enabled for the Linux Web App? + Should the Authentication / Authorization feature be enabled? + type: boolean + facebook: + description: A facebook block as defined below. + items: + properties: + appId: + description: |- + The App ID of the Facebook app used for login. + The App ID of the Facebook app used for login. + type: string + appSecretSettingName: + description: |- + The app setting name that contains the app_secret value used for Facebook Login. + The app setting name that contains the `app_secret` value used for Facebook Login. Cannot be specified with `app_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes to be requested as part of Facebook Login authentication. + items: + type: string + type: array + type: object + type: array + github: + description: A github block as defined below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the GitHub app used for login. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for GitHub Login. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub Login authentication. + items: + type: string + type: array + type: object + type: array + google: + description: A google block as defined below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Google web application. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Google Login. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. If not specified, "openid", "profile", and "email" are used as default scopes. + items: + type: string + type: array + type: object + type: array + issuer: + description: |- + The OpenID Connect Issuer URI that represents the entity which issues access tokens for this Linux Web App. + The OpenID Connect Issuer URI that represents the entity which issues access tokens. + type: string + microsoft: + description: A microsoft block as defined below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OAuth 2.0 client ID that was created for the app used for authentication. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + The list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, `wl.basic` is used as the default scope. + items: + type: string + type: array + type: object + type: array + runtimeVersion: + description: |- + The RuntimeVersion of the Authentication / Authorization feature in use for the Linux Web App. + The RuntimeVersion of the Authentication / Authorization feature in use. + type: string + tokenRefreshExtensionHours: + description: |- + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to 72 hours. + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. + type: number + tokenStoreEnabled: + description: |- + Should the Linux Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to false. + Should the Windows Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to `false`. + type: boolean + twitter: + description: A twitter block as defined below. + items: + properties: + consumerKey: + description: |- + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + type: string + consumerSecretSettingName: + description: |- + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumer_secret`. + type: string + type: object + type: array + unauthenticatedClientAction: + description: |- + The action to take when an unauthenticated client attempts to access the app. Possible values include: RedirectToLoginPage, AllowAnonymous. + The action to take when an unauthenticated client attempts to access the app. Possible values include: `RedirectToLoginPage`, `AllowAnonymous`. + type: string + type: object + type: array + authSettingsV2: + description: An auth_settings_v2 block as defined below. + items: + properties: + activeDirectoryV2: + description: An active_directory_v2 block as defined below. + items: + properties: + allowedApplications: + description: |- + The list of allowed Applications for the Default Authorisation Policy. + The list of allowed Applications for the Default Authorisation Policy. + items: + type: string + type: array + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. + items: + type: string + type: array + allowedGroups: + description: |- + The list of allowed Group Names for the Default Authorisation Policy. + The list of allowed Group Names for the Default Authorisation Policy. + items: + type: string + type: array + allowedIdentities: + description: |- + The list of allowed Identities for the Default Authorisation Policy. + The list of allowed Identities for the Default Authorisation Policy. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Active Directory. + type: string + clientSecretCertificateThumbprint: + description: |- + The thumbprint of the certificate used for signing purposes. + The thumbprint of the certificate used for signing purposes. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The App Setting name that contains the client secret of the Client. + type: string + jwtAllowedClientApplications: + description: |- + A list of Allowed Client Applications in the JWT Claim. + A list of Allowed Client Applications in the JWT Claim. + items: + type: string + type: array + jwtAllowedGroups: + description: |- + A list of Allowed Groups in the JWT Claim. + A list of Allowed Groups in the JWT Claim. + items: + type: string + type: array + loginParameters: + additionalProperties: + type: string + description: |- + A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. + A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. + type: object + x-kubernetes-map-type: granular + tenantAuthEndpoint: + description: |- + The Azure Tenant Endpoint for the Authenticating Tenant. e.g. https://login.microsoftonline.com/v2.0/{tenant-guid}/ + The Azure Tenant Endpoint for the Authenticating Tenant. e.g. `https://login.microsoftonline.com/v2.0/{tenant-guid}/`. + type: string + wwwAuthenticationDisabled: + description: |- + Should the www-authenticate provider should be omitted from the request? Defaults to false. + Should the www-authenticate provider should be omitted from the request? Defaults to `false` + type: boolean + type: object + type: array + appleV2: + description: An apple_v2 block as defined below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Apple web application. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Apple Login. + type: string + loginScopes: + description: The list of Login scopes that should + be requested as part of Microsoft Account authentication. + items: + type: string + type: array + type: object + type: array + authEnabled: + description: |- + Should the AuthV2 Settings be enabled. Defaults to false. + Should the AuthV2 Settings be enabled. Defaults to `false` + type: boolean + azureStaticWebAppV2: + description: An azure_static_web_app_v2 block as defined + below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Static Web App Authentication. + type: string + type: object + type: array + configFilePath: + description: |- + The path to the App Auth settings. + The path to the App Auth settings. **Note:** Relative Paths are evaluated from the Site Root directory. + type: string + customOidcV2: + description: Zero or more custom_oidc_v2 blocks as defined + below. + items: + properties: + authorisationEndpoint: + description: |- + The endpoint to make the Authorisation Request as supplied by openid_configuration_endpoint response. + The endpoint to make the Authorisation Request. + type: string + certificationUri: + description: |- + The endpoint that provides the keys necessary to validate the token as supplied by openid_configuration_endpoint response. + The endpoint that provides the keys necessary to validate the token. + type: string + clientCredentialMethod: + description: |- + The Client Credential Method used. + The Client Credential Method used. Currently the only supported value is `ClientSecretPost`. + type: string + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with this Custom OIDC. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The App Setting name that contains the secret for this Custom OIDC Client. + type: string + issuerEndpoint: + description: |- + The endpoint that issued the Token as supplied by openid_configuration_endpoint response. + The endpoint that issued the Token. + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name of the Custom OIDC Authentication Provider. + type: string + nameClaimType: + description: |- + The name of the claim that contains the users name. + The name of the claim that contains the users name. + type: string + openidConfigurationEndpoint: + description: |- + The app setting name that contains the client_secret value used for the Custom OIDC Login. + The endpoint that contains all the configuration endpoints for this Custom OIDC provider. + type: string + scopes: + description: |- + The list of the scopes that should be requested while authenticating. + The list of the scopes that should be requested while authenticating. + items: + type: string + type: array + tokenEndpoint: + description: |- + The endpoint used to request a Token as supplied by openid_configuration_endpoint response. + The endpoint used to request a Token. + type: string + type: object + type: array + defaultProvider: + description: |- + The Default Authentication Provider to use when the unauthenticated_action is set to RedirectToLoginPage. Possible values include: apple, azureactivedirectory, facebook, github, google, twitter and the name of your custom_oidc_v2 provider. + The Default Authentication Provider to use when the `unauthenticated_action` is set to `RedirectToLoginPage`. Possible values include: `apple`, `azureactivedirectory`, `facebook`, `github`, `google`, `twitter` and the `name` of your `custom_oidc_v2` provider. + type: string + excludedPaths: + description: |- + The paths which should be excluded from the unauthenticated_action when it is set to RedirectToLoginPage. + The paths which should be excluded from the `unauthenticated_action` when it is set to `RedirectToLoginPage`. + items: + type: string + type: array + facebookV2: + description: A facebook_v2 block as defined below. + items: + properties: + appId: + description: |- + The App ID of the Facebook app used for login. + The App ID of the Facebook app used for login. + type: string + appSecretSettingName: + description: |- + The app setting name that contains the app_secret value used for Facebook Login. + The app setting name that contains the `app_secret` value used for Facebook Login. + type: string + graphApiVersion: + description: |- + The version of the Facebook API to be used while logging in. + The version of the Facebook API to be used while logging in. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of scopes to be requested as part of Facebook Login authentication. + items: + type: string + type: array + type: object + type: array + forwardProxyConvention: + description: |- + The convention used to determine the url of the request made. Possible values include NoProxy, Standard, Custom. Defaults to NoProxy. + The convention used to determine the url of the request made. Possible values include `ForwardProxyConventionNoProxy`, `ForwardProxyConventionStandard`, `ForwardProxyConventionCustom`. Defaults to `ForwardProxyConventionNoProxy` + type: string + forwardProxyCustomHostHeaderName: + description: |- + The name of the custom header containing the host of the request. + The name of the header containing the host of the request. + type: string + forwardProxyCustomSchemeHeaderName: + description: |- + The name of the custom header containing the scheme of the request. + The name of the header containing the scheme of the request. + type: string + githubV2: + description: A github_v2 block as defined below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the GitHub app used for login. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for GitHub Login. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub Login authentication. + items: + type: string + type: array + type: object + type: array + googleV2: + description: A google_v2 block as defined below. + items: + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed Audiences that will be requested as part of Google Sign-In authentication. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Google web application. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Google Login. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of Login scopes that will be requested as part of Google Sign-In authentication. + items: + type: string + type: array + type: object + type: array + httpRouteApiPrefix: + description: |- + The prefix that should precede all the authentication and authorisation paths. Defaults to /.auth. + The prefix that should precede all the authentication and authorisation paths. Defaults to `/.auth` + type: string + login: + description: A login block as defined below. + items: + properties: + allowedExternalRedirectUrls: + description: |- + External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. + External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. **Note:** URLs within the current domain are always implicitly allowed. + items: + type: string + type: array + cookieExpirationConvention: + description: |- + The method by which cookies expire. Possible values include: FixedTime, and IdentityProviderDerived. Defaults to FixedTime. + The method by which cookies expire. Possible values include: `FixedTime`, and `IdentityProviderDerived`. Defaults to `FixedTime`. + type: string + cookieExpirationTime: + description: |- + The time after the request is made when the session cookie should expire. Defaults to 08:00:00. + The time after the request is made when the session cookie should expire. Defaults to `08:00:00`. + type: string + logoutEndpoint: + description: |- + The endpoint to which logout requests should be made. + The endpoint to which logout requests should be made. + type: string + nonceExpirationTime: + description: |- + The time after the request is made when the nonce should expire. Defaults to 00:05:00. + The time after the request is made when the nonce should expire. Defaults to `00:05:00`. + type: string + preserveUrlFragmentsForLogins: + description: |- + Should the fragments from the request be preserved after the login request is made. Defaults to false. + Should the fragments from the request be preserved after the login request is made. Defaults to `false`. + type: boolean + tokenRefreshExtensionTime: + description: |- + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to 72 hours. + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. + type: number + tokenStoreEnabled: + description: |- + Should the Token Store configuration Enabled. Defaults to false + Should the Token Store configuration Enabled. Defaults to `false` + type: boolean + tokenStorePath: + description: |- + The directory path in the App Filesystem in which the tokens will be stored. + The directory path in the App Filesystem in which the tokens will be stored. + type: string + tokenStoreSasSettingName: + description: |- + The name of the app setting which contains the SAS URL of the blob storage containing the tokens. + The name of the app setting which contains the SAS URL of the blob storage containing the tokens. + type: string + validateNonce: + description: |- + Should the nonce be validated while completing the login flow. Defaults to true. + Should the nonce be validated while completing the login flow. Defaults to `true`. + type: boolean + type: object + type: array + microsoftV2: + description: A microsoft_v2 block as defined below. + items: + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OAuth 2.0 client ID that was created for the app used for authentication. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + The list of Login scopes that will be requested as part of Microsoft Account authentication. + items: + type: string + type: array + type: object + type: array + requireAuthentication: + description: |- + Should the authentication flow be used for all requests. + Should the authentication flow be used for all requests. + type: boolean + requireHttps: + description: |- + Should HTTPS be required on connections? Defaults to true. + Should HTTPS be required on connections? Defaults to true. + type: boolean + runtimeVersion: + description: |- + The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to ~1. + The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to `~1` + type: string + twitterV2: + description: A twitter_v2 block as defined below. + items: + properties: + consumerKey: + description: |- + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + type: string + consumerSecretSettingName: + description: |- + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + type: string + type: object + type: array + unauthenticatedAction: + description: |- + The action to take for requests made without authentication. Possible values include RedirectToLoginPage, AllowAnonymous, Return401, and Return403. Defaults to RedirectToLoginPage. + The action to take for requests made without authentication. Possible values include `RedirectToLoginPage`, `AllowAnonymous`, `Return401`, and `Return403`. Defaults to `RedirectToLoginPage`. + type: string + type: object + type: array + backup: + description: A backup block as defined below. + items: + properties: + enabled: + description: |- + Should this backup job be enabled? Defaults to true. + Should this backup job be enabled? + type: boolean + name: + description: |- + The name which should be used for this Backup. + The name which should be used for this Backup. + type: string + schedule: + description: A schedule block as defined below. + items: + properties: + frequencyInterval: + description: |- + How often the backup should be executed (e.g. for weekly backup, this should be set to 7 and frequency_unit should be set to Day). + How often the backup should be executed (e.g. for weekly backup, this should be set to `7` and `frequency_unit` should be set to `Day`). + type: number + frequencyUnit: + description: |- + The unit of time for how often the backup should take place. Possible values include: Day and Hour. + The unit of time for how often the backup should take place. Possible values include: `Day` and `Hour`. + type: string + keepAtLeastOneBackup: + description: |- + Should the service keep at least one backup, regardless of age of backup. Defaults to false. + Should the service keep at least one backup, regardless of age of backup. Defaults to `false`. + type: boolean + lastExecutionTime: + description: The time the backup was last attempted. + type: string + retentionPeriodDays: + description: |- + After how many days backups should be deleted. Defaults to 30. + After how many days backups should be deleted. + type: number + startTime: + description: |- + When the schedule should start working in RFC-3339 format. + When the schedule should start working in RFC-3339 format. + type: string + type: object + type: array + type: object + type: array + builtinLoggingEnabled: + description: |- + Should built in logging be enabled. Configures AzureWebJobsDashboard app setting based on the configured storage setting. Defaults to true. + Should built in logging be enabled. Configures `AzureWebJobsDashboard` app setting based on the configured storage setting + type: boolean + clientCertificateEnabled: + description: |- + Should the function app use Client Certificates. + Should the function app use Client Certificates + type: boolean + clientCertificateExclusionPaths: + description: |- + Paths to exclude when using client certificates, separated by ; + Paths to exclude when using client certificates, separated by ; + type: string + clientCertificateMode: + description: |- + The mode of the Function App's client certificates requirement for incoming requests. Possible values are Required, Optional, and OptionalInteractiveUser. Defaults to Optional. + The mode of the Function App's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser` + type: string + connectionString: + description: One or more connection_string blocks as defined below. + items: + properties: + name: + description: |- + The name which should be used for this Connection. + The name which should be used for this Connection. + type: string + type: + description: |- + Type of database. Possible values include: MySQL, SQLServer, SQLAzure, Custom, NotificationHub, ServiceBus, EventHub, APIHub, DocDb, RedisCache, and PostgreSQL. + Type of database. Possible values include: `MySQL`, `SQLServer`, `SQLAzure`, `Custom`, `NotificationHub`, `ServiceBus`, `EventHub`, `APIHub`, `DocDb`, `RedisCache`, and `PostgreSQL`. + type: string + type: object + type: array + contentShareForceDisabled: + description: |- + Should the settings for linking the Function App to storage be suppressed. + Force disable the content share settings. + type: boolean + dailyMemoryTimeQuota: + description: |- + The amount of memory in gigabyte-seconds that your application is allowed to consume per day. Setting this value only affects function apps under the consumption plan. Defaults to 0. + The amount of memory in gigabyte-seconds that your application is allowed to consume per day. Setting this value only affects function apps in Consumption Plans. + type: number + defaultHostname: + description: The default hostname of the Linux Function App. + type: string + enabled: + description: |- + Is the Function App enabled? Defaults to true. + Is the Linux Function App enabled. + type: boolean + ftpPublishBasicAuthenticationEnabled: + description: Should the default FTP Basic Authentication publishing + profile be enabled. Defaults to true. + type: boolean + functionsExtensionVersion: + description: |- + The runtime version associated with the Function App. Defaults to ~4. + The runtime version associated with the Function App. + type: string + hostingEnvironmentId: + description: The ID of the App Service Environment used by Function + App. + type: string + httpsOnly: + description: |- + Can the Function App only be accessed via HTTPS? Defaults to false. + Can the Function App only be accessed via HTTPS? + type: boolean + id: + description: The ID of the Linux Function App. + type: string + identity: + description: A identity block as defined below. + items: + properties: + identityIds: + description: A list of User Assigned Managed Identity IDs + to be assigned to this Linux Function App. + items: + type: string + type: array + x-kubernetes-list-type: set + principalId: + description: The Principal ID associated with this Managed + Service Identity. + type: string + tenantId: + description: The Tenant ID associated with this Managed + Service Identity. + type: string + type: + description: Specifies the type of Managed Service Identity + that should be configured on this Linux Function App. + Possible values are SystemAssigned, UserAssigned, SystemAssigned, + UserAssigned (to enable both). + type: string + type: object + type: array + keyVaultReferenceIdentityId: + description: |- + The User Assigned Identity ID used for accessing KeyVault secrets. The identity must be assigned to the application in the identity block. For more information see - Access vaults with a user-assigned identity + The User Assigned Identity to use for Key Vault access. + type: string + kind: + description: The Kind value for this Linux Function App. + type: string + location: + description: The Azure Region where the Linux Function App should + exist. Changing this forces a new Linux Function App to be created. + type: string + name: + description: |- + The name which should be used for this Linux Function App. Changing this forces a new Linux Function App to be created. Limit the function name to 32 characters to avoid naming collisions. For more information about Function App naming rule and Host ID Collisions + Specifies the name of the Function App. + type: string + outboundIpAddressList: + description: A list of outbound IP addresses. For example ["52.23.25.3", + "52.143.43.12"] + items: + type: string + type: array + outboundIpAddresses: + description: A comma separated list of outbound IP addresses as + a string. For example 52.23.25.3,52.143.43.12. + type: string + possibleOutboundIpAddressList: + description: A list of possible outbound IP addresses, not all + of which are necessarily in use. This is a superset of outbound_ip_address_list. + For example ["52.23.25.3", "52.143.43.12"]. + items: + type: string + type: array + possibleOutboundIpAddresses: + description: A comma separated list of possible outbound IP addresses + as a string. For example 52.23.25.3,52.143.43.12,52.143.43.17. + This is a superset of outbound_ip_addresses. + type: string + publicNetworkAccessEnabled: + description: Should public network access be enabled for the Function + App. Defaults to true. + type: boolean + resourceGroupName: + description: The name of the Resource Group where the Linux Function + App should exist. Changing this forces a new Linux Function + App to be created. + type: string + servicePlanId: + description: |- + The ID of the App Service Plan within which to create this Function App. + The ID of the App Service Plan within which to create this Function App + type: string + siteConfig: + description: A site_config block as defined below. + items: + properties: + alwaysOn: + description: |- + If this Linux Web App is Always On enabled. Defaults to false. + If this Linux Web App is Always On enabled. Defaults to `false`. + type: boolean + apiDefinitionUrl: + description: |- + The URL of the API definition that describes this Linux Function App. + The URL of the API definition that describes this Linux Function App. + type: string + apiManagementApiId: + description: |- + The ID of the API Management API for this Linux Function App. + The ID of the API Management API for this Linux Function App. + type: string + appCommandLine: + description: |- + The App command line to launch. + The program and any arguments used to launch this app via the command line. (Example `node myapp.js`). + type: string + appScaleLimit: + description: |- + The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. + The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. + type: number + appServiceLogs: + description: An app_service_logs block as defined above. + items: + properties: + diskQuotaMb: + description: |- + The amount of disk space to use for logs. Valid values are between 25 and 100. Defaults to 35. + The amount of disk space to use for logs. Valid values are between `25` and `100`. + type: number + retentionPeriodDays: + description: |- + After how many days backups should be deleted. Defaults to 30. + The retention period for logs in days. Valid values are between `0` and `99999`. Defaults to `0` (never delete). + type: number + type: object + type: array + applicationStack: + description: An application_stack block as defined above. + items: + properties: + docker: + description: |- + One or more docker blocks as defined below. + A docker block + items: + properties: + imageName: + description: |- + The name of the Docker image to use. + The name of the Docker image to use. + type: string + imageTag: + description: |- + The image tag of the image to use. + The image tag of the image to use. + type: string + registryUrl: + description: |- + The URL of the docker registry. + The URL of the docker registry. + type: string + type: object + type: array + dotnetVersion: + description: |- + The version of .NET to use. Possible values include 3.1, 6.0, 7.0 and 8.0. + The version of .Net. Possible values are `3.1`, `6.0` and `7.0` + type: string + javaVersion: + description: |- + The Version of Java to use. Supported versions include 8, 11 & 17. + The version of Java to use. Possible values are `8`, `11`, and `17` + type: string + nodeVersion: + description: |- + The version of Node to run. Possible values include 12, 14, 16 and 18. + The version of Node to use. Possible values include `12`, `14`, `16` and `18` + type: string + powershellCoreVersion: + description: |- + The version of PowerShell Core to run. Possible values are 7, and 7.2. + The version of PowerShell Core to use. Possibles values are `7`, and `7.2` + type: string + pythonVersion: + description: |- + The version of Python to run. Possible values are 3.12, 3.11, 3.10, 3.9, 3.8 and 3.7. + The version of Python to use. Possible values include `3.12`, `3.11`, `3.10`, `3.9`, `3.8`, and `3.7`. + type: string + useCustomRuntime: + description: Should the Linux Function App use a custom + runtime? + type: boolean + useDotnetIsolatedRuntime: + description: |- + Should the DotNet process use an isolated runtime. Defaults to false. + Should the DotNet process use an isolated runtime. Defaults to `false`. + type: boolean + type: object + type: array + containerRegistryManagedIdentityClientId: + description: |- + The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. + The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. + type: string + containerRegistryUseManagedIdentity: + description: |- + Should connections for Azure Container Registry use Managed Identity. + Should connections for Azure Container Registry use Managed Identity. + type: boolean + cors: + description: A cors block as defined above. + items: + properties: + allowedOrigins: + description: |- + Specifies a list of origins that should be allowed to make cross-origin calls. + Specifies a list of origins that should be allowed to make cross-origin calls. + items: + type: string + type: array + x-kubernetes-list-type: set + supportCredentials: + description: |- + Are credentials allowed in CORS requests? Defaults to false. + Are credentials allowed in CORS requests? Defaults to `false`. + type: boolean + type: object + type: array + defaultDocuments: + description: |- + Specifies a list of Default Documents for the Linux Web App. + Specifies a list of Default Documents for the Linux Web App. + items: + type: string + type: array + detailedErrorLoggingEnabled: + description: |- + Is the Function App enabled? Defaults to true. + Is detailed error logging enabled + type: boolean + elasticInstanceMinimum: + description: |- + The number of minimum instances for this Linux Function App. Only affects apps on Elastic Premium plans. + The number of minimum instances for this Linux Function App. Only affects apps on Elastic Premium plans. + type: number + ftpsState: + description: |- + State of FTP / FTPS service for this function app. Possible values include: AllAllowed, FtpsOnly and Disabled. Defaults to Disabled. + State of FTP / FTPS service for this function app. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. Defaults to `Disabled`. + type: string + healthCheckEvictionTimeInMin: + description: |- + The amount of time in minutes that a node can be unhealthy before being removed from the load balancer. Possible values are between 2 and 10. Only valid in conjunction with health_check_path. + The amount of time in minutes that a node is unhealthy before being removed from the load balancer. Possible values are between `2` and `10`. Defaults to `10`. Only valid in conjunction with `health_check_path` + type: number + healthCheckPath: + description: |- + The path to be checked for this function app health. + The path to be checked for this function app health. + type: string + http2Enabled: + description: |- + Specifies if the HTTP2 protocol should be enabled. Defaults to false. + Specifies if the http2 protocol should be enabled. Defaults to `false`. + type: boolean + ipRestriction: + description: One or more ip_restriction blocks as defined + above. + items: + properties: + action: + description: |- + The action to take. Possible values are Allow or Deny. Defaults to Allow. + The action to take. Possible values are `Allow` or `Deny`. + type: string + description: + description: |- + The Description of this IP Restriction. + The description of the IP restriction rule. + type: string + headers: + description: A headers block as defined above. + items: + properties: + xAzureFdid: + description: Specifies a list of Azure Front + Door IDs. + items: + type: string + type: array + xFdHealthProbe: + description: Specifies if a Front Door Health + Probe should be expected. The only possible + value is 1. + items: + type: string + type: array + xForwardedFor: + description: Specifies a list of addresses for + which matching should be applied. Omitting + this value means allow any. + items: + type: string + type: array + xForwardedHost: + description: Specifies a list of Hosts for which + matching should be applied. + items: + type: string + type: array + type: object + type: array + ipAddress: + description: |- + The CIDR notation of the IP or IP Range to match. For example: 10.0.0.0/24 or 192.168.10.1/32 + The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` or `fe80::/64` or `13.107.6.152/31,13.107.128.0/22` + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name which should be used for this `ip_restriction`. + type: string + priority: + description: |- + The priority value of this ip_restriction. Defaults to 65000. + The priority value of this `ip_restriction`. + type: number + serviceTag: + description: |- + The Service Tag used for this IP Restriction. + The Service Tag used for this IP Restriction. + type: string + virtualNetworkSubnetId: + description: |- + The subnet id which will be used by this Function App for regional virtual network integration. + The Virtual Network Subnet ID used for this IP Restriction. + type: string + type: object + type: array + ipRestrictionDefaultAction: + description: The Default action for traffic that does not + match any ip_restriction rule. possible values include + Allow and Deny. Defaults to Allow. + type: string + linuxFxVersion: + description: The Linux FX Version + type: string + loadBalancingMode: + description: |- + The Site load balancing mode. Possible values include: WeightedRoundRobin, LeastRequests, LeastResponseTime, WeightedTotalTraffic, RequestHash, PerSiteRoundRobin. Defaults to LeastRequests if omitted. + The Site load balancing mode. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. + type: string + managedPipelineMode: + description: |- + Managed pipeline mode. Possible values include: Integrated, Classic. Defaults to Integrated. + The Managed Pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. + type: string + minimumTlsVersion: + description: |- + The configures the minimum version of TLS required for SSL requests. Possible values include: 1.0, 1.1, and 1.2. Defaults to 1.2. + The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. + type: string + preWarmedInstanceCount: + description: |- + The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan. + The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan. + type: number + remoteDebuggingEnabled: + description: |- + Should Remote Debugging be enabled. Defaults to false. + Should Remote Debugging be enabled. Defaults to `false`. + type: boolean + remoteDebuggingVersion: + description: |- + The Remote Debugging Version. Possible values include VS2017, VS2019, and VS2022. + The Remote Debugging Version. Possible values include `VS2017`, `VS2019`, and `VS2022“ + type: string + runtimeScaleMonitoringEnabled: + description: |- + Should Scale Monitoring of the Functions Runtime be enabled? + Should Functions Runtime Scale Monitoring be enabled. + type: boolean + scmIpRestriction: + description: One or more scm_ip_restriction blocks as defined + above. + items: + properties: + action: + description: |- + The action to take. Possible values are Allow or Deny. Defaults to Allow. + The action to take. Possible values are `Allow` or `Deny`. + type: string + description: + description: |- + The Description of this IP Restriction. + The description of the IP restriction rule. + type: string + headers: + description: A headers block as defined above. + items: + properties: + xAzureFdid: + description: Specifies a list of Azure Front + Door IDs. + items: + type: string + type: array + xFdHealthProbe: + description: Specifies if a Front Door Health + Probe should be expected. The only possible + value is 1. + items: + type: string + type: array + xForwardedFor: + description: Specifies a list of addresses for + which matching should be applied. Omitting + this value means allow any. + items: + type: string + type: array + xForwardedHost: + description: Specifies a list of Hosts for which + matching should be applied. + items: + type: string + type: array + type: object + type: array + ipAddress: + description: |- + The CIDR notation of the IP or IP Range to match. For example: 10.0.0.0/24 or 192.168.10.1/32 + The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` or `fe80::/64` or `13.107.6.152/31,13.107.128.0/22` + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name which should be used for this `ip_restriction`. + type: string + priority: + description: |- + The priority value of this ip_restriction. Defaults to 65000. + The priority value of this `ip_restriction`. + type: number + serviceTag: + description: |- + The Service Tag used for this IP Restriction. + The Service Tag used for this IP Restriction. + type: string + virtualNetworkSubnetId: + description: |- + The subnet id which will be used by this Function App for regional virtual network integration. + The Virtual Network Subnet ID used for this IP Restriction. + type: string + type: object + type: array + scmIpRestrictionDefaultAction: + description: The Default action for traffic that does not + match any scm_ip_restriction rule. possible values include + Allow and Deny. Defaults to Allow. + type: string + scmMinimumTlsVersion: + description: |- + Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: 1.0, 1.1, and 1.2. Defaults to 1.2. + Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. + type: string + scmType: + description: The SCM Type in use by the Linux Function App. + type: string + scmUseMainIpRestriction: + description: |- + Should the Linux Function App ip_restriction configuration be used for the SCM also. + Should the Linux Function App `ip_restriction` configuration be used for the SCM also. + type: boolean + use32BitWorker: + description: |- + Should the Linux Web App use a 32-bit worker process. Defaults to false. + Should the Linux Web App use a 32-bit worker. + type: boolean + vnetRouteAllEnabled: + description: |- + Should all outbound traffic to have NAT Gateways, Network Security Groups and User Defined Routes applied? Defaults to false. + Should all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied? Defaults to `false`. + type: boolean + websocketsEnabled: + description: |- + Should Web Sockets be enabled. Defaults to false. + Should Web Sockets be enabled. Defaults to `false`. + type: boolean + workerCount: + description: |- + The number of Workers for this Linux Function App. + The number of Workers for this Linux Function App. + type: number + type: object + type: array + stickySettings: + description: A sticky_settings block as defined below. + items: + properties: + appSettingNames: + description: A list of app_setting names that the Linux + Function App will not swap between Slots when a swap operation + is triggered. + items: + type: string + type: array + connectionStringNames: + description: A list of connection_string names that the + Linux Function App will not swap between Slots when a + swap operation is triggered. + items: + type: string + type: array + type: object + type: array + storageAccount: + description: One or more storage_account blocks as defined below. + items: + properties: + accountName: + description: The Name of the Storage Account. + type: string + mountPath: + description: The path at which to mount the storage share. + type: string + name: + description: The name which should be used for this Storage + Account. + type: string + shareName: + description: The Name of the File Share or Container Name + for Blob storage. + type: string + type: + description: The Azure Storage Type. Possible values include + AzureFiles and AzureBlob. + type: string + type: object + type: array + storageAccountName: + description: |- + The backend storage account name which will be used by this Function App. + The backend storage account name which will be used by this Function App. + type: string + storageKeyVaultSecretId: + description: |- + The Key Vault Secret ID, optionally including version, that contains the Connection String to connect to the storage account for this Function App. + The Key Vault Secret ID, including version, that contains the Connection String to connect to the storage account for this Function App. + type: string + storageUsesManagedIdentity: + description: |- + Should the Function App use Managed Identity to access the storage account. Conflicts with storage_account_access_key. + Should the Function App use its Managed Identity to access storage? + type: boolean + tags: + additionalProperties: + type: string + description: A mapping of tags which should be assigned to the + Linux Function App. + type: object + x-kubernetes-map-type: granular + virtualNetworkSubnetId: + description: The subnet id which will be used by this Function + App for regional virtual network integration. + type: string + webdeployPublishBasicAuthenticationEnabled: + description: Should the default WebDeploy Basic Authentication + publishing credentials enabled. Defaults to true. + type: boolean + zipDeployFile: + description: |- + The local path and filename of the Zip packaged application to deploy to this Linux Function App. + The local path and filename of the Zip packaged application to deploy to this Linux Function App. **Note:** Using this value requires either `WEBSITE_RUN_FROM_PACKAGE=1` or `SCM_DO_BUILD_DURING_DEPLOYMENT=true` to be set on the App in `app_settings`. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: LinuxFunctionApp is the Schema for the LinuxFunctionApps API. + Manages a Linux Function App. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: LinuxFunctionAppSpec defines the desired state of LinuxFunctionApp + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + appSettings: + additionalProperties: + type: string + description: |- + A map of key-value pairs for App Settings and custom values. + A map of key-value pairs for [App Settings](https://docs.microsoft.com/en-us/azure/azure-functions/functions-app-settings) and custom values. + type: object + x-kubernetes-map-type: granular + authSettings: + description: A auth_settings block as defined below. + properties: + activeDirectory: + description: An active_directory block as defined above. + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Active Directory. + type: string + clientSecretSecretRef: + description: |- + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret_setting_name. + The Client Secret for the Client ID. Cannot be used with `client_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The App Setting name that contains the client secret of the Client. Cannot be used with `client_secret`. + type: string + type: object + additionalLoginParameters: + additionalProperties: + type: string + description: |- + Specifies a map of login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. + Specifies a map of Login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. + type: object + x-kubernetes-map-type: granular + allowedExternalRedirectUrls: + description: |- + Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Linux Web App. + Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Windows Web App. + items: + type: string + type: array + defaultProvider: + description: |- + The default authentication provider to use when multiple providers are configured. Possible values include: AzureActiveDirectory, Facebook, Google, MicrosoftAccount, Twitter, Github + The default authentication provider to use when multiple providers are configured. Possible values include: `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount`, `Twitter`, `Github`. + type: string + enabled: + description: |- + Should the Authentication / Authorization feature be enabled for the Linux Web App? + Should the Authentication / Authorization feature be enabled? + type: boolean + facebook: + description: A facebook block as defined below. + properties: + appId: + description: |- + The App ID of the Facebook app used for login. + The App ID of the Facebook app used for login. + type: string + appSecretSecretRef: + description: |- + The App Secret of the Facebook app used for Facebook login. Cannot be specified with app_secret_setting_name. + The App Secret of the Facebook app used for Facebook Login. Cannot be specified with `app_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + appSecretSettingName: + description: |- + The app setting name that contains the app_secret value used for Facebook Login. + The app setting name that contains the `app_secret` value used for Facebook Login. Cannot be specified with `app_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes to be requested as part of Facebook Login authentication. + items: + type: string + type: array + type: object + github: + description: A github block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the GitHub app used for login. + type: string + clientSecretSecretRef: + description: |- + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret_setting_name. + The Client Secret of the GitHub app used for GitHub Login. Cannot be specified with `client_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for GitHub Login. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub Login authentication. + items: + type: string + type: array + type: object + google: + description: A google block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Google web application. + type: string + clientSecretSecretRef: + description: |- + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret_setting_name. + The client secret associated with the Google web application. Cannot be specified with `client_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Google Login. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. If not specified, "openid", "profile", and "email" are used as default scopes. + items: + type: string + type: array + type: object + issuer: + description: |- + The OpenID Connect Issuer URI that represents the entity which issues access tokens for this Linux Web App. + The OpenID Connect Issuer URI that represents the entity which issues access tokens. + type: string + microsoft: + description: A microsoft block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OAuth 2.0 client ID that was created for the app used for authentication. + type: string + clientSecretSecretRef: + description: |- + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret_setting_name. + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `client_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + The list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, `wl.basic` is used as the default scope. + items: + type: string + type: array + type: object + runtimeVersion: + description: |- + The RuntimeVersion of the Authentication / Authorization feature in use for the Linux Web App. + The RuntimeVersion of the Authentication / Authorization feature in use. + type: string + tokenRefreshExtensionHours: + description: |- + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to 72 hours. + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. + type: number + tokenStoreEnabled: + description: |- + Should the Linux Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to false. + Should the Windows Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to `false`. + type: boolean + twitter: + description: A twitter block as defined below. + properties: + consumerKey: + description: |- + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + type: string + consumerSecretSecretRef: + description: |- + The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with consumer_secret_setting_name. + The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumer_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + consumerSecretSettingName: + description: |- + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumer_secret`. + type: string + type: object + unauthenticatedClientAction: + description: |- + The action to take when an unauthenticated client attempts to access the app. Possible values include: RedirectToLoginPage, AllowAnonymous. + The action to take when an unauthenticated client attempts to access the app. Possible values include: `RedirectToLoginPage`, `AllowAnonymous`. + type: string + type: object + authSettingsV2: + description: An auth_settings_v2 block as defined below. + properties: + activeDirectoryV2: + description: An active_directory_v2 block as defined below. + properties: + allowedApplications: + description: |- + The list of allowed Applications for the Default Authorisation Policy. + The list of allowed Applications for the Default Authorisation Policy. + items: + type: string + type: array + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. + items: + type: string + type: array + allowedGroups: + description: |- + The list of allowed Group Names for the Default Authorisation Policy. + The list of allowed Group Names for the Default Authorisation Policy. + items: + type: string + type: array + allowedIdentities: + description: |- + The list of allowed Identities for the Default Authorisation Policy. + The list of allowed Identities for the Default Authorisation Policy. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Active Directory. + type: string + clientSecretCertificateThumbprint: + description: |- + The thumbprint of the certificate used for signing purposes. + The thumbprint of the certificate used for signing purposes. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The App Setting name that contains the client secret of the Client. + type: string + jwtAllowedClientApplications: + description: |- + A list of Allowed Client Applications in the JWT Claim. + A list of Allowed Client Applications in the JWT Claim. + items: + type: string + type: array + jwtAllowedGroups: + description: |- + A list of Allowed Groups in the JWT Claim. + A list of Allowed Groups in the JWT Claim. + items: + type: string + type: array + loginParameters: + additionalProperties: + type: string + description: |- + A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. + A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. + type: object + x-kubernetes-map-type: granular + tenantAuthEndpoint: + description: |- + The Azure Tenant Endpoint for the Authenticating Tenant. e.g. https://login.microsoftonline.com/{tenant-guid}/v2.0/ + The Azure Tenant Endpoint for the Authenticating Tenant. e.g. `https://login.microsoftonline.com/v2.0/{tenant-guid}/`. + type: string + wwwAuthenticationDisabled: + description: |- + Should the www-authenticate provider should be omitted from the request? Defaults to false. + Should the www-authenticate provider should be omitted from the request? Defaults to `false` + type: boolean + type: object + appleV2: + description: An apple_v2 block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Apple web application. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Apple Login. + type: string + type: object + authEnabled: + description: |- + Should the AuthV2 Settings be enabled. Defaults to false. + Should the AuthV2 Settings be enabled. Defaults to `false` + type: boolean + azureStaticWebAppV2: + description: An azure_static_web_app_v2 block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Static Web App Authentication. + type: string + type: object + configFilePath: + description: |- + The path to the App Auth settings. + The path to the App Auth settings. **Note:** Relative Paths are evaluated from the Site Root directory. + type: string + customOidcV2: + description: Zero or more custom_oidc_v2 blocks as defined + below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with this Custom OIDC. + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name of the Custom OIDC Authentication Provider. + type: string + nameClaimType: + description: |- + The name of the claim that contains the users name. + The name of the claim that contains the users name. + type: string + openidConfigurationEndpoint: + description: |- + The app setting name that contains the client_secret value used for the Custom OIDC Login. + The endpoint that contains all the configuration endpoints for this Custom OIDC provider. + type: string + scopes: + description: |- + The list of the scopes that should be requested while authenticating. + The list of the scopes that should be requested while authenticating. + items: + type: string + type: array + type: object + type: array + defaultProvider: + description: |- + The Default Authentication Provider to use when the unauthenticated_action is set to RedirectToLoginPage. Possible values include: apple, azureactivedirectory, facebook, github, google, twitter and the name of your custom_oidc_v2 provider. + The Default Authentication Provider to use when the `unauthenticated_action` is set to `RedirectToLoginPage`. Possible values include: `apple`, `azureactivedirectory`, `facebook`, `github`, `google`, `twitter` and the `name` of your `custom_oidc_v2` provider. + type: string + excludedPaths: + description: |- + The paths which should be excluded from the unauthenticated_action when it is set to RedirectToLoginPage. + The paths which should be excluded from the `unauthenticated_action` when it is set to `RedirectToLoginPage`. + items: + type: string + type: array + facebookV2: + description: A facebook_v2 block as defined below. + properties: + appId: + description: |- + The App ID of the Facebook app used for login. + The App ID of the Facebook app used for login. + type: string + appSecretSettingName: + description: |- + The app setting name that contains the app_secret value used for Facebook Login. + The app setting name that contains the `app_secret` value used for Facebook Login. + type: string + graphApiVersion: + description: |- + The version of the Facebook API to be used while logging in. + The version of the Facebook API to be used while logging in. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of scopes to be requested as part of Facebook Login authentication. + items: + type: string + type: array + type: object + forwardProxyConvention: + description: |- + The convention used to determine the url of the request made. Possible values include NoProxy, Standard, Custom. Defaults to NoProxy. + The convention used to determine the url of the request made. Possible values include `ForwardProxyConventionNoProxy`, `ForwardProxyConventionStandard`, `ForwardProxyConventionCustom`. Defaults to `ForwardProxyConventionNoProxy` + type: string + forwardProxyCustomHostHeaderName: + description: |- + The name of the custom header containing the host of the request. + The name of the header containing the host of the request. + type: string + forwardProxyCustomSchemeHeaderName: + description: |- + The name of the custom header containing the scheme of the request. + The name of the header containing the scheme of the request. + type: string + githubV2: + description: A github_v2 block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the GitHub app used for login. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for GitHub Login. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub Login authentication. + items: + type: string + type: array + type: object + googleV2: + description: A google_v2 block as defined below. + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed Audiences that will be requested as part of Google Sign-In authentication. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Google web application. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Google Login. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of Login scopes that will be requested as part of Google Sign-In authentication. + items: + type: string + type: array + type: object + httpRouteApiPrefix: + description: |- + The prefix that should precede all the authentication and authorisation paths. Defaults to /.auth. + The prefix that should precede all the authentication and authorisation paths. Defaults to `/.auth` + type: string + login: + description: A login block as defined below. + properties: + allowedExternalRedirectUrls: + description: |- + External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. + External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. **Note:** URLs within the current domain are always implicitly allowed. + items: + type: string + type: array + cookieExpirationConvention: + description: |- + The method by which cookies expire. Possible values include: FixedTime, and IdentityProviderDerived. Defaults to FixedTime. + The method by which cookies expire. Possible values include: `FixedTime`, and `IdentityProviderDerived`. Defaults to `FixedTime`. + type: string + cookieExpirationTime: + description: |- + The time after the request is made when the session cookie should expire. Defaults to 08:00:00. + The time after the request is made when the session cookie should expire. Defaults to `08:00:00`. + type: string + logoutEndpoint: + description: |- + The endpoint to which logout requests should be made. + The endpoint to which logout requests should be made. + type: string + nonceExpirationTime: + description: |- + The time after the request is made when the nonce should expire. Defaults to 00:05:00. + The time after the request is made when the nonce should expire. Defaults to `00:05:00`. + type: string + preserveUrlFragmentsForLogins: + description: |- + Should the fragments from the request be preserved after the login request is made. Defaults to false. + Should the fragments from the request be preserved after the login request is made. Defaults to `false`. + type: boolean + tokenRefreshExtensionTime: + description: |- + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to 72 hours. + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. + type: number + tokenStoreEnabled: + description: |- + Should the Token Store configuration Enabled. Defaults to false + Should the Token Store configuration Enabled. Defaults to `false` + type: boolean + tokenStorePath: + description: |- + The directory path in the App Filesystem in which the tokens will be stored. + The directory path in the App Filesystem in which the tokens will be stored. + type: string + tokenStoreSasSettingName: + description: |- + The name of the app setting which contains the SAS URL of the blob storage containing the tokens. + The name of the app setting which contains the SAS URL of the blob storage containing the tokens. + type: string + validateNonce: + description: |- + Should the nonce be validated while completing the login flow. Defaults to true. + Should the nonce be validated while completing the login flow. Defaults to `true`. + type: boolean + type: object + microsoftV2: + description: A microsoft_v2 block as defined below. + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OAuth 2.0 client ID that was created for the app used for authentication. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + The list of Login scopes that will be requested as part of Microsoft Account authentication. + items: + type: string + type: array + type: object + requireAuthentication: + description: |- + Should the authentication flow be used for all requests. + Should the authentication flow be used for all requests. + type: boolean + requireHttps: + description: |- + Should HTTPS be required on connections? Defaults to true. + Should HTTPS be required on connections? Defaults to true. + type: boolean + runtimeVersion: + description: |- + The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to ~1. + The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to `~1` + type: string + twitterV2: + description: A twitter_v2 block as defined below. + properties: + consumerKey: + description: |- + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + type: string + consumerSecretSettingName: + description: |- + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + type: string + type: object + unauthenticatedAction: + description: |- + The action to take for requests made without authentication. Possible values include RedirectToLoginPage, AllowAnonymous, Return401, and Return403. Defaults to RedirectToLoginPage. + The action to take for requests made without authentication. Possible values include `RedirectToLoginPage`, `AllowAnonymous`, `Return401`, and `Return403`. Defaults to `RedirectToLoginPage`. + type: string + type: object + backup: + description: A backup block as defined below. + properties: + enabled: + description: |- + Should this backup job be enabled? Defaults to true. + Should this backup job be enabled? + type: boolean + name: + description: |- + The name which should be used for this Backup. + The name which should be used for this Backup. + type: string + schedule: + description: A schedule block as defined below. + properties: + frequencyInterval: + description: |- + How often the backup should be executed (e.g. for weekly backup, this should be set to 7 and frequency_unit should be set to Day). + How often the backup should be executed (e.g. for weekly backup, this should be set to `7` and `frequency_unit` should be set to `Day`). + type: number + frequencyUnit: + description: |- + The unit of time for how often the backup should take place. Possible values include: Day and Hour. + The unit of time for how often the backup should take place. Possible values include: `Day` and `Hour`. + type: string + keepAtLeastOneBackup: + description: |- + Should the service keep at least one backup, regardless of age of backup. Defaults to false. + Should the service keep at least one backup, regardless of age of backup. Defaults to `false`. + type: boolean + retentionPeriodDays: + description: |- + After how many days backups should be deleted. Defaults to 30. + After how many days backups should be deleted. + type: number + startTime: + description: |- + When the schedule should start working in RFC-3339 format. + When the schedule should start working in RFC-3339 format. + type: string + type: object + storageAccountUrlSecretRef: + description: |- + The SAS URL to the container. + The SAS URL to the container. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + builtinLoggingEnabled: + description: |- + Should built in logging be enabled. Configures AzureWebJobsDashboard app setting based on the configured storage setting. Defaults to true. + Should built in logging be enabled. Configures `AzureWebJobsDashboard` app setting based on the configured storage setting + type: boolean + clientCertificateEnabled: + description: |- + Should the function app use Client Certificates. + Should the function app use Client Certificates + type: boolean + clientCertificateExclusionPaths: + description: |- + Paths to exclude when using client certificates, separated by ; + Paths to exclude when using client certificates, separated by ; + type: string + clientCertificateMode: + description: |- + The mode of the Function App's client certificates requirement for incoming requests. Possible values are Required, Optional, and OptionalInteractiveUser. Defaults to Optional. + The mode of the Function App's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser` + type: string + connectionString: + description: One or more connection_string blocks as defined below. + items: + properties: + name: + description: |- + The name which should be used for this Connection. + The name which should be used for this Connection. + type: string + type: + description: |- + Type of database. Possible values include: MySQL, SQLServer, SQLAzure, Custom, NotificationHub, ServiceBus, EventHub, APIHub, DocDb, RedisCache, and PostgreSQL. + Type of database. Possible values include: `MySQL`, `SQLServer`, `SQLAzure`, `Custom`, `NotificationHub`, `ServiceBus`, `EventHub`, `APIHub`, `DocDb`, `RedisCache`, and `PostgreSQL`. + type: string + valueSecretRef: + description: |- + The connection string value. + The connection string value. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + type: array + contentShareForceDisabled: + description: |- + Should the settings for linking the Function App to storage be suppressed. + Force disable the content share settings. + type: boolean + dailyMemoryTimeQuota: + description: |- + The amount of memory in gigabyte-seconds that your application is allowed to consume per day. Setting this value only affects function apps under the consumption plan. Defaults to 0. + The amount of memory in gigabyte-seconds that your application is allowed to consume per day. Setting this value only affects function apps in Consumption Plans. + type: number + enabled: + description: |- + Is the Function App enabled? Defaults to true. + Is the Linux Function App enabled. + type: boolean + ftpPublishBasicAuthenticationEnabled: + description: Should the default FTP Basic Authentication publishing + profile be enabled. Defaults to true. + type: boolean + functionsExtensionVersion: + description: |- + The runtime version associated with the Function App. Defaults to ~4. + The runtime version associated with the Function App. + type: string + httpsOnly: + description: |- + Can the Function App only be accessed via HTTPS? Defaults to false. + Can the Function App only be accessed via HTTPS? + type: boolean + identity: + description: A identity block as defined below. + properties: + identityIds: + description: A list of User Assigned Managed Identity IDs + to be assigned to this Linux Function App. + items: + type: string + type: array + x-kubernetes-list-type: set + type: + description: Specifies the type of Managed Service Identity + that should be configured on this Linux Function App. Possible + values are SystemAssigned, UserAssigned, SystemAssigned, + UserAssigned (to enable both). + type: string + type: object + keyVaultReferenceIdentityId: + description: |- + The User Assigned Identity ID used for accessing KeyVault secrets. The identity must be assigned to the application in the identity block. For more information see - Access vaults with a user-assigned identity + The User Assigned Identity to use for Key Vault access. + type: string + location: + description: The Azure Region where the Linux Function App should + exist. Changing this forces a new Linux Function App to be created. + type: string + name: + description: |- + The name which should be used for this Linux Function App. Changing this forces a new Linux Function App to be created. Limit the function name to 32 characters to avoid naming collisions. For more information about Function App naming rule and Host ID Collisions + Specifies the name of the Function App. + type: string + publicNetworkAccessEnabled: + description: Should public network access be enabled for the Function + App. Defaults to true. + type: boolean + resourceGroupName: + description: The name of the Resource Group where the Linux Function + App should exist. Changing this forces a new Linux Function + App to be created. + type: string + resourceGroupNameRef: + description: Reference to a ResourceGroup in azure to populate + resourceGroupName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + resourceGroupNameSelector: + description: Selector for a ResourceGroup in azure to populate + resourceGroupName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + servicePlanId: + description: |- + The ID of the App Service Plan within which to create this Function App. + The ID of the App Service Plan within which to create this Function App + type: string + servicePlanIdRef: + description: Reference to a ServicePlan in web to populate servicePlanId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + servicePlanIdSelector: + description: Selector for a ServicePlan in web to populate servicePlanId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + siteConfig: + description: A site_config block as defined below. + properties: + alwaysOn: + description: |- + If this Linux Web App is Always On enabled. Defaults to false. + If this Linux Web App is Always On enabled. Defaults to `false`. + type: boolean + apiDefinitionUrl: + description: |- + The URL of the API definition that describes this Linux Function App. + The URL of the API definition that describes this Linux Function App. + type: string + apiManagementApiId: + description: |- + The ID of the API Management API for this Linux Function App. + The ID of the API Management API for this Linux Function App. + type: string + appCommandLine: + description: |- + The App command line to launch. + The program and any arguments used to launch this app via the command line. (Example `node myapp.js`). + type: string + appScaleLimit: + description: |- + The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. + The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. + type: number + appServiceLogs: + description: An app_service_logs block as defined above. + properties: + diskQuotaMb: + description: |- + The amount of disk space to use for logs. Valid values are between 25 and 100. Defaults to 35. + The amount of disk space to use for logs. Valid values are between `25` and `100`. + type: number + retentionPeriodDays: + description: |- + After how many days backups should be deleted. Defaults to 30. + The retention period for logs in days. Valid values are between `0` and `99999`. Defaults to `0` (never delete). + type: number + type: object + applicationInsightsConnectionStringSecretRef: + description: |- + The Connection String for linking the Linux Function App to Application Insights. + The Connection String for linking the Linux Function App to Application Insights. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + applicationInsightsKeySecretRef: + description: |- + The Instrumentation Key for connecting the Linux Function App to Application Insights. + The Instrumentation Key for connecting the Linux Function App to Application Insights. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + applicationStack: + description: An application_stack block as defined above. + properties: + docker: + description: |- + One or more docker blocks as defined below. + A docker block + items: + properties: + imageName: + description: |- + The name of the Docker image to use. + The name of the Docker image to use. + type: string + imageTag: + description: |- + The image tag of the image to use. + The image tag of the image to use. + type: string + registryPasswordSecretRef: + description: |- + The password for the account to use to connect to the registry. + The password for the account to use to connect to the registry. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + registryUrl: + description: |- + The URL of the docker registry. + The URL of the docker registry. + type: string + registryUsernameSecretRef: + description: |- + The username to use for connections to the registry. + The username to use for connections to the registry. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + type: array + dotnetVersion: + description: |- + The version of .NET to use. Possible values include 3.1, 6.0, 7.0 and 8.0. + The version of .Net. Possible values are `3.1`, `6.0` and `7.0` + type: string + javaVersion: + description: |- + The Version of Java to use. Supported versions include 8, 11 & 17. + The version of Java to use. Possible values are `8`, `11`, and `17` + type: string + nodeVersion: + description: |- + The version of Node to run. Possible values include 12, 14, 16, 18 and 20. + The version of Node to use. Possible values include `12`, `14`, `16`, `18` and `20` + type: string + powershellCoreVersion: + description: |- + The version of PowerShell Core to run. Possible values are 7, 7.2, and 7.4. + The version of PowerShell Core to use. Possibles values are `7`, `7.2`, and `7.4` + type: string + pythonVersion: + description: |- + The version of Python to run. Possible values are 3.12, 3.11, 3.10, 3.9, 3.8 and 3.7. + The version of Python to use. Possible values include `3.12`, `3.11`, `3.10`, `3.9`, `3.8`, and `3.7`. + type: string + useCustomRuntime: + description: Should the Linux Function App use a custom + runtime? + type: boolean + useDotnetIsolatedRuntime: + description: |- + Should the DotNet process use an isolated runtime. Defaults to false. + Should the DotNet process use an isolated runtime. Defaults to `false`. + type: boolean + type: object + containerRegistryManagedIdentityClientId: + description: |- + The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. + The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. + type: string + containerRegistryUseManagedIdentity: + description: |- + Should connections for Azure Container Registry use Managed Identity. + Should connections for Azure Container Registry use Managed Identity. + type: boolean + cors: + description: A cors block as defined above. + properties: + allowedOrigins: + description: |- + Specifies a list of origins that should be allowed to make cross-origin calls. + Specifies a list of origins that should be allowed to make cross-origin calls. + items: + type: string + type: array + x-kubernetes-list-type: set + supportCredentials: + description: |- + Are credentials allowed in CORS requests? Defaults to false. + Are credentials allowed in CORS requests? Defaults to `false`. + type: boolean + type: object + defaultDocuments: + description: |- + Specifies a list of Default Documents for the Linux Web App. + Specifies a list of Default Documents for the Linux Web App. + items: + type: string + type: array + elasticInstanceMinimum: + description: |- + The number of minimum instances for this Linux Function App. Only affects apps on Elastic Premium plans. + The number of minimum instances for this Linux Function App. Only affects apps on Elastic Premium plans. + type: number + ftpsState: + description: |- + State of FTP / FTPS service for this function app. Possible values include: AllAllowed, FtpsOnly and Disabled. Defaults to Disabled. + State of FTP / FTPS service for this function app. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. Defaults to `Disabled`. + type: string + healthCheckEvictionTimeInMin: + description: |- + The amount of time in minutes that a node can be unhealthy before being removed from the load balancer. Possible values are between 2 and 10. Only valid in conjunction with health_check_path. + The amount of time in minutes that a node is unhealthy before being removed from the load balancer. Possible values are between `2` and `10`. Only valid in conjunction with `health_check_path` + type: number + healthCheckPath: + description: |- + The path to be checked for this function app health. + The path to be checked for this function app health. + type: string + http2Enabled: + description: |- + Specifies if the HTTP2 protocol should be enabled. Defaults to false. + Specifies if the http2 protocol should be enabled. Defaults to `false`. + type: boolean + ipRestriction: + description: One or more ip_restriction blocks as defined + above. + items: + properties: + action: + description: |- + The action to take. Possible values are Allow or Deny. Defaults to Allow. + The action to take. Possible values are `Allow` or `Deny`. + type: string + description: + description: |- + The Description of this IP Restriction. + The description of the IP restriction rule. + type: string + headers: + description: A headers block as defined above. + properties: + xAzureFdid: + description: Specifies a list of Azure Front Door + IDs. + items: + type: string + type: array + xFdHealthProbe: + description: Specifies if a Front Door Health Probe + should be expected. The only possible value is + 1. + items: + type: string + type: array + xForwardedFor: + description: Specifies a list of addresses for which + matching should be applied. Omitting this value + means allow any. + items: + type: string + type: array + xForwardedHost: + description: Specifies a list of Hosts for which + matching should be applied. + items: + type: string + type: array + type: object + ipAddress: + description: |- + The CIDR notation of the IP or IP Range to match. For example: 10.0.0.0/24 or 192.168.10.1/32 + The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` or `fe80::/64` or `13.107.6.152/31,13.107.128.0/22` + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name which should be used for this `ip_restriction`. + type: string + priority: + description: |- + The priority value of this ip_restriction. Defaults to 65000. + The priority value of this `ip_restriction`. + type: number + serviceTag: + description: |- + The Service Tag used for this IP Restriction. + The Service Tag used for this IP Restriction. + type: string + virtualNetworkSubnetId: + description: |- + The subnet id which will be used by this Function App for regional virtual network integration. + The Virtual Network Subnet ID used for this IP Restriction. + type: string + virtualNetworkSubnetIdRef: + description: Reference to a Subnet in network to populate + virtualNetworkSubnetId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + virtualNetworkSubnetIdSelector: + description: Selector for a Subnet in network to populate + virtualNetworkSubnetId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with + matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + ipRestrictionDefaultAction: + description: The Default action for traffic that does not + match any ip_restriction rule. possible values include Allow + and Deny. Defaults to Allow. + type: string + loadBalancingMode: + description: |- + The Site load balancing mode. Possible values include: WeightedRoundRobin, LeastRequests, LeastResponseTime, WeightedTotalTraffic, RequestHash, PerSiteRoundRobin. Defaults to LeastRequests if omitted. + The Site load balancing mode. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. + type: string + managedPipelineMode: + description: |- + Managed pipeline mode. Possible values include: Integrated, Classic. Defaults to Integrated. + The Managed Pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. + type: string + minimumTlsVersion: + description: |- + The configures the minimum version of TLS required for SSL requests. Possible values include: 1.0, 1.1, and 1.2. Defaults to 1.2. + The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. + type: string + preWarmedInstanceCount: + description: |- + The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan. + The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan. + type: number + remoteDebuggingEnabled: + description: |- + Should Remote Debugging be enabled. Defaults to false. + Should Remote Debugging be enabled. Defaults to `false`. + type: boolean + remoteDebuggingVersion: + description: |- + The Remote Debugging Version. Possible values include VS2017, VS2019, and VS2022. + The Remote Debugging Version. Possible values include `VS2017`, `VS2019`, and `VS2022“ + type: string + runtimeScaleMonitoringEnabled: + description: |- + Should Scale Monitoring of the Functions Runtime be enabled? + Should Functions Runtime Scale Monitoring be enabled. + type: boolean + scmIpRestriction: + description: One or more scm_ip_restriction blocks as defined + above. + items: + properties: + action: + description: |- + The action to take. Possible values are Allow or Deny. Defaults to Allow. + The action to take. Possible values are `Allow` or `Deny`. + type: string + description: + description: |- + The Description of this IP Restriction. + The description of the IP restriction rule. + type: string + headers: + description: A headers block as defined above. + properties: + xAzureFdid: + description: Specifies a list of Azure Front Door + IDs. + items: + type: string + type: array + xFdHealthProbe: + description: Specifies if a Front Door Health Probe + should be expected. The only possible value is + 1. + items: + type: string + type: array + xForwardedFor: + description: Specifies a list of addresses for which + matching should be applied. Omitting this value + means allow any. + items: + type: string + type: array + xForwardedHost: + description: Specifies a list of Hosts for which + matching should be applied. + items: + type: string + type: array + type: object + ipAddress: + description: |- + The CIDR notation of the IP or IP Range to match. For example: 10.0.0.0/24 or 192.168.10.1/32 + The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` or `fe80::/64` or `13.107.6.152/31,13.107.128.0/22` + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name which should be used for this `ip_restriction`. + type: string + priority: + description: |- + The priority value of this ip_restriction. Defaults to 65000. + The priority value of this `ip_restriction`. + type: number + serviceTag: + description: |- + The Service Tag used for this IP Restriction. + The Service Tag used for this IP Restriction. + type: string + virtualNetworkSubnetId: + description: |- + The subnet id which will be used by this Function App for regional virtual network integration. + The Virtual Network Subnet ID used for this IP Restriction. + type: string + virtualNetworkSubnetIdRef: + description: Reference to a Subnet in network to populate + virtualNetworkSubnetId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + virtualNetworkSubnetIdSelector: + description: Selector for a Subnet in network to populate + virtualNetworkSubnetId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with + matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + scmIpRestrictionDefaultAction: + description: The Default action for traffic that does not + match any scm_ip_restriction rule. possible values include + Allow and Deny. Defaults to Allow. + type: string + scmMinimumTlsVersion: + description: |- + Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: 1.0, 1.1, and 1.2. Defaults to 1.2. + Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. + type: string + scmUseMainIpRestriction: + description: |- + Should the Linux Function App ip_restriction configuration be used for the SCM also. + Should the Linux Function App `ip_restriction` configuration be used for the SCM also. + type: boolean + use32BitWorker: + description: |- + Should the Linux Web App use a 32-bit worker process. Defaults to false. + Should the Linux Web App use a 32-bit worker. + type: boolean + vnetRouteAllEnabled: + description: |- + Should all outbound traffic to have NAT Gateways, Network Security Groups and User Defined Routes applied? Defaults to false. + Should all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied? Defaults to `false`. + type: boolean + websocketsEnabled: + description: |- + Should Web Sockets be enabled. Defaults to false. + Should Web Sockets be enabled. Defaults to `false`. + type: boolean + workerCount: + description: |- + The number of Workers for this Linux Function App. + The number of Workers for this Linux Function App. + type: number + type: object + stickySettings: + description: A sticky_settings block as defined below. + properties: + appSettingNames: + description: A list of app_setting names that the Linux Function + App will not swap between Slots when a swap operation is + triggered. + items: + type: string + type: array + connectionStringNames: + description: A list of connection_string names that the Linux + Function App will not swap between Slots when a swap operation + is triggered. + items: + type: string + type: array + type: object + storageAccount: + description: One or more storage_account blocks as defined below. + items: + properties: + accessKeySecretRef: + description: The Access key for the storage account. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + accountName: + description: The Name of the Storage Account. + type: string + mountPath: + description: The path at which to mount the storage share. + type: string + name: + description: The name which should be used for this Storage + Account. + type: string + shareName: + description: The Name of the File Share or Container Name + for Blob storage. + type: string + type: + description: The Azure Storage Type. Possible values include + AzureFiles and AzureBlob. + type: string + type: object + type: array + storageAccountAccessKeySecretRef: + description: |- + The access key which will be used to access the backend storage account for the Function App. Conflicts with storage_uses_managed_identity. + The access key which will be used to access the storage account for the Function App. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + storageAccountName: + description: |- + The backend storage account name which will be used by this Function App. + The backend storage account name which will be used by this Function App. + type: string + storageAccountNameRef: + description: Reference to a Account in storage to populate storageAccountName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + storageAccountNameSelector: + description: Selector for a Account in storage to populate storageAccountName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + storageKeyVaultSecretId: + description: |- + The Key Vault Secret ID, optionally including version, that contains the Connection String to connect to the storage account for this Function App. + The Key Vault Secret ID, including version, that contains the Connection String to connect to the storage account for this Function App. + type: string + storageUsesManagedIdentity: + description: |- + Should the Function App use Managed Identity to access the storage account. Conflicts with storage_account_access_key. + Should the Function App use its Managed Identity to access storage? + type: boolean + tags: + additionalProperties: + type: string + description: A mapping of tags which should be assigned to the + Linux Function App. + type: object + x-kubernetes-map-type: granular + virtualNetworkSubnetId: + description: The subnet id which will be used by this Function + App for regional virtual network integration. + type: string + virtualNetworkSubnetIdRef: + description: Reference to a Subnet in network to populate virtualNetworkSubnetId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + virtualNetworkSubnetIdSelector: + description: Selector for a Subnet in network to populate virtualNetworkSubnetId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + webdeployPublishBasicAuthenticationEnabled: + description: Should the default WebDeploy Basic Authentication + publishing credentials enabled. Defaults to true. + type: boolean + zipDeployFile: + description: |- + The local path and filename of the Zip packaged application to deploy to this Linux Function App. + The local path and filename of the Zip packaged application to deploy to this Linux Function App. **Note:** Using this value requires either `WEBSITE_RUN_FROM_PACKAGE=1` or `SCM_DO_BUILD_DURING_DEPLOYMENT=true` to be set on the App in `app_settings`. + type: string + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + appSettings: + additionalProperties: + type: string + description: |- + A map of key-value pairs for App Settings and custom values. + A map of key-value pairs for [App Settings](https://docs.microsoft.com/en-us/azure/azure-functions/functions-app-settings) and custom values. + type: object + x-kubernetes-map-type: granular + authSettings: + description: A auth_settings block as defined below. + properties: + activeDirectory: + description: An active_directory block as defined above. + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Active Directory. + type: string + clientSecretSecretRef: + description: |- + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret_setting_name. + The Client Secret for the Client ID. Cannot be used with `client_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The App Setting name that contains the client secret of the Client. Cannot be used with `client_secret`. + type: string + type: object + additionalLoginParameters: + additionalProperties: + type: string + description: |- + Specifies a map of login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. + Specifies a map of Login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. + type: object + x-kubernetes-map-type: granular + allowedExternalRedirectUrls: + description: |- + Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Linux Web App. + Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Windows Web App. + items: + type: string + type: array + defaultProvider: + description: |- + The default authentication provider to use when multiple providers are configured. Possible values include: AzureActiveDirectory, Facebook, Google, MicrosoftAccount, Twitter, Github + The default authentication provider to use when multiple providers are configured. Possible values include: `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount`, `Twitter`, `Github`. + type: string + enabled: + description: |- + Should the Authentication / Authorization feature be enabled for the Linux Web App? + Should the Authentication / Authorization feature be enabled? + type: boolean + facebook: + description: A facebook block as defined below. + properties: + appId: + description: |- + The App ID of the Facebook app used for login. + The App ID of the Facebook app used for login. + type: string + appSecretSecretRef: + description: |- + The App Secret of the Facebook app used for Facebook login. Cannot be specified with app_secret_setting_name. + The App Secret of the Facebook app used for Facebook Login. Cannot be specified with `app_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + appSecretSettingName: + description: |- + The app setting name that contains the app_secret value used for Facebook Login. + The app setting name that contains the `app_secret` value used for Facebook Login. Cannot be specified with `app_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes to be requested as part of Facebook Login authentication. + items: + type: string + type: array + type: object + github: + description: A github block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the GitHub app used for login. + type: string + clientSecretSecretRef: + description: |- + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret_setting_name. + The Client Secret of the GitHub app used for GitHub Login. Cannot be specified with `client_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for GitHub Login. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub Login authentication. + items: + type: string + type: array + type: object + google: + description: A google block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Google web application. + type: string + clientSecretSecretRef: + description: |- + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret_setting_name. + The client secret associated with the Google web application. Cannot be specified with `client_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Google Login. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. If not specified, "openid", "profile", and "email" are used as default scopes. + items: + type: string + type: array + type: object + issuer: + description: |- + The OpenID Connect Issuer URI that represents the entity which issues access tokens for this Linux Web App. + The OpenID Connect Issuer URI that represents the entity which issues access tokens. + type: string + microsoft: + description: A microsoft block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OAuth 2.0 client ID that was created for the app used for authentication. + type: string + clientSecretSecretRef: + description: |- + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with client_secret_setting_name. + The OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `client_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + The list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, `wl.basic` is used as the default scope. + items: + type: string + type: array + type: object + runtimeVersion: + description: |- + The RuntimeVersion of the Authentication / Authorization feature in use for the Linux Web App. + The RuntimeVersion of the Authentication / Authorization feature in use. + type: string + tokenRefreshExtensionHours: + description: |- + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to 72 hours. + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. + type: number + tokenStoreEnabled: + description: |- + Should the Linux Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to false. + Should the Windows Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to `false`. + type: boolean + twitter: + description: A twitter block as defined below. + properties: + consumerKey: + description: |- + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + type: string + consumerSecretSecretRef: + description: |- + The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with consumer_secret_setting_name. + The OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumer_secret_setting_name`. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + consumerSecretSettingName: + description: |- + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumer_secret`. + type: string + type: object + unauthenticatedClientAction: + description: |- + The action to take when an unauthenticated client attempts to access the app. Possible values include: RedirectToLoginPage, AllowAnonymous. + The action to take when an unauthenticated client attempts to access the app. Possible values include: `RedirectToLoginPage`, `AllowAnonymous`. + type: string + type: object + authSettingsV2: + description: An auth_settings_v2 block as defined below. + properties: + activeDirectoryV2: + description: An active_directory_v2 block as defined below. + properties: + allowedApplications: + description: |- + The list of allowed Applications for the Default Authorisation Policy. + The list of allowed Applications for the Default Authorisation Policy. + items: + type: string + type: array + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. + items: + type: string + type: array + allowedGroups: + description: |- + The list of allowed Group Names for the Default Authorisation Policy. + The list of allowed Group Names for the Default Authorisation Policy. + items: + type: string + type: array + allowedIdentities: + description: |- + The list of allowed Identities for the Default Authorisation Policy. + The list of allowed Identities for the Default Authorisation Policy. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Active Directory. + type: string + clientSecretCertificateThumbprint: + description: |- + The thumbprint of the certificate used for signing purposes. + The thumbprint of the certificate used for signing purposes. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The App Setting name that contains the client secret of the Client. + type: string + jwtAllowedClientApplications: + description: |- + A list of Allowed Client Applications in the JWT Claim. + A list of Allowed Client Applications in the JWT Claim. + items: + type: string + type: array + jwtAllowedGroups: + description: |- + A list of Allowed Groups in the JWT Claim. + A list of Allowed Groups in the JWT Claim. + items: + type: string + type: array + loginParameters: + additionalProperties: + type: string + description: |- + A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. + A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. + type: object + x-kubernetes-map-type: granular + tenantAuthEndpoint: + description: |- + The Azure Tenant Endpoint for the Authenticating Tenant. e.g. https://login.microsoftonline.com/{tenant-guid}/v2.0/ + The Azure Tenant Endpoint for the Authenticating Tenant. e.g. `https://login.microsoftonline.com/v2.0/{tenant-guid}/`. + type: string + wwwAuthenticationDisabled: + description: |- + Should the www-authenticate provider should be omitted from the request? Defaults to false. + Should the www-authenticate provider should be omitted from the request? Defaults to `false` + type: boolean + type: object + appleV2: + description: An apple_v2 block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Apple web application. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Apple Login. + type: string + type: object + authEnabled: + description: |- + Should the AuthV2 Settings be enabled. Defaults to false. + Should the AuthV2 Settings be enabled. Defaults to `false` + type: boolean + azureStaticWebAppV2: + description: An azure_static_web_app_v2 block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Static Web App Authentication. + type: string + type: object + configFilePath: + description: |- + The path to the App Auth settings. + The path to the App Auth settings. **Note:** Relative Paths are evaluated from the Site Root directory. + type: string + customOidcV2: + description: Zero or more custom_oidc_v2 blocks as defined + below. + items: + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with this Custom OIDC. + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name of the Custom OIDC Authentication Provider. + type: string + nameClaimType: + description: |- + The name of the claim that contains the users name. + The name of the claim that contains the users name. + type: string + openidConfigurationEndpoint: + description: |- + The app setting name that contains the client_secret value used for the Custom OIDC Login. + The endpoint that contains all the configuration endpoints for this Custom OIDC provider. + type: string + scopes: + description: |- + The list of the scopes that should be requested while authenticating. + The list of the scopes that should be requested while authenticating. + items: + type: string + type: array + type: object + type: array + defaultProvider: + description: |- + The Default Authentication Provider to use when the unauthenticated_action is set to RedirectToLoginPage. Possible values include: apple, azureactivedirectory, facebook, github, google, twitter and the name of your custom_oidc_v2 provider. + The Default Authentication Provider to use when the `unauthenticated_action` is set to `RedirectToLoginPage`. Possible values include: `apple`, `azureactivedirectory`, `facebook`, `github`, `google`, `twitter` and the `name` of your `custom_oidc_v2` provider. + type: string + excludedPaths: + description: |- + The paths which should be excluded from the unauthenticated_action when it is set to RedirectToLoginPage. + The paths which should be excluded from the `unauthenticated_action` when it is set to `RedirectToLoginPage`. + items: + type: string + type: array + facebookV2: + description: A facebook_v2 block as defined below. + properties: + appId: + description: |- + The App ID of the Facebook app used for login. + The App ID of the Facebook app used for login. + type: string + appSecretSettingName: + description: |- + The app setting name that contains the app_secret value used for Facebook Login. + The app setting name that contains the `app_secret` value used for Facebook Login. + type: string + graphApiVersion: + description: |- + The version of the Facebook API to be used while logging in. + The version of the Facebook API to be used while logging in. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of scopes to be requested as part of Facebook Login authentication. + items: + type: string + type: array + type: object + forwardProxyConvention: + description: |- + The convention used to determine the url of the request made. Possible values include NoProxy, Standard, Custom. Defaults to NoProxy. + The convention used to determine the url of the request made. Possible values include `ForwardProxyConventionNoProxy`, `ForwardProxyConventionStandard`, `ForwardProxyConventionCustom`. Defaults to `ForwardProxyConventionNoProxy` + type: string + forwardProxyCustomHostHeaderName: + description: |- + The name of the custom header containing the host of the request. + The name of the header containing the host of the request. + type: string + forwardProxyCustomSchemeHeaderName: + description: |- + The name of the custom header containing the scheme of the request. + The name of the header containing the scheme of the request. + type: string + githubV2: + description: A github_v2 block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the GitHub app used for login. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for GitHub Login. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub Login authentication. + items: + type: string + type: array + type: object + googleV2: + description: A google_v2 block as defined below. + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed Audiences that will be requested as part of Google Sign-In authentication. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Google web application. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Google Login. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of Login scopes that will be requested as part of Google Sign-In authentication. + items: + type: string + type: array + type: object + httpRouteApiPrefix: + description: |- + The prefix that should precede all the authentication and authorisation paths. Defaults to /.auth. + The prefix that should precede all the authentication and authorisation paths. Defaults to `/.auth` + type: string + login: + description: A login block as defined below. + properties: + allowedExternalRedirectUrls: + description: |- + External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. + External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. **Note:** URLs within the current domain are always implicitly allowed. + items: + type: string + type: array + cookieExpirationConvention: + description: |- + The method by which cookies expire. Possible values include: FixedTime, and IdentityProviderDerived. Defaults to FixedTime. + The method by which cookies expire. Possible values include: `FixedTime`, and `IdentityProviderDerived`. Defaults to `FixedTime`. + type: string + cookieExpirationTime: + description: |- + The time after the request is made when the session cookie should expire. Defaults to 08:00:00. + The time after the request is made when the session cookie should expire. Defaults to `08:00:00`. + type: string + logoutEndpoint: + description: |- + The endpoint to which logout requests should be made. + The endpoint to which logout requests should be made. + type: string + nonceExpirationTime: + description: |- + The time after the request is made when the nonce should expire. Defaults to 00:05:00. + The time after the request is made when the nonce should expire. Defaults to `00:05:00`. + type: string + preserveUrlFragmentsForLogins: + description: |- + Should the fragments from the request be preserved after the login request is made. Defaults to false. + Should the fragments from the request be preserved after the login request is made. Defaults to `false`. + type: boolean + tokenRefreshExtensionTime: + description: |- + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to 72 hours. + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. + type: number + tokenStoreEnabled: + description: |- + Should the Token Store configuration Enabled. Defaults to false + Should the Token Store configuration Enabled. Defaults to `false` + type: boolean + tokenStorePath: + description: |- + The directory path in the App Filesystem in which the tokens will be stored. + The directory path in the App Filesystem in which the tokens will be stored. + type: string + tokenStoreSasSettingName: + description: |- + The name of the app setting which contains the SAS URL of the blob storage containing the tokens. + The name of the app setting which contains the SAS URL of the blob storage containing the tokens. + type: string + validateNonce: + description: |- + Should the nonce be validated while completing the login flow. Defaults to true. + Should the nonce be validated while completing the login flow. Defaults to `true`. + type: boolean + type: object + microsoftV2: + description: A microsoft_v2 block as defined below. + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OAuth 2.0 client ID that was created for the app used for authentication. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + The list of Login scopes that will be requested as part of Microsoft Account authentication. + items: + type: string + type: array + type: object + requireAuthentication: + description: |- + Should the authentication flow be used for all requests. + Should the authentication flow be used for all requests. + type: boolean + requireHttps: + description: |- + Should HTTPS be required on connections? Defaults to true. + Should HTTPS be required on connections? Defaults to true. + type: boolean + runtimeVersion: + description: |- + The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to ~1. + The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to `~1` + type: string + twitterV2: + description: A twitter_v2 block as defined below. + properties: + consumerKey: + description: |- + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + type: string + consumerSecretSettingName: + description: |- + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + type: string + type: object + unauthenticatedAction: + description: |- + The action to take for requests made without authentication. Possible values include RedirectToLoginPage, AllowAnonymous, Return401, and Return403. Defaults to RedirectToLoginPage. + The action to take for requests made without authentication. Possible values include `RedirectToLoginPage`, `AllowAnonymous`, `Return401`, and `Return403`. Defaults to `RedirectToLoginPage`. + type: string + type: object + backup: + description: A backup block as defined below. + properties: + enabled: + description: |- + Should this backup job be enabled? Defaults to true. + Should this backup job be enabled? + type: boolean + name: + description: |- + The name which should be used for this Backup. + The name which should be used for this Backup. + type: string + schedule: + description: A schedule block as defined below. + properties: + frequencyInterval: + description: |- + How often the backup should be executed (e.g. for weekly backup, this should be set to 7 and frequency_unit should be set to Day). + How often the backup should be executed (e.g. for weekly backup, this should be set to `7` and `frequency_unit` should be set to `Day`). + type: number + frequencyUnit: + description: |- + The unit of time for how often the backup should take place. Possible values include: Day and Hour. + The unit of time for how often the backup should take place. Possible values include: `Day` and `Hour`. + type: string + keepAtLeastOneBackup: + description: |- + Should the service keep at least one backup, regardless of age of backup. Defaults to false. + Should the service keep at least one backup, regardless of age of backup. Defaults to `false`. + type: boolean + retentionPeriodDays: + description: |- + After how many days backups should be deleted. Defaults to 30. + After how many days backups should be deleted. + type: number + startTime: + description: |- + When the schedule should start working in RFC-3339 format. + When the schedule should start working in RFC-3339 format. + type: string + type: object + storageAccountUrlSecretRef: + description: |- + The SAS URL to the container. + The SAS URL to the container. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + required: + - storageAccountUrlSecretRef + type: object + builtinLoggingEnabled: + description: |- + Should built in logging be enabled. Configures AzureWebJobsDashboard app setting based on the configured storage setting. Defaults to true. + Should built in logging be enabled. Configures `AzureWebJobsDashboard` app setting based on the configured storage setting + type: boolean + clientCertificateEnabled: + description: |- + Should the function app use Client Certificates. + Should the function app use Client Certificates + type: boolean + clientCertificateExclusionPaths: + description: |- + Paths to exclude when using client certificates, separated by ; + Paths to exclude when using client certificates, separated by ; + type: string + clientCertificateMode: + description: |- + The mode of the Function App's client certificates requirement for incoming requests. Possible values are Required, Optional, and OptionalInteractiveUser. Defaults to Optional. + The mode of the Function App's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser` + type: string + connectionString: + description: One or more connection_string blocks as defined below. + items: + properties: + name: + description: |- + The name which should be used for this Connection. + The name which should be used for this Connection. + type: string + type: + description: |- + Type of database. Possible values include: MySQL, SQLServer, SQLAzure, Custom, NotificationHub, ServiceBus, EventHub, APIHub, DocDb, RedisCache, and PostgreSQL. + Type of database. Possible values include: `MySQL`, `SQLServer`, `SQLAzure`, `Custom`, `NotificationHub`, `ServiceBus`, `EventHub`, `APIHub`, `DocDb`, `RedisCache`, and `PostgreSQL`. + type: string + valueSecretRef: + description: |- + The connection string value. + The connection string value. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + required: + - valueSecretRef + type: object + type: array + contentShareForceDisabled: + description: |- + Should the settings for linking the Function App to storage be suppressed. + Force disable the content share settings. + type: boolean + dailyMemoryTimeQuota: + description: |- + The amount of memory in gigabyte-seconds that your application is allowed to consume per day. Setting this value only affects function apps under the consumption plan. Defaults to 0. + The amount of memory in gigabyte-seconds that your application is allowed to consume per day. Setting this value only affects function apps in Consumption Plans. + type: number + enabled: + description: |- + Is the Function App enabled? Defaults to true. + Is the Linux Function App enabled. + type: boolean + ftpPublishBasicAuthenticationEnabled: + description: Should the default FTP Basic Authentication publishing + profile be enabled. Defaults to true. + type: boolean + functionsExtensionVersion: + description: |- + The runtime version associated with the Function App. Defaults to ~4. + The runtime version associated with the Function App. + type: string + httpsOnly: + description: |- + Can the Function App only be accessed via HTTPS? Defaults to false. + Can the Function App only be accessed via HTTPS? + type: boolean + identity: + description: A identity block as defined below. + properties: + identityIds: + description: A list of User Assigned Managed Identity IDs + to be assigned to this Linux Function App. + items: + type: string + type: array + x-kubernetes-list-type: set + type: + description: Specifies the type of Managed Service Identity + that should be configured on this Linux Function App. Possible + values are SystemAssigned, UserAssigned, SystemAssigned, + UserAssigned (to enable both). + type: string + type: object + keyVaultReferenceIdentityId: + description: |- + The User Assigned Identity ID used for accessing KeyVault secrets. The identity must be assigned to the application in the identity block. For more information see - Access vaults with a user-assigned identity + The User Assigned Identity to use for Key Vault access. + type: string + location: + description: The Azure Region where the Linux Function App should + exist. Changing this forces a new Linux Function App to be created. + type: string + name: + description: |- + The name which should be used for this Linux Function App. Changing this forces a new Linux Function App to be created. Limit the function name to 32 characters to avoid naming collisions. For more information about Function App naming rule and Host ID Collisions + Specifies the name of the Function App. + type: string + publicNetworkAccessEnabled: + description: Should public network access be enabled for the Function + App. Defaults to true. + type: boolean + resourceGroupName: + description: The name of the Resource Group where the Linux Function + App should exist. Changing this forces a new Linux Function + App to be created. + type: string + resourceGroupNameRef: + description: Reference to a ResourceGroup in azure to populate + resourceGroupName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + resourceGroupNameSelector: + description: Selector for a ResourceGroup in azure to populate + resourceGroupName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + servicePlanId: + description: |- + The ID of the App Service Plan within which to create this Function App. + The ID of the App Service Plan within which to create this Function App + type: string + servicePlanIdRef: + description: Reference to a ServicePlan in web to populate servicePlanId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + servicePlanIdSelector: + description: Selector for a ServicePlan in web to populate servicePlanId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + siteConfig: + description: A site_config block as defined below. + properties: + alwaysOn: + description: |- + If this Linux Web App is Always On enabled. Defaults to false. + If this Linux Web App is Always On enabled. Defaults to `false`. + type: boolean + apiDefinitionUrl: + description: |- + The URL of the API definition that describes this Linux Function App. + The URL of the API definition that describes this Linux Function App. + type: string + apiManagementApiId: + description: |- + The ID of the API Management API for this Linux Function App. + The ID of the API Management API for this Linux Function App. + type: string + appCommandLine: + description: |- + The App command line to launch. + The program and any arguments used to launch this app via the command line. (Example `node myapp.js`). + type: string + appScaleLimit: + description: |- + The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. + The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. + type: number + appServiceLogs: + description: An app_service_logs block as defined above. + properties: + diskQuotaMb: + description: |- + The amount of disk space to use for logs. Valid values are between 25 and 100. Defaults to 35. + The amount of disk space to use for logs. Valid values are between `25` and `100`. + type: number + retentionPeriodDays: + description: |- + After how many days backups should be deleted. Defaults to 30. + The retention period for logs in days. Valid values are between `0` and `99999`. Defaults to `0` (never delete). + type: number + type: object + applicationInsightsConnectionStringSecretRef: + description: |- + The Connection String for linking the Linux Function App to Application Insights. + The Connection String for linking the Linux Function App to Application Insights. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + applicationInsightsKeySecretRef: + description: |- + The Instrumentation Key for connecting the Linux Function App to Application Insights. + The Instrumentation Key for connecting the Linux Function App to Application Insights. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + applicationStack: + description: An application_stack block as defined above. + properties: + docker: + description: |- + One or more docker blocks as defined below. + A docker block + items: + properties: + imageName: + description: |- + The name of the Docker image to use. + The name of the Docker image to use. + type: string + imageTag: + description: |- + The image tag of the image to use. + The image tag of the image to use. + type: string + registryPasswordSecretRef: + description: |- + The password for the account to use to connect to the registry. + The password for the account to use to connect to the registry. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + registryUrl: + description: |- + The URL of the docker registry. + The URL of the docker registry. + type: string + registryUsernameSecretRef: + description: |- + The username to use for connections to the registry. + The username to use for connections to the registry. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + type: object + type: array + dotnetVersion: + description: |- + The version of .NET to use. Possible values include 3.1, 6.0, 7.0 and 8.0. + The version of .Net. Possible values are `3.1`, `6.0` and `7.0` + type: string + javaVersion: + description: |- + The Version of Java to use. Supported versions include 8, 11 & 17. + The version of Java to use. Possible values are `8`, `11`, and `17` + type: string + nodeVersion: + description: |- + The version of Node to run. Possible values include 12, 14, 16, 18 and 20. + The version of Node to use. Possible values include `12`, `14`, `16`, `18` and `20` + type: string + powershellCoreVersion: + description: |- + The version of PowerShell Core to run. Possible values are 7, 7.2, and 7.4. + The version of PowerShell Core to use. Possibles values are `7`, `7.2`, and `7.4` + type: string + pythonVersion: + description: |- + The version of Python to run. Possible values are 3.12, 3.11, 3.10, 3.9, 3.8 and 3.7. + The version of Python to use. Possible values include `3.12`, `3.11`, `3.10`, `3.9`, `3.8`, and `3.7`. + type: string + useCustomRuntime: + description: Should the Linux Function App use a custom + runtime? + type: boolean + useDotnetIsolatedRuntime: + description: |- + Should the DotNet process use an isolated runtime. Defaults to false. + Should the DotNet process use an isolated runtime. Defaults to `false`. + type: boolean + type: object + containerRegistryManagedIdentityClientId: + description: |- + The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. + The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. + type: string + containerRegistryUseManagedIdentity: + description: |- + Should connections for Azure Container Registry use Managed Identity. + Should connections for Azure Container Registry use Managed Identity. + type: boolean + cors: + description: A cors block as defined above. + properties: + allowedOrigins: + description: |- + Specifies a list of origins that should be allowed to make cross-origin calls. + Specifies a list of origins that should be allowed to make cross-origin calls. + items: + type: string + type: array + x-kubernetes-list-type: set + supportCredentials: + description: |- + Are credentials allowed in CORS requests? Defaults to false. + Are credentials allowed in CORS requests? Defaults to `false`. + type: boolean + type: object + defaultDocuments: + description: |- + Specifies a list of Default Documents for the Linux Web App. + Specifies a list of Default Documents for the Linux Web App. + items: + type: string + type: array + elasticInstanceMinimum: + description: |- + The number of minimum instances for this Linux Function App. Only affects apps on Elastic Premium plans. + The number of minimum instances for this Linux Function App. Only affects apps on Elastic Premium plans. + type: number + ftpsState: + description: |- + State of FTP / FTPS service for this function app. Possible values include: AllAllowed, FtpsOnly and Disabled. Defaults to Disabled. + State of FTP / FTPS service for this function app. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. Defaults to `Disabled`. + type: string + healthCheckEvictionTimeInMin: + description: |- + The amount of time in minutes that a node can be unhealthy before being removed from the load balancer. Possible values are between 2 and 10. Only valid in conjunction with health_check_path. + The amount of time in minutes that a node is unhealthy before being removed from the load balancer. Possible values are between `2` and `10`. Only valid in conjunction with `health_check_path` + type: number + healthCheckPath: + description: |- + The path to be checked for this function app health. + The path to be checked for this function app health. + type: string + http2Enabled: + description: |- + Specifies if the HTTP2 protocol should be enabled. Defaults to false. + Specifies if the http2 protocol should be enabled. Defaults to `false`. + type: boolean + ipRestriction: + description: One or more ip_restriction blocks as defined + above. + items: + properties: + action: + description: |- + The action to take. Possible values are Allow or Deny. Defaults to Allow. + The action to take. Possible values are `Allow` or `Deny`. + type: string + description: + description: |- + The Description of this IP Restriction. + The description of the IP restriction rule. + type: string + headers: + description: A headers block as defined above. + properties: + xAzureFdid: + description: Specifies a list of Azure Front Door + IDs. + items: + type: string + type: array + xFdHealthProbe: + description: Specifies if a Front Door Health Probe + should be expected. The only possible value is + 1. + items: + type: string + type: array + xForwardedFor: + description: Specifies a list of addresses for which + matching should be applied. Omitting this value + means allow any. + items: + type: string + type: array + xForwardedHost: + description: Specifies a list of Hosts for which + matching should be applied. + items: + type: string + type: array + type: object + ipAddress: + description: |- + The CIDR notation of the IP or IP Range to match. For example: 10.0.0.0/24 or 192.168.10.1/32 + The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` or `fe80::/64` or `13.107.6.152/31,13.107.128.0/22` + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name which should be used for this `ip_restriction`. + type: string + priority: + description: |- + The priority value of this ip_restriction. Defaults to 65000. + The priority value of this `ip_restriction`. + type: number + serviceTag: + description: |- + The Service Tag used for this IP Restriction. + The Service Tag used for this IP Restriction. + type: string + virtualNetworkSubnetId: + description: |- + The subnet id which will be used by this Function App for regional virtual network integration. + The Virtual Network Subnet ID used for this IP Restriction. + type: string + virtualNetworkSubnetIdRef: + description: Reference to a Subnet in network to populate + virtualNetworkSubnetId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + virtualNetworkSubnetIdSelector: + description: Selector for a Subnet in network to populate + virtualNetworkSubnetId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with + matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + ipRestrictionDefaultAction: + description: The Default action for traffic that does not + match any ip_restriction rule. possible values include Allow + and Deny. Defaults to Allow. + type: string + loadBalancingMode: + description: |- + The Site load balancing mode. Possible values include: WeightedRoundRobin, LeastRequests, LeastResponseTime, WeightedTotalTraffic, RequestHash, PerSiteRoundRobin. Defaults to LeastRequests if omitted. + The Site load balancing mode. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. + type: string + managedPipelineMode: + description: |- + Managed pipeline mode. Possible values include: Integrated, Classic. Defaults to Integrated. + The Managed Pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. + type: string + minimumTlsVersion: + description: |- + The configures the minimum version of TLS required for SSL requests. Possible values include: 1.0, 1.1, and 1.2. Defaults to 1.2. + The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. + type: string + preWarmedInstanceCount: + description: |- + The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan. + The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan. + type: number + remoteDebuggingEnabled: + description: |- + Should Remote Debugging be enabled. Defaults to false. + Should Remote Debugging be enabled. Defaults to `false`. + type: boolean + remoteDebuggingVersion: + description: |- + The Remote Debugging Version. Possible values include VS2017, VS2019, and VS2022. + The Remote Debugging Version. Possible values include `VS2017`, `VS2019`, and `VS2022“ + type: string + runtimeScaleMonitoringEnabled: + description: |- + Should Scale Monitoring of the Functions Runtime be enabled? + Should Functions Runtime Scale Monitoring be enabled. + type: boolean + scmIpRestriction: + description: One or more scm_ip_restriction blocks as defined + above. + items: + properties: + action: + description: |- + The action to take. Possible values are Allow or Deny. Defaults to Allow. + The action to take. Possible values are `Allow` or `Deny`. + type: string + description: + description: |- + The Description of this IP Restriction. + The description of the IP restriction rule. + type: string + headers: + description: A headers block as defined above. + properties: + xAzureFdid: + description: Specifies a list of Azure Front Door + IDs. + items: + type: string + type: array + xFdHealthProbe: + description: Specifies if a Front Door Health Probe + should be expected. The only possible value is + 1. + items: + type: string + type: array + xForwardedFor: + description: Specifies a list of addresses for which + matching should be applied. Omitting this value + means allow any. + items: + type: string + type: array + xForwardedHost: + description: Specifies a list of Hosts for which + matching should be applied. + items: + type: string + type: array + type: object + ipAddress: + description: |- + The CIDR notation of the IP or IP Range to match. For example: 10.0.0.0/24 or 192.168.10.1/32 + The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` or `fe80::/64` or `13.107.6.152/31,13.107.128.0/22` + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name which should be used for this `ip_restriction`. + type: string + priority: + description: |- + The priority value of this ip_restriction. Defaults to 65000. + The priority value of this `ip_restriction`. + type: number + serviceTag: + description: |- + The Service Tag used for this IP Restriction. + The Service Tag used for this IP Restriction. + type: string + virtualNetworkSubnetId: + description: |- + The subnet id which will be used by this Function App for regional virtual network integration. + The Virtual Network Subnet ID used for this IP Restriction. + type: string + virtualNetworkSubnetIdRef: + description: Reference to a Subnet in network to populate + virtualNetworkSubnetId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + virtualNetworkSubnetIdSelector: + description: Selector for a Subnet in network to populate + virtualNetworkSubnetId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with + matching labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + type: array + scmIpRestrictionDefaultAction: + description: The Default action for traffic that does not + match any scm_ip_restriction rule. possible values include + Allow and Deny. Defaults to Allow. + type: string + scmMinimumTlsVersion: + description: |- + Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: 1.0, 1.1, and 1.2. Defaults to 1.2. + Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. + type: string + scmUseMainIpRestriction: + description: |- + Should the Linux Function App ip_restriction configuration be used for the SCM also. + Should the Linux Function App `ip_restriction` configuration be used for the SCM also. + type: boolean + use32BitWorker: + description: |- + Should the Linux Web App use a 32-bit worker process. Defaults to false. + Should the Linux Web App use a 32-bit worker. + type: boolean + vnetRouteAllEnabled: + description: |- + Should all outbound traffic to have NAT Gateways, Network Security Groups and User Defined Routes applied? Defaults to false. + Should all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied? Defaults to `false`. + type: boolean + websocketsEnabled: + description: |- + Should Web Sockets be enabled. Defaults to false. + Should Web Sockets be enabled. Defaults to `false`. + type: boolean + workerCount: + description: |- + The number of Workers for this Linux Function App. + The number of Workers for this Linux Function App. + type: number + type: object + stickySettings: + description: A sticky_settings block as defined below. + properties: + appSettingNames: + description: A list of app_setting names that the Linux Function + App will not swap between Slots when a swap operation is + triggered. + items: + type: string + type: array + connectionStringNames: + description: A list of connection_string names that the Linux + Function App will not swap between Slots when a swap operation + is triggered. + items: + type: string + type: array + type: object + storageAccount: + description: One or more storage_account blocks as defined below. + items: + properties: + accessKeySecretRef: + description: The Access key for the storage account. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + accountName: + description: The Name of the Storage Account. + type: string + mountPath: + description: The path at which to mount the storage share. + type: string + name: + description: The name which should be used for this Storage + Account. + type: string + shareName: + description: The Name of the File Share or Container Name + for Blob storage. + type: string + type: + description: The Azure Storage Type. Possible values include + AzureFiles and AzureBlob. + type: string + required: + - accessKeySecretRef + type: object + type: array + storageAccountAccessKeySecretRef: + description: |- + The access key which will be used to access the backend storage account for the Function App. Conflicts with storage_uses_managed_identity. + The access key which will be used to access the storage account for the Function App. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + storageAccountName: + description: |- + The backend storage account name which will be used by this Function App. + The backend storage account name which will be used by this Function App. + type: string + storageAccountNameRef: + description: Reference to a Account in storage to populate storageAccountName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + storageAccountNameSelector: + description: Selector for a Account in storage to populate storageAccountName. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + storageKeyVaultSecretId: + description: |- + The Key Vault Secret ID, optionally including version, that contains the Connection String to connect to the storage account for this Function App. + The Key Vault Secret ID, including version, that contains the Connection String to connect to the storage account for this Function App. + type: string + storageUsesManagedIdentity: + description: |- + Should the Function App use Managed Identity to access the storage account. Conflicts with storage_account_access_key. + Should the Function App use its Managed Identity to access storage? + type: boolean + tags: + additionalProperties: + type: string + description: A mapping of tags which should be assigned to the + Linux Function App. + type: object + x-kubernetes-map-type: granular + virtualNetworkSubnetId: + description: The subnet id which will be used by this Function + App for regional virtual network integration. + type: string + virtualNetworkSubnetIdRef: + description: Reference to a Subnet in network to populate virtualNetworkSubnetId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + virtualNetworkSubnetIdSelector: + description: Selector for a Subnet in network to populate virtualNetworkSubnetId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + webdeployPublishBasicAuthenticationEnabled: + description: Should the default WebDeploy Basic Authentication + publishing credentials enabled. Defaults to true. + type: boolean + zipDeployFile: + description: |- + The local path and filename of the Zip packaged application to deploy to this Linux Function App. + The local path and filename of the Zip packaged application to deploy to this Linux Function App. **Note:** Using this value requires either `WEBSITE_RUN_FROM_PACKAGE=1` or `SCM_DO_BUILD_DURING_DEPLOYMENT=true` to be set on the App in `app_settings`. + type: string + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.location is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.location) + || (has(self.initProvider) && has(self.initProvider.location))' + - message: spec.forProvider.name is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.name) + || (has(self.initProvider) && has(self.initProvider.name))' + - message: spec.forProvider.siteConfig is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.siteConfig) + || (has(self.initProvider) && has(self.initProvider.siteConfig))' + status: + description: LinuxFunctionAppStatus defines the observed state of LinuxFunctionApp. + properties: + atProvider: + properties: + appSettings: + additionalProperties: + type: string + description: |- + A map of key-value pairs for App Settings and custom values. + A map of key-value pairs for [App Settings](https://docs.microsoft.com/en-us/azure/azure-functions/functions-app-settings) and custom values. + type: object + x-kubernetes-map-type: granular + authSettings: + description: A auth_settings block as defined below. + properties: + activeDirectory: + description: An active_directory block as defined above. + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Active Directory. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The App Setting name that contains the client secret of the Client. Cannot be used with `client_secret`. + type: string + type: object + additionalLoginParameters: + additionalProperties: + type: string + description: |- + Specifies a map of login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. + Specifies a map of Login Parameters to send to the OpenID Connect authorization endpoint when a user logs in. + type: object + x-kubernetes-map-type: granular + allowedExternalRedirectUrls: + description: |- + Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Linux Web App. + Specifies a list of External URLs that can be redirected to as part of logging in or logging out of the Windows Web App. + items: + type: string + type: array + defaultProvider: + description: |- + The default authentication provider to use when multiple providers are configured. Possible values include: AzureActiveDirectory, Facebook, Google, MicrosoftAccount, Twitter, Github + The default authentication provider to use when multiple providers are configured. Possible values include: `AzureActiveDirectory`, `Facebook`, `Google`, `MicrosoftAccount`, `Twitter`, `Github`. + type: string + enabled: + description: |- + Should the Authentication / Authorization feature be enabled for the Linux Web App? + Should the Authentication / Authorization feature be enabled? + type: boolean + facebook: + description: A facebook block as defined below. + properties: + appId: + description: |- + The App ID of the Facebook app used for login. + The App ID of the Facebook app used for login. + type: string + appSecretSettingName: + description: |- + The app setting name that contains the app_secret value used for Facebook Login. + The app setting name that contains the `app_secret` value used for Facebook Login. Cannot be specified with `app_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes to be requested as part of Facebook Login authentication. + items: + type: string + type: array + type: object + github: + description: A github block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the GitHub app used for login. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for GitHub Login. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub Login authentication. + items: + type: string + type: array + type: object + google: + description: A google block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Google web application. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Google Login. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + Specifies a list of OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. If not specified, "openid", "profile", and "email" are used as default scopes. + items: + type: string + type: array + type: object + issuer: + description: |- + The OpenID Connect Issuer URI that represents the entity which issues access tokens for this Linux Web App. + The OpenID Connect Issuer URI that represents the entity which issues access tokens. + type: string + microsoft: + description: A microsoft block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OAuth 2.0 client ID that was created for the app used for authentication. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. Cannot be specified with `client_secret`. + type: string + oauthScopes: + description: |- + Specifies a list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, wl.basic is used as the default scope. + The list of OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. If not specified, `wl.basic` is used as the default scope. + items: + type: string + type: array + type: object + runtimeVersion: + description: |- + The RuntimeVersion of the Authentication / Authorization feature in use for the Linux Web App. + The RuntimeVersion of the Authentication / Authorization feature in use. + type: string + tokenRefreshExtensionHours: + description: |- + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to 72 hours. + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. + type: number + tokenStoreEnabled: + description: |- + Should the Linux Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to false. + Should the Windows Web App durably store platform-specific security tokens that are obtained during login flows? Defaults to `false`. + type: boolean + twitter: + description: A twitter block as defined below. + properties: + consumerKey: + description: |- + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + type: string + consumerSecretSettingName: + description: |- + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. Cannot be specified with `consumer_secret`. + type: string + type: object + unauthenticatedClientAction: + description: |- + The action to take when an unauthenticated client attempts to access the app. Possible values include: RedirectToLoginPage, AllowAnonymous. + The action to take when an unauthenticated client attempts to access the app. Possible values include: `RedirectToLoginPage`, `AllowAnonymous`. + type: string + type: object + authSettingsV2: + description: An auth_settings_v2 block as defined below. + properties: + activeDirectoryV2: + description: An active_directory_v2 block as defined below. + properties: + allowedApplications: + description: |- + The list of allowed Applications for the Default Authorisation Policy. + The list of allowed Applications for the Default Authorisation Policy. + items: + type: string + type: array + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed audience values to consider when validating JWTs issued by Azure Active Directory. + items: + type: string + type: array + allowedGroups: + description: |- + The list of allowed Group Names for the Default Authorisation Policy. + The list of allowed Group Names for the Default Authorisation Policy. + items: + type: string + type: array + allowedIdentities: + description: |- + The list of allowed Identities for the Default Authorisation Policy. + The list of allowed Identities for the Default Authorisation Policy. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Active Directory. + type: string + clientSecretCertificateThumbprint: + description: |- + The thumbprint of the certificate used for signing purposes. + The thumbprint of the certificate used for signing purposes. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The App Setting name that contains the client secret of the Client. + type: string + jwtAllowedClientApplications: + description: |- + A list of Allowed Client Applications in the JWT Claim. + A list of Allowed Client Applications in the JWT Claim. + items: + type: string + type: array + jwtAllowedGroups: + description: |- + A list of Allowed Groups in the JWT Claim. + A list of Allowed Groups in the JWT Claim. + items: + type: string + type: array + loginParameters: + additionalProperties: + type: string + description: |- + A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. + A map of key-value pairs to send to the Authorisation Endpoint when a user logs in. + type: object + x-kubernetes-map-type: granular + tenantAuthEndpoint: + description: |- + The Azure Tenant Endpoint for the Authenticating Tenant. e.g. https://login.microsoftonline.com/{tenant-guid}/v2.0/ + The Azure Tenant Endpoint for the Authenticating Tenant. e.g. `https://login.microsoftonline.com/v2.0/{tenant-guid}/`. + type: string + wwwAuthenticationDisabled: + description: |- + Should the www-authenticate provider should be omitted from the request? Defaults to false. + Should the www-authenticate provider should be omitted from the request? Defaults to `false` + type: boolean + type: object + appleV2: + description: An apple_v2 block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Apple web application. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Apple Login. + type: string + loginScopes: + description: The list of Login scopes that should be requested + as part of Microsoft Account authentication. + items: + type: string + type: array + type: object + authEnabled: + description: |- + Should the AuthV2 Settings be enabled. Defaults to false. + Should the AuthV2 Settings be enabled. Defaults to `false` + type: boolean + azureStaticWebAppV2: + description: An azure_static_web_app_v2 block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with Azure Static Web App Authentication. + type: string + type: object + configFilePath: + description: |- + The path to the App Auth settings. + The path to the App Auth settings. **Note:** Relative Paths are evaluated from the Site Root directory. + type: string + customOidcV2: + description: Zero or more custom_oidc_v2 blocks as defined + below. + items: + properties: + authorisationEndpoint: + description: |- + The endpoint to make the Authorisation Request as supplied by openid_configuration_endpoint response. + The endpoint to make the Authorisation Request. + type: string + certificationUri: + description: |- + The endpoint that provides the keys necessary to validate the token as supplied by openid_configuration_endpoint response. + The endpoint that provides the keys necessary to validate the token. + type: string + clientCredentialMethod: + description: |- + The Client Credential Method used. + The Client Credential Method used. Currently the only supported value is `ClientSecretPost`. + type: string + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the Client to use to authenticate with this Custom OIDC. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The App Setting name that contains the secret for this Custom OIDC Client. + type: string + issuerEndpoint: + description: |- + The endpoint that issued the Token as supplied by openid_configuration_endpoint response. + The endpoint that issued the Token. + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name of the Custom OIDC Authentication Provider. + type: string + nameClaimType: + description: |- + The name of the claim that contains the users name. + The name of the claim that contains the users name. + type: string + openidConfigurationEndpoint: + description: |- + The app setting name that contains the client_secret value used for the Custom OIDC Login. + The endpoint that contains all the configuration endpoints for this Custom OIDC provider. + type: string + scopes: + description: |- + The list of the scopes that should be requested while authenticating. + The list of the scopes that should be requested while authenticating. + items: + type: string + type: array + tokenEndpoint: + description: |- + The endpoint used to request a Token as supplied by openid_configuration_endpoint response. + The endpoint used to request a Token. + type: string + type: object + type: array + defaultProvider: + description: |- + The Default Authentication Provider to use when the unauthenticated_action is set to RedirectToLoginPage. Possible values include: apple, azureactivedirectory, facebook, github, google, twitter and the name of your custom_oidc_v2 provider. + The Default Authentication Provider to use when the `unauthenticated_action` is set to `RedirectToLoginPage`. Possible values include: `apple`, `azureactivedirectory`, `facebook`, `github`, `google`, `twitter` and the `name` of your `custom_oidc_v2` provider. + type: string + excludedPaths: + description: |- + The paths which should be excluded from the unauthenticated_action when it is set to RedirectToLoginPage. + The paths which should be excluded from the `unauthenticated_action` when it is set to `RedirectToLoginPage`. + items: + type: string + type: array + facebookV2: + description: A facebook_v2 block as defined below. + properties: + appId: + description: |- + The App ID of the Facebook app used for login. + The App ID of the Facebook app used for login. + type: string + appSecretSettingName: + description: |- + The app setting name that contains the app_secret value used for Facebook Login. + The app setting name that contains the `app_secret` value used for Facebook Login. + type: string + graphApiVersion: + description: |- + The version of the Facebook API to be used while logging in. + The version of the Facebook API to be used while logging in. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of scopes to be requested as part of Facebook Login authentication. + items: + type: string + type: array + type: object + forwardProxyConvention: + description: |- + The convention used to determine the url of the request made. Possible values include NoProxy, Standard, Custom. Defaults to NoProxy. + The convention used to determine the url of the request made. Possible values include `ForwardProxyConventionNoProxy`, `ForwardProxyConventionStandard`, `ForwardProxyConventionCustom`. Defaults to `ForwardProxyConventionNoProxy` + type: string + forwardProxyCustomHostHeaderName: + description: |- + The name of the custom header containing the host of the request. + The name of the header containing the host of the request. + type: string + forwardProxyCustomSchemeHeaderName: + description: |- + The name of the custom header containing the scheme of the request. + The name of the header containing the scheme of the request. + type: string + githubV2: + description: A github_v2 block as defined below. + properties: + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The ID of the GitHub app used for login. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for GitHub Login. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of OAuth 2.0 scopes that will be requested as part of GitHub Login authentication. + items: + type: string + type: array + type: object + googleV2: + description: A google_v2 block as defined below. + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed Audiences that will be requested as part of Google Sign-In authentication. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OpenID Connect Client ID for the Google web application. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name that contains the `client_secret` value used for Google Login. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + Specifies a list of Login scopes that will be requested as part of Google Sign-In authentication. + items: + type: string + type: array + type: object + httpRouteApiPrefix: + description: |- + The prefix that should precede all the authentication and authorisation paths. Defaults to /.auth. + The prefix that should precede all the authentication and authorisation paths. Defaults to `/.auth` + type: string + login: + description: A login block as defined below. + properties: + allowedExternalRedirectUrls: + description: |- + External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. + External URLs that can be redirected to as part of logging in or logging out of the app. This is an advanced setting typically only needed by Windows Store application backends. **Note:** URLs within the current domain are always implicitly allowed. + items: + type: string + type: array + cookieExpirationConvention: + description: |- + The method by which cookies expire. Possible values include: FixedTime, and IdentityProviderDerived. Defaults to FixedTime. + The method by which cookies expire. Possible values include: `FixedTime`, and `IdentityProviderDerived`. Defaults to `FixedTime`. + type: string + cookieExpirationTime: + description: |- + The time after the request is made when the session cookie should expire. Defaults to 08:00:00. + The time after the request is made when the session cookie should expire. Defaults to `08:00:00`. + type: string + logoutEndpoint: + description: |- + The endpoint to which logout requests should be made. + The endpoint to which logout requests should be made. + type: string + nonceExpirationTime: + description: |- + The time after the request is made when the nonce should expire. Defaults to 00:05:00. + The time after the request is made when the nonce should expire. Defaults to `00:05:00`. + type: string + preserveUrlFragmentsForLogins: + description: |- + Should the fragments from the request be preserved after the login request is made. Defaults to false. + Should the fragments from the request be preserved after the login request is made. Defaults to `false`. + type: boolean + tokenRefreshExtensionTime: + description: |- + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to 72 hours. + The number of hours after session token expiration that a session token can be used to call the token refresh API. Defaults to `72` hours. + type: number + tokenStoreEnabled: + description: |- + Should the Token Store configuration Enabled. Defaults to false + Should the Token Store configuration Enabled. Defaults to `false` + type: boolean + tokenStorePath: + description: |- + The directory path in the App Filesystem in which the tokens will be stored. + The directory path in the App Filesystem in which the tokens will be stored. + type: string + tokenStoreSasSettingName: + description: |- + The name of the app setting which contains the SAS URL of the blob storage containing the tokens. + The name of the app setting which contains the SAS URL of the blob storage containing the tokens. + type: string + validateNonce: + description: |- + Should the nonce be validated while completing the login flow. Defaults to true. + Should the nonce be validated while completing the login flow. Defaults to `true`. + type: boolean + type: object + microsoftV2: + description: A microsoft_v2 block as defined below. + properties: + allowedAudiences: + description: |- + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + Specifies a list of Allowed Audiences that will be requested as part of Microsoft Sign-In authentication. + items: + type: string + type: array + clientId: + description: |- + The OAuth 2.0 client ID that was created for the app used for authentication. + The OAuth 2.0 client ID that was created for the app used for authentication. + type: string + clientSecretSettingName: + description: |- + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication. + type: string + loginScopes: + description: |- + The list of Login scopes that should be requested as part of Microsoft Account authentication. + The list of Login scopes that will be requested as part of Microsoft Account authentication. + items: + type: string + type: array + type: object + requireAuthentication: + description: |- + Should the authentication flow be used for all requests. + Should the authentication flow be used for all requests. + type: boolean + requireHttps: + description: |- + Should HTTPS be required on connections? Defaults to true. + Should HTTPS be required on connections? Defaults to true. + type: boolean + runtimeVersion: + description: |- + The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to ~1. + The Runtime Version of the Authentication and Authorisation feature of this App. Defaults to `~1` + type: string + twitterV2: + description: A twitter_v2 block as defined below. + properties: + consumerKey: + description: |- + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + The OAuth 1.0a consumer key of the Twitter application used for sign-in. + type: string + consumerSecretSettingName: + description: |- + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in. + type: string + type: object + unauthenticatedAction: + description: |- + The action to take for requests made without authentication. Possible values include RedirectToLoginPage, AllowAnonymous, Return401, and Return403. Defaults to RedirectToLoginPage. + The action to take for requests made without authentication. Possible values include `RedirectToLoginPage`, `AllowAnonymous`, `Return401`, and `Return403`. Defaults to `RedirectToLoginPage`. + type: string + type: object + backup: + description: A backup block as defined below. + properties: + enabled: + description: |- + Should this backup job be enabled? Defaults to true. + Should this backup job be enabled? + type: boolean + name: + description: |- + The name which should be used for this Backup. + The name which should be used for this Backup. + type: string + schedule: + description: A schedule block as defined below. + properties: + frequencyInterval: + description: |- + How often the backup should be executed (e.g. for weekly backup, this should be set to 7 and frequency_unit should be set to Day). + How often the backup should be executed (e.g. for weekly backup, this should be set to `7` and `frequency_unit` should be set to `Day`). + type: number + frequencyUnit: + description: |- + The unit of time for how often the backup should take place. Possible values include: Day and Hour. + The unit of time for how often the backup should take place. Possible values include: `Day` and `Hour`. + type: string + keepAtLeastOneBackup: + description: |- + Should the service keep at least one backup, regardless of age of backup. Defaults to false. + Should the service keep at least one backup, regardless of age of backup. Defaults to `false`. + type: boolean + lastExecutionTime: + description: The time the backup was last attempted. + type: string + retentionPeriodDays: + description: |- + After how many days backups should be deleted. Defaults to 30. + After how many days backups should be deleted. + type: number + startTime: + description: |- + When the schedule should start working in RFC-3339 format. + When the schedule should start working in RFC-3339 format. + type: string + type: object + type: object + builtinLoggingEnabled: + description: |- + Should built in logging be enabled. Configures AzureWebJobsDashboard app setting based on the configured storage setting. Defaults to true. + Should built in logging be enabled. Configures `AzureWebJobsDashboard` app setting based on the configured storage setting + type: boolean + clientCertificateEnabled: + description: |- + Should the function app use Client Certificates. + Should the function app use Client Certificates + type: boolean + clientCertificateExclusionPaths: + description: |- + Paths to exclude when using client certificates, separated by ; + Paths to exclude when using client certificates, separated by ; + type: string + clientCertificateMode: + description: |- + The mode of the Function App's client certificates requirement for incoming requests. Possible values are Required, Optional, and OptionalInteractiveUser. Defaults to Optional. + The mode of the Function App's client certificates requirement for incoming requests. Possible values are `Required`, `Optional`, and `OptionalInteractiveUser` + type: string + connectionString: + description: One or more connection_string blocks as defined below. + items: + properties: + name: + description: |- + The name which should be used for this Connection. + The name which should be used for this Connection. + type: string + type: + description: |- + Type of database. Possible values include: MySQL, SQLServer, SQLAzure, Custom, NotificationHub, ServiceBus, EventHub, APIHub, DocDb, RedisCache, and PostgreSQL. + Type of database. Possible values include: `MySQL`, `SQLServer`, `SQLAzure`, `Custom`, `NotificationHub`, `ServiceBus`, `EventHub`, `APIHub`, `DocDb`, `RedisCache`, and `PostgreSQL`. + type: string + type: object + type: array + contentShareForceDisabled: + description: |- + Should the settings for linking the Function App to storage be suppressed. + Force disable the content share settings. + type: boolean + dailyMemoryTimeQuota: + description: |- + The amount of memory in gigabyte-seconds that your application is allowed to consume per day. Setting this value only affects function apps under the consumption plan. Defaults to 0. + The amount of memory in gigabyte-seconds that your application is allowed to consume per day. Setting this value only affects function apps in Consumption Plans. + type: number + defaultHostname: + description: The default hostname of the Linux Function App. + type: string + enabled: + description: |- + Is the Function App enabled? Defaults to true. + Is the Linux Function App enabled. + type: boolean + ftpPublishBasicAuthenticationEnabled: + description: Should the default FTP Basic Authentication publishing + profile be enabled. Defaults to true. + type: boolean + functionsExtensionVersion: + description: |- + The runtime version associated with the Function App. Defaults to ~4. + The runtime version associated with the Function App. + type: string + hostingEnvironmentId: + description: The ID of the App Service Environment used by Function + App. + type: string + httpsOnly: + description: |- + Can the Function App only be accessed via HTTPS? Defaults to false. + Can the Function App only be accessed via HTTPS? + type: boolean + id: + description: The ID of the Linux Function App. + type: string + identity: + description: A identity block as defined below. + properties: + identityIds: + description: A list of User Assigned Managed Identity IDs + to be assigned to this Linux Function App. + items: + type: string + type: array + x-kubernetes-list-type: set + principalId: + description: The Principal ID associated with this Managed + Service Identity. + type: string + tenantId: + description: The Tenant ID associated with this Managed Service + Identity. + type: string + type: + description: Specifies the type of Managed Service Identity + that should be configured on this Linux Function App. Possible + values are SystemAssigned, UserAssigned, SystemAssigned, + UserAssigned (to enable both). + type: string + type: object + keyVaultReferenceIdentityId: + description: |- + The User Assigned Identity ID used for accessing KeyVault secrets. The identity must be assigned to the application in the identity block. For more information see - Access vaults with a user-assigned identity + The User Assigned Identity to use for Key Vault access. + type: string + kind: + description: The Kind value for this Linux Function App. + type: string + location: + description: The Azure Region where the Linux Function App should + exist. Changing this forces a new Linux Function App to be created. + type: string + name: + description: |- + The name which should be used for this Linux Function App. Changing this forces a new Linux Function App to be created. Limit the function name to 32 characters to avoid naming collisions. For more information about Function App naming rule and Host ID Collisions + Specifies the name of the Function App. + type: string + outboundIpAddressList: + description: A list of outbound IP addresses. For example ["52.23.25.3", + "52.143.43.12"] + items: + type: string + type: array + outboundIpAddresses: + description: A comma separated list of outbound IP addresses as + a string. For example 52.23.25.3,52.143.43.12. + type: string + possibleOutboundIpAddressList: + description: A list of possible outbound IP addresses, not all + of which are necessarily in use. This is a superset of outbound_ip_address_list. + For example ["52.23.25.3", "52.143.43.12"]. + items: + type: string + type: array + possibleOutboundIpAddresses: + description: A comma separated list of possible outbound IP addresses + as a string. For example 52.23.25.3,52.143.43.12,52.143.43.17. + This is a superset of outbound_ip_addresses. + type: string + publicNetworkAccessEnabled: + description: Should public network access be enabled for the Function + App. Defaults to true. + type: boolean + resourceGroupName: + description: The name of the Resource Group where the Linux Function + App should exist. Changing this forces a new Linux Function + App to be created. + type: string + servicePlanId: + description: |- + The ID of the App Service Plan within which to create this Function App. + The ID of the App Service Plan within which to create this Function App + type: string + siteConfig: + description: A site_config block as defined below. + properties: + alwaysOn: + description: |- + If this Linux Web App is Always On enabled. Defaults to false. + If this Linux Web App is Always On enabled. Defaults to `false`. + type: boolean + apiDefinitionUrl: + description: |- + The URL of the API definition that describes this Linux Function App. + The URL of the API definition that describes this Linux Function App. + type: string + apiManagementApiId: + description: |- + The ID of the API Management API for this Linux Function App. + The ID of the API Management API for this Linux Function App. + type: string + appCommandLine: + description: |- + The App command line to launch. + The program and any arguments used to launch this app via the command line. (Example `node myapp.js`). + type: string + appScaleLimit: + description: |- + The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. + The number of workers this function app can scale out to. Only applicable to apps on the Consumption and Premium plan. + type: number + appServiceLogs: + description: An app_service_logs block as defined above. + properties: + diskQuotaMb: + description: |- + The amount of disk space to use for logs. Valid values are between 25 and 100. Defaults to 35. + The amount of disk space to use for logs. Valid values are between `25` and `100`. + type: number + retentionPeriodDays: + description: |- + After how many days backups should be deleted. Defaults to 30. + The retention period for logs in days. Valid values are between `0` and `99999`. Defaults to `0` (never delete). + type: number + type: object + applicationStack: + description: An application_stack block as defined above. + properties: + docker: + description: |- + One or more docker blocks as defined below. + A docker block + items: + properties: + imageName: + description: |- + The name of the Docker image to use. + The name of the Docker image to use. + type: string + imageTag: + description: |- + The image tag of the image to use. + The image tag of the image to use. + type: string + registryUrl: + description: |- + The URL of the docker registry. + The URL of the docker registry. + type: string + type: object + type: array + dotnetVersion: + description: |- + The version of .NET to use. Possible values include 3.1, 6.0, 7.0 and 8.0. + The version of .Net. Possible values are `3.1`, `6.0` and `7.0` + type: string + javaVersion: + description: |- + The Version of Java to use. Supported versions include 8, 11 & 17. + The version of Java to use. Possible values are `8`, `11`, and `17` + type: string + nodeVersion: + description: |- + The version of Node to run. Possible values include 12, 14, 16, 18 and 20. + The version of Node to use. Possible values include `12`, `14`, `16`, `18` and `20` + type: string + powershellCoreVersion: + description: |- + The version of PowerShell Core to run. Possible values are 7, 7.2, and 7.4. + The version of PowerShell Core to use. Possibles values are `7`, `7.2`, and `7.4` + type: string + pythonVersion: + description: |- + The version of Python to run. Possible values are 3.12, 3.11, 3.10, 3.9, 3.8 and 3.7. + The version of Python to use. Possible values include `3.12`, `3.11`, `3.10`, `3.9`, `3.8`, and `3.7`. + type: string + useCustomRuntime: + description: Should the Linux Function App use a custom + runtime? + type: boolean + useDotnetIsolatedRuntime: + description: |- + Should the DotNet process use an isolated runtime. Defaults to false. + Should the DotNet process use an isolated runtime. Defaults to `false`. + type: boolean + type: object + containerRegistryManagedIdentityClientId: + description: |- + The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. + The Client ID of the Managed Service Identity to use for connections to the Azure Container Registry. + type: string + containerRegistryUseManagedIdentity: + description: |- + Should connections for Azure Container Registry use Managed Identity. + Should connections for Azure Container Registry use Managed Identity. + type: boolean + cors: + description: A cors block as defined above. + properties: + allowedOrigins: + description: |- + Specifies a list of origins that should be allowed to make cross-origin calls. + Specifies a list of origins that should be allowed to make cross-origin calls. + items: + type: string + type: array + x-kubernetes-list-type: set + supportCredentials: + description: |- + Are credentials allowed in CORS requests? Defaults to false. + Are credentials allowed in CORS requests? Defaults to `false`. + type: boolean + type: object + defaultDocuments: + description: |- + Specifies a list of Default Documents for the Linux Web App. + Specifies a list of Default Documents for the Linux Web App. + items: + type: string + type: array + detailedErrorLoggingEnabled: + description: |- + Is the Function App enabled? Defaults to true. + Is detailed error logging enabled + type: boolean + elasticInstanceMinimum: + description: |- + The number of minimum instances for this Linux Function App. Only affects apps on Elastic Premium plans. + The number of minimum instances for this Linux Function App. Only affects apps on Elastic Premium plans. + type: number + ftpsState: + description: |- + State of FTP / FTPS service for this function app. Possible values include: AllAllowed, FtpsOnly and Disabled. Defaults to Disabled. + State of FTP / FTPS service for this function app. Possible values include: `AllAllowed`, `FtpsOnly` and `Disabled`. Defaults to `Disabled`. + type: string + healthCheckEvictionTimeInMin: + description: |- + The amount of time in minutes that a node can be unhealthy before being removed from the load balancer. Possible values are between 2 and 10. Only valid in conjunction with health_check_path. + The amount of time in minutes that a node is unhealthy before being removed from the load balancer. Possible values are between `2` and `10`. Only valid in conjunction with `health_check_path` + type: number + healthCheckPath: + description: |- + The path to be checked for this function app health. + The path to be checked for this function app health. + type: string + http2Enabled: + description: |- + Specifies if the HTTP2 protocol should be enabled. Defaults to false. + Specifies if the http2 protocol should be enabled. Defaults to `false`. + type: boolean + ipRestriction: + description: One or more ip_restriction blocks as defined + above. + items: + properties: + action: + description: |- + The action to take. Possible values are Allow or Deny. Defaults to Allow. + The action to take. Possible values are `Allow` or `Deny`. + type: string + description: + description: |- + The Description of this IP Restriction. + The description of the IP restriction rule. + type: string + headers: + description: A headers block as defined above. + properties: + xAzureFdid: + description: Specifies a list of Azure Front Door + IDs. + items: + type: string + type: array + xFdHealthProbe: + description: Specifies if a Front Door Health Probe + should be expected. The only possible value is + 1. + items: + type: string + type: array + xForwardedFor: + description: Specifies a list of addresses for which + matching should be applied. Omitting this value + means allow any. + items: + type: string + type: array + xForwardedHost: + description: Specifies a list of Hosts for which + matching should be applied. + items: + type: string + type: array + type: object + ipAddress: + description: |- + The CIDR notation of the IP or IP Range to match. For example: 10.0.0.0/24 or 192.168.10.1/32 + The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` or `fe80::/64` or `13.107.6.152/31,13.107.128.0/22` + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name which should be used for this `ip_restriction`. + type: string + priority: + description: |- + The priority value of this ip_restriction. Defaults to 65000. + The priority value of this `ip_restriction`. + type: number + serviceTag: + description: |- + The Service Tag used for this IP Restriction. + The Service Tag used for this IP Restriction. + type: string + virtualNetworkSubnetId: + description: |- + The subnet id which will be used by this Function App for regional virtual network integration. + The Virtual Network Subnet ID used for this IP Restriction. + type: string + type: object + type: array + ipRestrictionDefaultAction: + description: The Default action for traffic that does not + match any ip_restriction rule. possible values include Allow + and Deny. Defaults to Allow. + type: string + linuxFxVersion: + description: The Linux FX Version + type: string + loadBalancingMode: + description: |- + The Site load balancing mode. Possible values include: WeightedRoundRobin, LeastRequests, LeastResponseTime, WeightedTotalTraffic, RequestHash, PerSiteRoundRobin. Defaults to LeastRequests if omitted. + The Site load balancing mode. Possible values include: `WeightedRoundRobin`, `LeastRequests`, `LeastResponseTime`, `WeightedTotalTraffic`, `RequestHash`, `PerSiteRoundRobin`. Defaults to `LeastRequests` if omitted. + type: string + managedPipelineMode: + description: |- + Managed pipeline mode. Possible values include: Integrated, Classic. Defaults to Integrated. + The Managed Pipeline mode. Possible values include: `Integrated`, `Classic`. Defaults to `Integrated`. + type: string + minimumTlsVersion: + description: |- + The configures the minimum version of TLS required for SSL requests. Possible values include: 1.0, 1.1, and 1.2. Defaults to 1.2. + The configures the minimum version of TLS required for SSL requests. Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. + type: string + preWarmedInstanceCount: + description: |- + The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan. + The number of pre-warmed instances for this function app. Only affects apps on an Elastic Premium plan. + type: number + remoteDebuggingEnabled: + description: |- + Should Remote Debugging be enabled. Defaults to false. + Should Remote Debugging be enabled. Defaults to `false`. + type: boolean + remoteDebuggingVersion: + description: |- + The Remote Debugging Version. Possible values include VS2017, VS2019, and VS2022. + The Remote Debugging Version. Possible values include `VS2017`, `VS2019`, and `VS2022“ + type: string + runtimeScaleMonitoringEnabled: + description: |- + Should Scale Monitoring of the Functions Runtime be enabled? + Should Functions Runtime Scale Monitoring be enabled. + type: boolean + scmIpRestriction: + description: One or more scm_ip_restriction blocks as defined + above. + items: + properties: + action: + description: |- + The action to take. Possible values are Allow or Deny. Defaults to Allow. + The action to take. Possible values are `Allow` or `Deny`. + type: string + description: + description: |- + The Description of this IP Restriction. + The description of the IP restriction rule. + type: string + headers: + description: A headers block as defined above. + properties: + xAzureFdid: + description: Specifies a list of Azure Front Door + IDs. + items: + type: string + type: array + xFdHealthProbe: + description: Specifies if a Front Door Health Probe + should be expected. The only possible value is + 1. + items: + type: string + type: array + xForwardedFor: + description: Specifies a list of addresses for which + matching should be applied. Omitting this value + means allow any. + items: + type: string + type: array + xForwardedHost: + description: Specifies a list of Hosts for which + matching should be applied. + items: + type: string + type: array + type: object + ipAddress: + description: |- + The CIDR notation of the IP or IP Range to match. For example: 10.0.0.0/24 or 192.168.10.1/32 + The CIDR notation of the IP or IP Range to match. For example: `10.0.0.0/24` or `192.168.10.1/32` or `fe80::/64` or `13.107.6.152/31,13.107.128.0/22` + type: string + name: + description: |- + The name which should be used for this Storage Account. + The name which should be used for this `ip_restriction`. + type: string + priority: + description: |- + The priority value of this ip_restriction. Defaults to 65000. + The priority value of this `ip_restriction`. + type: number + serviceTag: + description: |- + The Service Tag used for this IP Restriction. + The Service Tag used for this IP Restriction. + type: string + virtualNetworkSubnetId: + description: |- + The subnet id which will be used by this Function App for regional virtual network integration. + The Virtual Network Subnet ID used for this IP Restriction. + type: string + type: object + type: array + scmIpRestrictionDefaultAction: + description: The Default action for traffic that does not + match any scm_ip_restriction rule. possible values include + Allow and Deny. Defaults to Allow. + type: string + scmMinimumTlsVersion: + description: |- + Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: 1.0, 1.1, and 1.2. Defaults to 1.2. + Configures the minimum version of TLS required for SSL requests to the SCM site Possible values include: `1.0`, `1.1`, and `1.2`. Defaults to `1.2`. + type: string + scmType: + description: The SCM Type in use by the Linux Function App. + type: string + scmUseMainIpRestriction: + description: |- + Should the Linux Function App ip_restriction configuration be used for the SCM also. + Should the Linux Function App `ip_restriction` configuration be used for the SCM also. + type: boolean + use32BitWorker: + description: |- + Should the Linux Web App use a 32-bit worker process. Defaults to false. + Should the Linux Web App use a 32-bit worker. + type: boolean + vnetRouteAllEnabled: + description: |- + Should all outbound traffic to have NAT Gateways, Network Security Groups and User Defined Routes applied? Defaults to false. + Should all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied? Defaults to `false`. + type: boolean + websocketsEnabled: + description: |- + Should Web Sockets be enabled. Defaults to false. + Should Web Sockets be enabled. Defaults to `false`. + type: boolean + workerCount: + description: |- + The number of Workers for this Linux Function App. + The number of Workers for this Linux Function App. + type: number + type: object + stickySettings: + description: A sticky_settings block as defined below. + properties: + appSettingNames: + description: A list of app_setting names that the Linux Function + App will not swap between Slots when a swap operation is + triggered. + items: + type: string + type: array + connectionStringNames: + description: A list of connection_string names that the Linux + Function App will not swap between Slots when a swap operation + is triggered. + items: + type: string + type: array + type: object + storageAccount: + description: One or more storage_account blocks as defined below. + items: + properties: + accountName: + description: The Name of the Storage Account. + type: string + mountPath: + description: The path at which to mount the storage share. + type: string + name: + description: The name which should be used for this Storage + Account. + type: string + shareName: + description: The Name of the File Share or Container Name + for Blob storage. + type: string + type: + description: The Azure Storage Type. Possible values include + AzureFiles and AzureBlob. + type: string + type: object + type: array + storageAccountName: + description: |- + The backend storage account name which will be used by this Function App. + The backend storage account name which will be used by this Function App. + type: string + storageKeyVaultSecretId: + description: |- + The Key Vault Secret ID, optionally including version, that contains the Connection String to connect to the storage account for this Function App. + The Key Vault Secret ID, including version, that contains the Connection String to connect to the storage account for this Function App. + type: string + storageUsesManagedIdentity: + description: |- + Should the Function App use Managed Identity to access the storage account. Conflicts with storage_account_access_key. + Should the Function App use its Managed Identity to access storage? + type: boolean + tags: + additionalProperties: + type: string + description: A mapping of tags which should be assigned to the + Linux Function App. + type: object + x-kubernetes-map-type: granular + virtualNetworkSubnetId: + description: The subnet id which will be used by this Function + App for regional virtual network integration. + type: string + webdeployPublishBasicAuthenticationEnabled: + description: Should the default WebDeploy Basic Authentication + publishing credentials enabled. Defaults to true. + type: boolean + zipDeployFile: + description: |- + The local path and filename of the Zip packaged application to deploy to this Linux Function App. + The local path and filename of the Zip packaged application to deploy to this Linux Function App. **Note:** Using this value requires either `WEBSITE_RUN_FROM_PACKAGE=1` or `SCM_DO_BUILD_DURING_DEPLOYMENT=true` to be set on the App in `app_settings`. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/internal/schemas/generator/testdata/configuration_crossplane.yaml b/internal/schemas/generator/testdata/configuration_crossplane.yaml new file mode 100644 index 0000000..40a008a --- /dev/null +++ b/internal/schemas/generator/testdata/configuration_crossplane.yaml @@ -0,0 +1,21 @@ +apiVersion: meta.pkg.crossplane.io/v1alpha1 +kind: Configuration +metadata: + name: configuration-aws-network + annotations: + meta.crossplane.io/maintainer: Upbound + meta.crossplane.io/source: github.com/upbound/configuration-aws-network + meta.crossplane.io/license: Apache-2.0 +spec: + crossplane: + version: ">=v1.14.1-0" + dependsOn: + - provider: xpkg.upbound.io/upbound/provider-aws-ec2 + # renovate: datasource=github-releases depName=upbound/provider-aws + version: "v1.11.0" + - function: xpkg.upbound.io/crossplane-contrib/function-auto-ready + # renovate: datasource=github-releases depName=crossplane-contrib/function-auto-ready + version: "v0.2.1" + - function: xpkg.upbound.io/crossplane-contrib/function-go-templating + # renovate: datasource=github-releases depName=crossplane-contrib/function-go-templating + version: "v0.5.0" \ No newline at end of file diff --git a/internal/schemas/manager/lock.go b/internal/schemas/manager/lock.go new file mode 100644 index 0000000..e4387d9 --- /dev/null +++ b/internal/schemas/manager/lock.go @@ -0,0 +1,31 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package manager + +const lockFileName = ".lock.json" + +// lock tracks the versions of sources whose schemas are present in the +// manager. It is persisted to the manager's filesystem. +type lock struct { + Packages map[string]string `json:"packages"` +} + +func newLock() *lock { + return &lock{ + Packages: make(map[string]string), + } +} diff --git a/internal/schemas/manager/manager.go b/internal/schemas/manager/manager.go new file mode 100644 index 0000000..ef975e7 --- /dev/null +++ b/internal/schemas/manager/manager.go @@ -0,0 +1,249 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package manager implements a schema manager for use in Crossplane projects. +package manager + +import ( + "context" + "encoding/json" + "io/fs" + "path/filepath" + "sync" + + "github.com/invopop/jsonschema" + "github.com/spf13/afero" + "golang.org/x/sync/errgroup" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + + "github.com/crossplane/cli/v2/internal/filesystem" + "github.com/crossplane/cli/v2/internal/schemas/generator" + "github.com/crossplane/cli/v2/internal/schemas/runner" +) + +// Manager is a schema manager. It manages a directory of schemas, generating +// new schemas only when necessary. +type Manager struct { + fs afero.Fs + generators []generator.Interface + runner runner.SchemaRunner + + lockMu sync.RWMutex +} + +// Add ensures schemas for resources in the given source are present in the +// managed directory. +func (m *Manager) Add(ctx context.Context, source Source) error { + version, err := source.Version(ctx) + if err != nil { + return err + } + + existing, err := m.currentVersion(source.ID()) + if err != nil { + return err + } + if existing == version { + return nil + } + + _, err = m.Generate(ctx, source) + return err +} + +// Generate generates and returns schemas using the manager's generators, and +// adds them to the manager. Unlike Add, Generate will always generate schemas, +// regardless of whether they're already present in the manager. +func (m *Manager) Generate(ctx context.Context, source Source) (map[string]afero.Fs, error) { + version, err := source.Version(ctx) + if err != nil { + return nil, err + } + + fromFS, err := source.Resources(ctx) + if err != nil { + return nil, err + } + + schemas := make(map[string]afero.Fs) + eg, egCtx := errgroup.WithContext(ctx) + sourceType := source.Type() + for _, gen := range m.generators { + eg.Go(func() error { + var schemaFS afero.Fs + var err error + + switch sourceType { + case SourceTypeCRD: + schemaFS, err = gen.GenerateFromCRD(egCtx, fromFS, m.runner) + case SourceTypeOpenAPI: + schemaFS, err = gen.GenerateFromOpenAPI(egCtx, fromFS, m.runner) + default: + return errors.Errorf("unsupported source type %q", sourceType) + } + if err != nil { + return err + } + + if schemaFS != nil { + schemas[gen.Language()] = schemaFS + } + + return nil + }) + } + if err := eg.Wait(); err != nil { + return nil, err + } + + // Copy generated schemas into our schema repository. Generators produce + // output into models/ — we strip that prefix by copying from models/ into + // the language directory. + for lang, genFS := range schemas { + langFS := afero.NewBasePathFs(m.fs, lang) + + // Try to copy from models/ subdirectory first (generators put output there). + modelsFS := afero.NewBasePathFs(genFS, "models") + hasModels := false + if fi, err := modelsFS.Stat("."); err == nil && fi.IsDir() { + hasModels = true + } + + if hasModels { + if err := filesystem.CopyFilesBetweenFs(modelsFS, langFS); err != nil { + return nil, err + } + } else { + if err := filesystem.CopyFilesBetweenFs(genFS, langFS); err != nil { + return nil, err + } + } + + if err := postProcessForLanguage(lang, langFS); err != nil { + return nil, err + } + } + + return schemas, m.updateVersion(source.ID(), version) +} + +func postProcessForLanguage(language string, langFS afero.Fs) error { + switch language { + case "json": + if err := jsonBuildIndexSchema(langFS); err != nil { + return errors.Wrap(err, "failed to build index schema for JSON") + } + return nil + + default: + return nil + } +} + +func jsonBuildIndexSchema(langFS afero.Fs) error { + schemas, err := afero.Glob(langFS, "*.schema.json") + if err != nil { + return err + } + + metaFile := "index.schema.json" + var metaSchema jsonschema.Schema + for _, schema := range schemas { + if schema == metaFile { + continue + } + metaSchema.AnyOf = append(metaSchema.AnyOf, &jsonschema.Schema{ + Ref: filepath.Base(schema), + }) + } + bs, err := json.Marshal(metaSchema) + if err != nil { + return err + } + + return afero.WriteFile(langFS, metaFile, bs, 0o644) +} + +func (m *Manager) currentVersion(id string) (string, error) { + m.lockMu.RLock() + defer m.lockMu.RUnlock() + + l, err := m.getLock() + if err != nil { + return "", err + } + + return l.Packages[id], nil +} + +func (m *Manager) updateVersion(id, version string) error { + m.lockMu.Lock() + defer m.lockMu.Unlock() + + l, err := m.getLock() + if err != nil { + return err + } + + l.Packages[id] = version + + return m.updateLock(l) +} + +func (m *Manager) getLock() (*lock, error) { + lf, err := m.fs.Open(lockFileName) + if err != nil { + if errors.Is(err, fs.ErrNotExist) { + return newLock(), nil + } + return nil, err + } + defer func() { _ = lf.Close() }() + + var l lock + if err := json.NewDecoder(lf).Decode(&l); err != nil { + return nil, err + } + + return &l, nil +} + +func (m *Manager) updateLock(l *lock) error { + if err := m.fs.MkdirAll("/", 0o750); err != nil { + return errors.Wrap(err, "failed to ensure schema directory exists") + } + + bs, err := json.Marshal(l) + if err != nil { + return errors.Wrap(err, "failed to serialize schema lock") + } + + if err := afero.WriteFile(m.fs, lockFileName, bs, 0o600); err != nil { + return errors.Wrap(err, "failed to write schema lock file") + } + + return nil +} + +// New returns an initialized manager. +func New(fs afero.Fs, gens []generator.Interface, r runner.SchemaRunner) *Manager { + return &Manager{ + fs: fs, + generators: gens, + runner: r, + } +} diff --git a/internal/schemas/manager/manager_test.go b/internal/schemas/manager/manager_test.go new file mode 100644 index 0000000..8dba1a2 --- /dev/null +++ b/internal/schemas/manager/manager_test.go @@ -0,0 +1,215 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package manager + +import ( + "context" + "io/fs" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/spf13/afero" + + "github.com/crossplane/cli/v2/internal/schemas/generator" + "github.com/crossplane/cli/v2/internal/schemas/runner" +) + +func TestManager_Add(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + lock *lock + gen generator.Interface + src Source + + expectedLock *lock + expectedFiles map[string]string + expectErr bool + }{ + // Version already matches: skip generation. + "AlreadyGenerated": { + lock: &lock{ + Packages: map[string]string{ + "xpkg.upbound.io/my-org/my-pkg": "v1.0.0", + }, + }, + gen: &mockGenerator{ + files: map[string]string{ + "should-not-exist": "does not get created", + }, + }, + src: &mockSource{ + id: "xpkg.upbound.io/my-org/my-pkg", + version: "v1.0.0", + }, + expectedLock: &lock{ + Packages: map[string]string{ + "xpkg.upbound.io/my-org/my-pkg": "v1.0.0", + }, + }, + }, + // No lock at all: generate and record version. + "EmptyLock": { + gen: &mockGenerator{ + files: map[string]string{ + "should-exist": "does get created", + }, + }, + src: &mockSource{ + id: "xpkg.upbound.io/my-org/my-pkg", + version: "v1.0.0", + }, + expectedLock: &lock{ + Packages: map[string]string{ + "xpkg.upbound.io/my-org/my-pkg": "v1.0.0", + }, + }, + expectedFiles: map[string]string{ + "mock/should-exist": "does get created", + }, + }, + // Version changed: regenerate and update lock. + "VersionUpdated": { + lock: &lock{ + Packages: map[string]string{ + "xpkg.upbound.io/my-org/my-pkg": "v1.0.0", + }, + }, + gen: &mockGenerator{ + files: map[string]string{ + "should-exist": "does get created", + }, + }, + src: &mockSource{ + id: "xpkg.upbound.io/my-org/my-pkg", + version: "v1.1.0", + }, + expectedLock: &lock{ + Packages: map[string]string{ + "xpkg.upbound.io/my-org/my-pkg": "v1.1.0", + }, + }, + expectedFiles: map[string]string{ + "mock/should-exist": "does get created", + }, + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + testFS := afero.NewMemMapFs() + + m := New(testFS, []generator.Interface{tc.gen}, nil) + if tc.lock != nil { + if err := m.updateLock(tc.lock); err != nil { + t.Fatal(err) + } + } + + err := m.Add(t.Context(), tc.src) + if tc.expectErr { + if err == nil { + t.Fatal("expected error, got nil") + } + return + } + if err != nil { + t.Fatal(err) + } + + _ = afero.Walk(testFS, ".", func(path string, info fs.FileInfo, err error) error { + if err != nil { + t.Fatal(err) + } + if info.Name() == lockFileName { + return nil + } + if info.IsDir() { + return nil + } + + want, ok := tc.expectedFiles[path] + if !ok { + t.Errorf("unexpected file %q generated", path) + } + + got, err := afero.ReadFile(testFS, path) + if err != nil { + t.Fatal(err) + } + if diff := cmp.Diff(want, string(got)); diff != "" { + t.Errorf("file %q content (-want +got):\n%s", path, diff) + } + + return nil + }) + + gotLock, err := m.getLock() + if err != nil { + t.Fatal(err) + } + if diff := cmp.Diff(tc.expectedLock, gotLock); diff != "" { + t.Errorf("lock (-want +got):\n%s", diff) + } + }) + } +} + +type mockGenerator struct { + files map[string]string +} + +func (g *mockGenerator) Language() string { + return "mock" +} + +func (g *mockGenerator) GenerateFromCRD(_ context.Context, _ afero.Fs, _ runner.SchemaRunner) (afero.Fs, error) { + fs := afero.NewMemMapFs() + for path, contents := range g.files { + if err := afero.WriteFile(fs, path, []byte(contents), 0o600); err != nil { + return nil, err + } + } + return fs, nil +} + +func (g *mockGenerator) GenerateFromOpenAPI(_ context.Context, _ afero.Fs, _ runner.SchemaRunner) (afero.Fs, error) { + return nil, nil +} + +type mockSource struct { + id string + version string +} + +func (s *mockSource) ID() string { + return s.id +} + +func (s *mockSource) Version(_ context.Context) (string, error) { + return s.version, nil +} + +func (s *mockSource) Resources(_ context.Context) (afero.Fs, error) { + return nil, nil +} + +func (s *mockSource) Type() SourceType { + return SourceTypeCRD +} diff --git a/internal/schemas/manager/source.go b/internal/schemas/manager/source.go new file mode 100644 index 0000000..feed85a --- /dev/null +++ b/internal/schemas/manager/source.go @@ -0,0 +1,531 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package manager + +import ( + "context" + "crypto/sha256" + "fmt" + "io" + "io/fs" + "net/http" + "net/url" + "path" + "path/filepath" + "slices" + "strings" + "time" + + "github.com/Masterminds/semver/v3" + "github.com/go-git/go-billy/v5" + "github.com/go-git/go-billy/v5/helper/iofs" + "github.com/go-git/go-billy/v5/memfs" + "github.com/go-git/go-git/v5/storage/memory" + "github.com/spf13/afero" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + + "github.com/crossplane/cli/v2/apis/dev/v1alpha1" + "github.com/crossplane/cli/v2/internal/filesystem" + "github.com/crossplane/cli/v2/internal/git" +) + +// SourceType represents the type of source. +type SourceType string + +const ( + // SourceTypeCRD indicates a source containing CRDs/XRDs. + SourceTypeCRD SourceType = "crd" + // SourceTypeOpenAPI indicates a source containing OpenAPI specifications. + SourceTypeOpenAPI SourceType = "openapi" +) + +// Source is a source of resources for which schemas can be generated. +type Source interface { + // ID returns a unique identifier for this source. + ID() string + // Version returns a revision identifier for this source. + Version(ctx context.Context) (string, error) + // Resources returns a filesystem containing resources for which schemas + // need to be generated. + Resources(ctx context.Context) (afero.Fs, error) + // Type returns the type of source. + Type() SourceType +} + +// calculateFilesystemHash calculates a SHA256 hash of the filesystem contents. +func calculateFilesystemHash(filesystem afero.Fs, sourceType SourceType) (string, error) { + h := sha256.New() + + var extensions []string + switch sourceType { + case SourceTypeCRD: + extensions = []string{".yaml", ".yml"} + case SourceTypeOpenAPI: + extensions = []string{".json"} + default: + extensions = []string{".yaml", ".yml", ".json"} + } + + if err := afero.Walk(filesystem, ".", func(path string, info fs.FileInfo, err error) error { + if err != nil { + return err + } + if info.IsDir() { + return nil + } + + ext := strings.ToLower(filepath.Ext(path)) + if !slices.Contains(extensions, ext) { + return nil + } + + f, err := filesystem.Open(path) + if err != nil { + return err + } + defer func() { _ = f.Close() }() + + if _, err := io.Copy(h, f); err != nil { + return err + } + + return nil + }); err != nil { + return "", err + } + + return fmt.Sprintf("%x", h.Sum(nil)), nil +} + +// fsSource is a resource source backed by a filesystem. +type fsSource struct { + id string + fs afero.Fs +} + +func (f *fsSource) ID() string { + return "fs://" + f.id +} + +func (f *fsSource) Version(_ context.Context) (string, error) { + return calculateFilesystemHash(f.fs, SourceTypeCRD) +} + +func (f *fsSource) Resources(_ context.Context) (afero.Fs, error) { + return f.fs, nil +} + +func (f *fsSource) Type() SourceType { + return SourceTypeCRD +} + +// NewFSSource returns a new filesystem-backed resource source. The id should +// be a stable, location-independent identifier (e.g. a project-relative path) +// since it is persisted in the schema manager's lockfile. +func NewFSSource(id string, fs afero.Fs) Source { + return &fsSource{id: id, fs: fs} +} + +// xpkgSource is a source backed by extracted CRDs from an xpkg. Unlike the +// up CLI, this always generates client-side (never uses pre-packaged schemas). +type xpkgSource struct { + id string + version string + crdFS afero.Fs +} + +func (s *xpkgSource) ID() string { + return "xpkg://" + s.id +} + +func (s *xpkgSource) Version(_ context.Context) (string, error) { + return s.version, nil +} + +func (s *xpkgSource) Resources(_ context.Context) (afero.Fs, error) { + return s.crdFS, nil +} + +func (s *xpkgSource) Type() SourceType { + return SourceTypeCRD +} + +// NewXpkgSource returns a new xpkg-backed resource source. The crdFS should +// contain extracted CRD YAML files from the package. +func NewXpkgSource(id, version string, crdFS afero.Fs) Source { + return &xpkgSource{ + id: id, + version: version, + crdFS: crdFS, + } +} + +const maxCloneAttempts = 3 + +// gitSource is a resource source that fetches directly from git repositories. +type gitSource struct { + gitRef *v1alpha1.GitDependency + cloner git.Cloner + authProvider git.AuthProvider + sourceType SourceType + fs afero.Fs + commitSHA string +} + +func (g *gitSource) ID() string { + id := fmt.Sprintf("git://%s", g.gitRef.Repository) + if g.gitRef.Path != "" { + id = fmt.Sprintf("%s/%s", id, g.gitRef.Path) + } + return id +} + +func (g *gitSource) Version(ctx context.Context) (string, error) { + if g.commitSHA != "" { + return g.commitSHA, nil + } + + if _, err := g.Resources(ctx); err != nil { + return "", err + } + return g.commitSHA, nil +} + +func (g *gitSource) Resources(_ context.Context) (afero.Fs, error) { + if g.fs != nil { + return g.fs, nil + } + + ref := g.normalizeRef(g.gitRef.Ref) + + var memFS billy.Filesystem + var lastErr error + + for attempt := 1; attempt <= maxCloneAttempts; attempt++ { + memFS = memfs.New() + + headRef, err := g.cloner.CloneRepository( + memory.NewStorage(), + memFS, + g.authProvider, + git.CloneOptions{ + Repo: g.gitRef.Repository, + RefName: ref, + Path: g.gitRef.Path, + }, + ) + if err != nil { + lastErr = errors.Wrapf(err, "clone attempt %d failed", attempt) + continue + } + + if headRef != nil { + g.commitSHA = headRef.Hash().String() + } + + if err := g.verifyClone(memFS, g.gitRef.Path); err != nil { + lastErr = errors.Wrapf(err, "verification failed after attempt %d", attempt) + continue + } + + lastErr = nil + break + } + + if lastErr != nil { + return nil, errors.Wrapf(lastErr, "failed to clone repository %s after %d attempts", g.gitRef.Repository, maxCloneAttempts) + } + + resultFS := afero.NewMemMapFs() + + if err := filesystem.CopyFilesBetweenFs(afero.FromIOFS{FS: iofs.New(memFS)}, resultFS); err != nil { + return nil, errors.Wrap(err, "failed to copy files from git repository") + } + + g.fs = resultFS + return g.fs, nil +} + +func (g *gitSource) Type() SourceType { + return g.sourceType +} + +func (g *gitSource) normalizeRef(ref string) string { + if ref == "" { + return "refs/heads/main" + } + + if git.CheckSHA1Hash(ref) { + return ref + } + + if len(ref) > 5 && ref[:5] == "refs/" { + return ref + } + + if _, err := semver.NewVersion(ref); err == nil { + return "refs/tags/" + ref + } + + return "refs/heads/" + ref +} + +func (g *gitSource) verifyClone(fs billy.Filesystem, path string) error { + files, err := fs.ReadDir(path) + if err != nil { + return errors.Wrapf(err, "cannot read cloned path %s", path) + } + + if len(files) == 0 { + return errors.Errorf("no files found in cloned path %s", path) + } + + return nil +} + +// NewGitSource returns a new git-backed resource source. +func NewGitSource(dep v1alpha1.Dependency, cloner git.Cloner, authProvider git.AuthProvider) Source { + sourceType := SourceTypeCRD + if dep.Type == v1alpha1.DependencyTypeK8s { + sourceType = SourceTypeOpenAPI + } + + return &gitSource{ + gitRef: dep.Git, + cloner: cloner, + authProvider: authProvider, + sourceType: sourceType, + } +} + +const ( + defaultHTTPTimeout = 1 * time.Minute + maxHTTPSize = 100 * 1024 * 1024 +) + +// httpSource is a resource source that fetches from HTTP/HTTPS URLs. +type httpSource struct { + httpRef *v1alpha1.HTTPDependency + client *http.Client + sourceType SourceType + fs afero.Fs +} + +func (h *httpSource) ID() string { + return fmt.Sprintf("http://%s", h.httpRef.URL) +} + +func (h *httpSource) Version(ctx context.Context) (string, error) { + if h.fs != nil { + return h.calculateHash() + } + + if _, err := h.Resources(ctx); err != nil { + return "", err + } + return h.calculateHash() +} + +func (h *httpSource) Resources(ctx context.Context) (afero.Fs, error) { + if h.fs != nil { + return h.fs, nil + } + + u, err := url.Parse(h.httpRef.URL) + if err != nil { + return nil, errors.Wrap(err, "invalid URL") + } + + if u.Scheme != "http" && u.Scheme != "https" { + return nil, errors.Errorf("unsupported URL scheme: %s", u.Scheme) + } + + req, err := http.NewRequestWithContext(ctx, http.MethodGet, h.httpRef.URL, nil) + if err != nil { + return nil, errors.Wrap(err, "failed to create request") + } + + resp, err := h.client.Do(req) + if err != nil { + return nil, errors.Wrap(err, "failed to fetch URL") + } + defer resp.Body.Close() //nolint:errcheck // nothing to do here + + if resp.StatusCode != http.StatusOK { + return nil, errors.Errorf("unexpected status code: %d", resp.StatusCode) + } + + if resp.ContentLength > maxHTTPSize { + return nil, errors.Errorf("content too large: %d bytes (max: %d)", resp.ContentLength, maxHTTPSize) + } + + limitedReader := io.LimitReader(resp.Body, maxHTTPSize) + content, err := io.ReadAll(limitedReader) + if err != nil { + return nil, errors.Wrap(err, "failed to read response body") + } + + resultFS := afero.NewMemMapFs() + filename := h.getFilename(u) + + if err := afero.WriteFile(resultFS, filename, content, 0o644); err != nil { + return nil, errors.Wrap(err, "failed to write content to filesystem") + } + + h.fs = resultFS + return h.fs, nil +} + +func (h *httpSource) Type() SourceType { + return h.sourceType +} + +func (h *httpSource) calculateHash() (string, error) { + return calculateFilesystemHash(h.fs, h.sourceType) +} + +func (h *httpSource) getFilename(u *url.URL) string { + filename := path.Base(u.Path) + + if filename == "" || filename == "." || filename == "/" { + switch { + case strings.Contains(u.String(), "yaml") || strings.Contains(u.String(), "yml"): + filename = "crd.yaml" + case h.sourceType == SourceTypeOpenAPI: + filename = "openapi.json" + default: + filename = "crd" + } + } + + return filename +} + +// NewHTTPSource returns a new HTTP-backed resource source. +func NewHTTPSource(dep v1alpha1.Dependency) Source { + sourceType := SourceTypeCRD + if dep.Type == v1alpha1.DependencyTypeK8s { + sourceType = SourceTypeOpenAPI + } + + return &httpSource{ + httpRef: dep.HTTP, + client: &http.Client{ + Timeout: defaultHTTPTimeout, + }, + sourceType: sourceType, + } +} + +// k8sOpenAPISource is a source that generates OpenAPI schemas for Kubernetes +// built-in APIs by downloading the swagger spec. +type k8sOpenAPISource struct { + k8sRef *v1alpha1.K8sDependency + client *http.Client + fs afero.Fs +} + +func (k *k8sOpenAPISource) ID() string { + return fmt.Sprintf("k8s://%s", k.k8sRef.Version) +} + +func (k *k8sOpenAPISource) Version(_ context.Context) (string, error) { + return k.k8sRef.Version, nil +} + +func (k *k8sOpenAPISource) Resources(ctx context.Context) (afero.Fs, error) { + if k.fs != nil { + return k.fs, nil + } + + // Download the OpenAPI v3 spec from the Kubernetes repo + specURL := fmt.Sprintf("https://raw.githubusercontent.com/kubernetes/kubernetes/v%s/api/openapi-spec/v3/api__v1_openapi.json", strings.TrimPrefix(k.k8sRef.Version, "v")) + req, err := http.NewRequestWithContext(ctx, http.MethodGet, specURL, nil) + if err != nil { + return nil, errors.Wrap(err, "failed to create request") + } + + resp, err := k.client.Do(req) + if err != nil { + return nil, errors.Wrap(err, "failed to fetch Kubernetes OpenAPI spec") + } + defer resp.Body.Close() //nolint:errcheck // nothing to do + + if resp.StatusCode != http.StatusOK { + return nil, errors.Errorf("failed to download Kubernetes OpenAPI spec: HTTP %d", resp.StatusCode) + } + + content, err := io.ReadAll(io.LimitReader(resp.Body, maxHTTPSize)) + if err != nil { + return nil, errors.Wrap(err, "failed to read Kubernetes OpenAPI spec") + } + + resultFS := afero.NewMemMapFs() + if err := afero.WriteFile(resultFS, "api__v1_openapi.json", content, 0o644); err != nil { + return nil, errors.Wrap(err, "failed to write OpenAPI spec") + } + + // Also try to download the apis specs + apisGroups := []string{ + "apis__apps__v1", + "apis__autoscaling__v1", + "apis__batch__v1", + "apis__networking.k8s.io__v1", + "apis__policy__v1", + "apis__rbac.authorization.k8s.io__v1", + "apis__storage.k8s.io__v1", + } + + for _, group := range apisGroups { + groupURL := fmt.Sprintf("https://raw.githubusercontent.com/kubernetes/kubernetes/v%s/api/openapi-spec/v3/%s_openapi.json", strings.TrimPrefix(k.k8sRef.Version, "v"), group) + groupReq, err := http.NewRequestWithContext(ctx, http.MethodGet, groupURL, nil) + if err != nil { + continue + } + + groupResp, err := k.client.Do(groupReq) + if err != nil { + continue + } + + if groupResp.StatusCode == http.StatusOK { + groupContent, err := io.ReadAll(io.LimitReader(groupResp.Body, maxHTTPSize)) + if err == nil { + _ = afero.WriteFile(resultFS, group+"_openapi.json", groupContent, 0o644) + } + } + _ = groupResp.Body.Close() + } + + k.fs = resultFS + return k.fs, nil +} + +func (k *k8sOpenAPISource) Type() SourceType { + return SourceTypeOpenAPI +} + +// NewK8sSource returns a source for Kubernetes built-in APIs. +func NewK8sSource(dep v1alpha1.Dependency) Source { + return &k8sOpenAPISource{ + k8sRef: dep.K8s, + client: &http.Client{ + Timeout: defaultHTTPTimeout, + }, + } +} diff --git a/internal/schemas/manager/source_test.go b/internal/schemas/manager/source_test.go new file mode 100644 index 0000000..387cfe7 --- /dev/null +++ b/internal/schemas/manager/source_test.go @@ -0,0 +1,682 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package manager + +import ( + "testing" + + "github.com/go-git/go-billy/v5" + "github.com/go-git/go-billy/v5/memfs" + "github.com/go-git/go-git/v5/plumbing" + "github.com/go-git/go-git/v5/plumbing/transport" + "github.com/go-git/go-git/v5/storage" + "github.com/google/go-cmp/cmp" + "github.com/spf13/afero" + + "github.com/crossplane/cli/v2/apis/dev/v1alpha1" + "github.com/crossplane/cli/v2/internal/git" +) + +// mockCloner is a mock implementation of git.Cloner for testing. +type mockCloner struct { + ref *plumbing.Reference + cloneErr error + cloneCalls int +} + +func (m *mockCloner) CloneRepository(_ storage.Storer, fs billy.Filesystem, _ git.AuthProvider, opts git.CloneOptions) (*plumbing.Reference, error) { + m.cloneCalls++ + if m.cloneErr != nil { + return nil, m.cloneErr + } + + // Create a test file in the filesystem to simulate a successful clone. + if opts.Path != "" { + if err := fs.MkdirAll(opts.Path, 0o755); err != nil { + return nil, err + } + file, err := fs.Create(opts.Path + "/test.yaml") + if err != nil { + return nil, err + } + _ = file.Close() + } else { + file, err := fs.Create("test.yaml") + if err != nil { + return nil, err + } + _ = file.Close() + } + + return m.ref, nil +} + +// mockAuthProvider is a mock implementation of git.AuthProvider. +type mockAuthProvider struct{} + +func (m *mockAuthProvider) GetAuthMethod() (transport.AuthMethod, error) { + return nil, nil +} + +func TestGitSourceVersion(t *testing.T) { + t.Parallel() + + commitHash := plumbing.NewHash("abc123def456789012345678901234567890abcd") + mockRef := plumbing.NewHashReference("refs/heads/main", commitHash) + + tcs := map[string]struct { + source *gitSource + wantSHA string + wantError bool + }{ + "ReturnsCommitSHA": { + source: &gitSource{ + gitRef: &v1alpha1.GitDependency{ + Repository: "https://github.com/example/repo.git", + Ref: "main", + }, + cloner: &mockCloner{ + ref: mockRef, + }, + authProvider: &mockAuthProvider{}, + sourceType: SourceTypeCRD, + }, + wantSHA: "abc123def456789012345678901234567890abcd", + wantError: false, + }, + "CachedCommitSHA": { + source: &gitSource{ + gitRef: &v1alpha1.GitDependency{ + Repository: "https://github.com/example/repo.git", + Ref: "main", + }, + cloner: &mockCloner{ref: mockRef}, + authProvider: &mockAuthProvider{}, + sourceType: SourceTypeCRD, + commitSHA: "cached123def456789012345678901234567890a", + }, + wantSHA: "cached123def456789012345678901234567890a", + wantError: false, + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + gotVersion, err := tc.source.Version(t.Context()) + + if tc.wantError { + if err == nil { + t.Fatal("expected error, got nil") + } + return + } + + if err != nil { + t.Fatal(err) + } + if diff := cmp.Diff(tc.wantSHA, gotVersion); diff != "" { + t.Errorf("(-want +got):\n%s", diff) + } + }) + } +} + +func TestGitSourceResources(t *testing.T) { + t.Parallel() + + commitHash := plumbing.NewHash("abc123def456789012345678901234567890abcd") + mockRef := plumbing.NewHashReference("refs/heads/main", commitHash) + + tcs := map[string]struct { + source *gitSource + wantCommitSHA string + wantError bool + }{ + "StoresCommitSHA": { + source: &gitSource{ + gitRef: &v1alpha1.GitDependency{ + Repository: "https://github.com/example/repo.git", + Ref: "main", + }, + cloner: &mockCloner{ + ref: mockRef, + }, + authProvider: &mockAuthProvider{}, + sourceType: SourceTypeCRD, + }, + wantCommitSHA: "abc123def456789012345678901234567890abcd", + wantError: false, + }, + "WithPath": { + source: &gitSource{ + gitRef: &v1alpha1.GitDependency{ + Repository: "https://github.com/example/repo.git", + Ref: "main", + Path: "apis", + }, + cloner: &mockCloner{ + ref: mockRef, + }, + authProvider: &mockAuthProvider{}, + sourceType: SourceTypeCRD, + }, + wantCommitSHA: "abc123def456789012345678901234567890abcd", + wantError: false, + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + gotFS, err := tc.source.Resources(t.Context()) + + if tc.wantError { + if err == nil { + t.Fatal("expected error, got nil") + } + return + } + + if err != nil { + t.Fatal(err) + } + if gotFS == nil { + t.Fatal("expected non-nil filesystem") + } + if diff := cmp.Diff(tc.wantCommitSHA, tc.source.commitSHA); diff != "" { + t.Errorf("(-want +got):\n%s", diff) + } + + // Verify filesystem is cached + if tc.source.fs == nil { + t.Fatal("expected cached filesystem") + } + + // Verify that calling Resources again returns cached filesystem. + gotFS2, err := tc.source.Resources(t.Context()) + if err != nil { + t.Fatal(err) + } + if gotFS != gotFS2 { + t.Errorf("expected cached filesystem to be returned") + } + }) + } +} + +func TestGitSourceID(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + source *gitSource + wantID string + }{ + "BasicRepository": { + source: &gitSource{ + gitRef: &v1alpha1.GitDependency{ + Repository: "https://github.com/example/repo.git", + }, + }, + wantID: "git://https://github.com/example/repo.git", + }, + "RepositoryWithPath": { + source: &gitSource{ + gitRef: &v1alpha1.GitDependency{ + Repository: "https://github.com/example/repo.git", + Path: "apis/crds", + }, + }, + wantID: "git://https://github.com/example/repo.git/apis/crds", + }, + "EmptyRepository": { + source: &gitSource{ + gitRef: &v1alpha1.GitDependency{ + Repository: "", + }, + }, + wantID: "git://", + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + gotID := tc.source.ID() + if diff := cmp.Diff(tc.wantID, gotID); diff != "" { + t.Errorf("(-want +got):\n%s", diff) + } + }) + } +} + +func TestGitSourceType(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + source *gitSource + wantType SourceType + }{ + "CRDType": { + source: &gitSource{ + sourceType: SourceTypeCRD, + }, + wantType: SourceTypeCRD, + }, + "OpenAPIType": { + source: &gitSource{ + sourceType: SourceTypeOpenAPI, + }, + wantType: SourceTypeOpenAPI, + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + gotType := tc.source.Type() + if diff := cmp.Diff(tc.wantType, gotType); diff != "" { + t.Errorf("(-want +got):\n%s", diff) + } + }) + } +} + +func TestGitSourceNormalizeRef(t *testing.T) { + t.Parallel() + + g := &gitSource{} + + tcs := map[string]struct { + input string + want string + }{ + "EmptyRef": { + input: "", + want: "refs/heads/main", + }, + "BranchName": { + input: "develop", + want: "refs/heads/develop", + }, + "VersionTag": { + input: "v1.2.3", + want: "refs/tags/v1.2.3", + }, + "NumericVersionTag": { + input: "1.2.3", + want: "refs/tags/1.2.3", + }, + "FullRef": { + input: "refs/heads/feature", + want: "refs/heads/feature", + }, + "FullTagRef": { + input: "refs/tags/v1.0.0", + want: "refs/tags/v1.0.0", + }, + "SHA256Hash": { + input: "abc123def456789012345678901234567890abcd", + want: "abc123def456789012345678901234567890abcd", + }, + "SHA256HashUppercase": { + input: "ABC123DEF456789012345678901234567890ABCD", + want: "ABC123DEF456789012345678901234567890ABCD", + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + got := g.normalizeRef(tc.input) + if diff := cmp.Diff(tc.want, got); diff != "" { + t.Errorf("(-want +got):\n%s", diff) + } + }) + } +} + +func TestGitSourceVerifyClone(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + setupFS func() billy.Filesystem + path string + wantError bool + }{ + "ValidClone": { + setupFS: func() billy.Filesystem { + fs := memfs.New() + file, _ := fs.Create("test.yaml") + _ = file.Close() + return fs + }, + path: ".", + wantError: false, + }, + "ValidCloneWithPath": { + setupFS: func() billy.Filesystem { + fs := memfs.New() + _ = fs.MkdirAll("apis", 0o755) + file, _ := fs.Create("apis/test.yaml") + _ = file.Close() + return fs + }, + path: "apis", + wantError: false, + }, + "EmptyDirectory": { + setupFS: func() billy.Filesystem { + fs := memfs.New() + _ = fs.MkdirAll("empty", 0o755) + return fs + }, + path: "empty", + wantError: true, + }, + "NonExistentPath": { + setupFS: memfs.New, + path: "does-not-exist", + wantError: true, + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + g := &gitSource{} + fs := tc.setupFS() + + err := g.verifyClone(fs, tc.path) + + if tc.wantError { + if err == nil { + t.Fatal("expected error, got nil") + } + } else { + if err != nil { + t.Fatal(err) + } + } + }) + } +} + +func TestIsSHA256Hash(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + input string + want bool + }{ + "ValidSHA": { + input: "abc123def456789012345678901234567890abcd", + want: true, + }, + "ValidSHAUppercase": { + input: "ABC123DEF456789012345678901234567890ABCD", + want: true, + }, + "ValidSHAMixed": { + input: "AbC123DeF456789012345678901234567890aBcD", + want: true, + }, + "TooShort": { + input: "abc123", + want: false, + }, + "TooLong": { + input: "abc123def456789012345678901234567890abcde", + want: false, + }, + "InvalidCharacters": { + input: "xyz123def456789012345678901234567890abcd", + want: false, + }, + "EmptyString": { + input: "", + want: false, + }, + "BranchName": { + input: "main", + want: false, + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + got := git.CheckSHA1Hash(tc.input) + if diff := cmp.Diff(tc.want, got); diff != "" { + t.Errorf("(-want +got):\n%s", diff) + } + }) + } +} + +func TestCalculateFilesystemHash(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + setupFS func() afero.Fs + sourceType SourceType + wantError bool + wantSame bool // whether two identical setups should produce the same hash. + }{ + "CRDSourceWithYAMLFiles": { + setupFS: func() afero.Fs { + fs := afero.NewMemMapFs() + _ = afero.WriteFile(fs, "test1.yaml", []byte("apiVersion: v1\nkind: Test"), 0o644) + _ = afero.WriteFile(fs, "test2.yml", []byte("apiVersion: v1\nkind: Test2"), 0o644) + return fs + }, + sourceType: SourceTypeCRD, + wantError: false, + }, + "OpenAPISourceWithJSONFiles": { + setupFS: func() afero.Fs { + fs := afero.NewMemMapFs() + _ = afero.WriteFile(fs, "openapi.json", []byte(`{"openapi": "3.0.0"}`), 0o644) + return fs + }, + sourceType: SourceTypeCRD, + wantError: false, + }, + "CRDSourceIgnoresNonYAMLFiles": { + setupFS: func() afero.Fs { + fs := afero.NewMemMapFs() + _ = afero.WriteFile(fs, "test.yaml", []byte("apiVersion: v1\nkind: Test"), 0o644) + _ = afero.WriteFile(fs, "readme.txt", []byte("This should be ignored"), 0o644) + _ = afero.WriteFile(fs, "script.sh", []byte("#!/bin/bash"), 0o644) + return fs + }, + sourceType: SourceTypeCRD, + wantError: false, + }, + "OpenAPISourceIgnoresNonJSONFiles": { + setupFS: func() afero.Fs { + fs := afero.NewMemMapFs() + _ = afero.WriteFile(fs, "openapi.json", []byte(`{"openapi": "3.0.0"}`), 0o644) + _ = afero.WriteFile(fs, "test.yaml", []byte("apiVersion: v1\nkind: Test"), 0o644) + return fs + }, + sourceType: SourceTypeOpenAPI, + wantError: false, + }, + "EmptyFilesystem": { + setupFS: afero.NewMemMapFs, + sourceType: SourceTypeCRD, + wantError: false, + }, + "DirectoriesIgnored": { + setupFS: func() afero.Fs { + fs := afero.NewMemMapFs() + _ = fs.MkdirAll("subdir", 0o755) + _ = afero.WriteFile(fs, "subdir/test.yaml", []byte("apiVersion: v1\nkind: Test"), 0o644) + return fs + }, + sourceType: SourceTypeCRD, + wantError: false, + }, + "IdenticalContentSameHash": { + setupFS: func() afero.Fs { + fs := afero.NewMemMapFs() + _ = afero.WriteFile(fs, "test.yaml", []byte("apiVersion: v1\nkind: Test"), 0o644) + return fs + }, + sourceType: SourceTypeCRD, + wantError: false, + }, + "DifferentSourceTypeDifferentHash": { + setupFS: func() afero.Fs { + fs := afero.NewMemMapFs() + _ = afero.WriteFile(fs, "test.yaml", []byte("apiVersion: v1\nkind: Test"), 0o644) + _ = afero.WriteFile(fs, "openapi.json", []byte(`{"openapi": "3.0.0"}`), 0o644) + return fs + }, + sourceType: SourceTypeCRD, + wantError: false, + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + fs := tc.setupFS() + hash, err := calculateFilesystemHash(fs, tc.sourceType) + + if tc.wantError { + if err == nil { + t.Fatal("expected error, got nil") + } + return + } + + if err != nil { + t.Fatal(err) + } + if len(hash) == 0 { + t.Error("hash should not be empty") + } + if len(hash) != 64 { + t.Errorf("SHA256 hash should be 64 hex characters, got %d", len(hash)) + } + + // Verify hash is deterministic. + hash2, err := calculateFilesystemHash(fs, tc.sourceType) + if err != nil { + t.Fatal(err) + } + if hash != hash2 { + t.Errorf("hash should be deterministic: %q vs %q", hash, hash2) + } + + // Special case tests for specific scenarios. + switch name { + case "IdenticalContentSameHash": + // Test that identical content in different filesystem instances produces identical hashes. + fs2 := tc.setupFS() + hash3, err := calculateFilesystemHash(fs2, tc.sourceType) + if err != nil { + t.Fatal(err) + } + if hash != hash3 { + t.Errorf("identical content should produce identical hashes: %q vs %q", hash, hash3) + } + + case "DifferentSourceTypeDifferentHash": + // Test that same filesystem with different source type produces different hash. + hashOpenAPI, err := calculateFilesystemHash(fs, SourceTypeOpenAPI) + if err != nil { + t.Fatal(err) + } + if hash == hashOpenAPI { + t.Errorf("different source types should produce different hashes") + } + } + }) + } +} + +func TestCalculateFilesystemHashDifferentContent(t *testing.T) { + t.Parallel() + + tcs := map[string]struct { + setupFS1 func() afero.Fs + setupFS2 func() afero.Fs + sourceType SourceType + }{ + "DifferentFileContent": { + setupFS1: func() afero.Fs { + fs := afero.NewMemMapFs() + _ = afero.WriteFile(fs, "test.yaml", []byte("apiVersion: v1\nkind: Test1"), 0o644) + return fs + }, + setupFS2: func() afero.Fs { + fs := afero.NewMemMapFs() + _ = afero.WriteFile(fs, "test.yaml", []byte("apiVersion: v1\nkind: Test2"), 0o644) + return fs + }, + sourceType: SourceTypeCRD, + }, + "DifferentNumberOfFiles": { + setupFS1: func() afero.Fs { + fs := afero.NewMemMapFs() + _ = afero.WriteFile(fs, "test.yaml", []byte("apiVersion: v1\nkind: Test"), 0o644) + return fs + }, + setupFS2: func() afero.Fs { + fs := afero.NewMemMapFs() + _ = afero.WriteFile(fs, "test1.yaml", []byte("apiVersion: v1\nkind: Test"), 0o644) + _ = afero.WriteFile(fs, "test2.yaml", []byte("apiVersion: v1\nkind: Test2"), 0o644) + return fs + }, + sourceType: SourceTypeCRD, + }, + } + + for name, tc := range tcs { + t.Run(name, func(t *testing.T) { + t.Parallel() + + fs1 := tc.setupFS1() + fs2 := tc.setupFS2() + + hash1, err := calculateFilesystemHash(fs1, tc.sourceType) + if err != nil { + t.Fatal(err) + } + + hash2, err := calculateFilesystemHash(fs2, tc.sourceType) + if err != nil { + t.Fatal(err) + } + + if hash1 == hash2 { + t.Errorf("different content should produce different hashes") + } + }) + } +} diff --git a/internal/schemas/runner/run.go b/internal/schemas/runner/run.go new file mode 100644 index 0000000..1157d49 --- /dev/null +++ b/internal/schemas/runner/run.go @@ -0,0 +1,164 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package runner contains functions for handling containers for schema +// generation. +package runner + +import ( + "context" + "os" + "strings" + + "github.com/spf13/afero" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg" + + pkgv1beta1 "github.com/crossplane/crossplane/apis/v2/pkg/v1beta1" + + "github.com/crossplane/cli/v2/internal/docker" + "github.com/crossplane/cli/v2/internal/filesystem" + clixpkg "github.com/crossplane/cli/v2/internal/xpkg" +) + +// SchemaRunner defines an interface for schema generation. +type SchemaRunner interface { + Generate(ctx context.Context, fs afero.Fs, folder string, basePath string, imageName string, args []string, options ...Option) error +} + +// RealSchemaRunner implements the SchemaRunner interface. +type RealSchemaRunner struct { + configStore xpkg.ConfigStore +} + +// NewRealSchemaRunner creates a new RealSchemaRunner. +func NewRealSchemaRunner(opts ...ROption) *RealSchemaRunner { + r := &RealSchemaRunner{} + for _, o := range opts { + o(r) + } + return r +} + +// ROption configures the SchemaRunner. +type ROption func(*RealSchemaRunner) + +// WithImageConfig adds image rewriting rules to the SchemaRunner. +func WithImageConfig(cfgs []pkgv1beta1.ImageConfig) ROption { + return func(r *RealSchemaRunner) { + r.configStore = clixpkg.NewStaticImageConfigStore(cfgs) + } +} + +// GenerateOptions holds optional parameters for Generate. +type GenerateOptions struct { + CopyToPath string + CopyFromPath string + WorkDirectory string +} + +// Option is a function that modifies GenerateOptions. +type Option func(*GenerateOptions) + +// WithCopyToPath sets the CopyToPath option. +func WithCopyToPath(path string) Option { + return func(o *GenerateOptions) { + o.CopyToPath = path + } +} + +// WithCopyFromPath sets the CopyFromPath option. +func WithCopyFromPath(path string) Option { + return func(o *GenerateOptions) { + o.CopyFromPath = path + } +} + +// WithWorkDirectory sets the WorkDirectory option. +func WithWorkDirectory(dir string) Option { + return func(o *GenerateOptions) { + o.WorkDirectory = dir + } +} + +// DefaultGenerateOptions provides default values. +func DefaultGenerateOptions() GenerateOptions { + return GenerateOptions{ + CopyToPath: "/data/input", + CopyFromPath: "/data/input", + WorkDirectory: "/data/input", + } +} + +// Generate runs the containerized language tool for schema generation. +func (r RealSchemaRunner) Generate(ctx context.Context, fromFS afero.Fs, baseFolder, basePath, imageName string, command []string, options ...Option) error { + if err := docker.Check(ctx); err != nil { + return errors.Wrap(err, "failed to connect to Docker; schema generation requires a Docker-compatible container runtime") + } + + _, rewritten, err := r.configStore.RewritePath(ctx, imageName) + if err != nil { + return errors.Wrap(err, "failed to rewrite image ref") + } + if rewritten != "" { + imageName = rewritten + } + + o := DefaultGenerateOptions() + for _, opt := range options { + opt(&o) + } + + var opts []filesystem.FSToTarOption + if basePath != "" { + opts = append(opts, filesystem.WithSymlinkBasePath(basePath)) + } + tarBuffer, err := filesystem.FSToTar(fromFS, baseFolder, opts...) + if err != nil { + return errors.Wrapf(err, "failed to create tar from fs") + } + + var envVars []string + for _, e := range os.Environ() { + if strings.HasPrefix(e, "CROSSPLANE_") { + envVars = append(envVars, e) + } + } + + cid, err := docker.StartContainer(ctx, "", imageName, + docker.StartWithCopyFiles(tarBuffer, o.CopyToPath), + docker.StartWithCommand(command), + docker.StartWithEnv(envVars...), + docker.StartWithWorkingDirectory(o.WorkDirectory), + ) + if err != nil { + return err + } + + defer func() { + _ = docker.StopContainerByID(ctx, cid) + }() + + if err := docker.WaitForContainerByID(ctx, cid); err != nil { + return err + } + + return errors.Wrapf( + docker.CopyFromContainer(ctx, cid, o.CopyFromPath, fromFS), + "failed to copy tar from container", + ) +} diff --git a/internal/schemas/runner/run_test.go b/internal/schemas/runner/run_test.go new file mode 100644 index 0000000..2008e4b --- /dev/null +++ b/internal/schemas/runner/run_test.go @@ -0,0 +1,168 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package runner + +import ( + "context" + "os" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/spf13/afero" + + "github.com/crossplane/crossplane-runtime/v2/pkg/test" + + "github.com/crossplane/cli/v2/internal/filesystem" + + _ "embed" +) + +//go:embed testdata/template.fn.crossplane.io_kclinputs.yaml +var crd []byte + +func TestRunContainerWithKCL(t *testing.T) { + type withFsFn func() afero.Fs + + type args struct { + baseFolder string + fs withFsFn + runner SchemaRunner + } + + type want struct { + err error + } + + cases := map[string]struct { + reason string + args args + want want + }{ + "SuccessWithAccountScaffoldDefinition": { + reason: "Should successfully generate with crd using MockSchemaRunner.", + args: args{ + baseFolder: "data/input", + fs: func() afero.Fs { + fs := afero.NewMemMapFs() + _ = fs.Mkdir("data/input", os.ModePerm) + _ = afero.WriteFile(fs, "data/input/template.fn.crossplane.io_kclinputs.yaml", crd, os.ModePerm) + return fs + }, + runner: &MockSchemaRunner{}, + }, + want: want{ + err: nil, + }, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + fs := tc.args.fs() + + ctx := context.Background() + err := tc.args.runner.Generate(ctx, fs, tc.args.baseFolder, "", "mockImage", []string{}) + + if diff := cmp.Diff(tc.want.err, err, test.EquateErrors()); diff != "" { + t.Errorf("\n%s\nRunContainer(...): -want err, +got err:\n%s", tc.reason, diff) + } + + outputExists, _ := afero.Exists(fs, "models/k8s/apimachinery/pkg/apis/meta/v1/managed_fields_entry.k") + if !outputExists { + t.Errorf("\n%s\nExpected output file not found in in-memory fs", tc.reason) + } + }) + } +} + +func TestCreateTarFromFs(t *testing.T) { + type withFsFn func() afero.Fs + type args struct { + baseFolder string + fs withFsFn + } + type want struct { + tarFileExists bool + err error + } + + cases := map[string]struct { + reason string + args args + want want + }{ + "SuccessWithValidTar": { + reason: "Should successfully create tar from valid file system.", + args: args{ + baseFolder: ".", + fs: func() afero.Fs { + fs := afero.NewMemMapFs() + _ = afero.WriteFile(fs, "file.txt", []byte("hello world"), 0o644) + return fs + }, + }, + want: want{ + tarFileExists: true, + err: nil, + }, + }, + "FailWithInvalidPath": { + reason: "Will not fail to create tar due to invalid file path.", + args: args{ + baseFolder: "/invalid", + fs: afero.NewMemMapFs, + }, + want: want{ + tarFileExists: true, + err: nil, + }, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + fs := tc.args.fs() + + tarBuffer, err := filesystem.FSToTar(fs, tc.args.baseFolder) + + tarFileExists := len(tarBuffer) > 0 + if diff := cmp.Diff(tc.want.tarFileExists, tarFileExists); diff != "" { + t.Errorf("\n%s\ncreateTarFromFs(...): -want tar file, +got no tar file:\n%s", tc.reason, diff) + } + + if tc.want.err != nil { + if err == nil { + t.Errorf("Expected error but got none for test case: %s", name) + } else if diff := cmp.Diff(tc.want.err.Error(), err.Error()); diff != "" { + t.Errorf("\n%s\ncreateTarFromFs(...): -want err, +got err:\n%s", tc.reason, diff) + } + } else if err != nil { + t.Errorf("Unexpected error for test case %s: %v", name, err) + } + }) + } +} + +// MockSchemaRunner simulates a successful container run by generating output in-memory. +type MockSchemaRunner struct{} + +// Generate runs MockSchemaRunner generate for Schema. +func (m *MockSchemaRunner) Generate(_ context.Context, fs afero.Fs, _, _ string, _ string, _ []string, _ ...Option) error { + outputPath := "models/k8s/apimachinery/pkg/apis/meta/v1/managed_fields_entry.k" + _ = fs.MkdirAll("models/k8s/apimachinery/pkg/apis/meta/v1", os.ModePerm) + return afero.WriteFile(fs, outputPath, []byte("mock content"), os.ModePerm) +} diff --git a/internal/schemas/runner/testdata/template.fn.crossplane.io_kclinputs.yaml b/internal/schemas/runner/testdata/template.fn.crossplane.io_kclinputs.yaml new file mode 100644 index 0000000..5722b39 --- /dev/null +++ b/internal/schemas/runner/testdata/template.fn.crossplane.io_kclinputs.yaml @@ -0,0 +1,161 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: kclinputs.template.fn.crossplane.io +spec: + group: template.fn.crossplane.io + names: + categories: + - crossplane + kind: KCLInput + listKind: KCLInputList + plural: kclinputs + singular: kclinput + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: KCLInput can be used to provide input to this Function. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RunSpec defines the desired state of Crossplane KCL function. + properties: + config: + description: Config is the compile config. + properties: + arguments: + description: Arguments is the list of top level dynamic arguments + for the kcl option function, e.g., env="prod" + items: + type: string + type: array + debug: + description: Debug denotes running kcl in debug mode. + type: boolean + disableNone: + description: DisableNone denotes running kcl and disable dumping + None values. + type: boolean + overrides: + description: Overrides is the list of override paths and values, + e.g., app.image="v2" + items: + type: string + type: array + pathSelectors: + description: PathSelectors is the list of path selectors to select + output result, e.g., a.b.c + items: + type: string + type: array + settings: + description: Settings is the list of kcl setting files including + all of the CLI config. + items: + type: string + type: array + showHidden: + description: ShowHidden denotes output the hidden attribute in + the result. + type: boolean + sortKeys: + description: SortKeys denotes sorting the output result keys, + e.g., `{b = 1, a = 2} => {a = 2, b = 1}`. + type: boolean + strictRangeCheck: + description: StrictRangeCheck performs the 32-bit strict numeric + range checks on numbers. + type: boolean + vendor: + description: Vendor denotes running kcl in the vendor mode. + type: boolean + type: object + credentials: + description: Credentials for remote locations + properties: + password: + type: string + url: + type: string + username: + type: string + required: + - password + - username + type: object + dependencies: + description: |- + Dependencies are the external dependencies for the KCL code. + The format of the `dependencies` field is same as the `[dependencies]` in the `kcl.mod` file + type: string + params: + additionalProperties: + type: object + x-kubernetes-preserve-unknown-fields: true + description: Params are the parameters in key-value pairs format. + type: object + resources: + description: |- + Resources is a list of resources to patch and create + This is utilized when a Target is set to PatchResources + items: + properties: + base: + description: |- + Base of the composed resource that patches will be applied to. + According to the patches and transforms functions, this may be ommited on + occassion by a previous pipeline + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + name: + description: Name is a unique identifier for this entry in a + ResourceList + type: string + required: + - name + type: object + type: array + source: + description: Source is a required field for providing a KCL script + inline. + type: string + target: + default: Resources + description: Target determines what object the export output should + be applied to + enum: + - Default + - PatchDesired + - PatchResources + - Resources + - XR + type: string + required: + - source + - target + type: object + type: object + served: true + storage: true \ No newline at end of file diff --git a/internal/terminal/spinner.go b/internal/terminal/spinner.go new file mode 100644 index 0000000..877285b --- /dev/null +++ b/internal/terminal/spinner.go @@ -0,0 +1,447 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package terminal contains utilities for terminal interaction. +package terminal + +import ( + "fmt" + "io" + "os" + "os/signal" + "strings" + "sync" + "syscall" + "time" + + bspinner "github.com/charmbracelet/bubbles/spinner" + tea "github.com/charmbracelet/bubbletea" + "github.com/charmbracelet/lipgloss" + + "github.com/crossplane/cli/v2/internal/async" +) + +var ( + // Crossplane teal for dark backgrounds, dark blue for light backgrounds. + + //nolint:gochecknoglobals // This is effectively a const. + accentColor = lipgloss.AdaptiveColor{Dark: "#35D0BA", Light: "#183D54"} + //nolint:gochecknoglobals // This is effectively a const. + accentStyle = lipgloss.NewStyle().Foreground(accentColor) +) + +// SpinnerPrinter prints spinners to the console. +type SpinnerPrinter interface { + // NewSuccessSpinner returns a new success spinner. + NewSuccessSpinner(msg string) *SuccessSpinner + + // WrapWithSuccessSpinner adds spinners around message and run function. + WrapWithSuccessSpinner(msg string, f func() error) error + + // WrapAsyncWithSuccessSpinners runs a given function in a separate + // goroutine, consuming events from its event channel and using them to + // display a set of spinners on the terminal. One spinner will be generated + // for each unique event text received. A success/failure indicator will be + // displayed when each event completes. + WrapAsyncWithSuccessSpinners(f func(ch async.EventChannel) error) error +} + +type defaultSpinnerPrinter struct { + pretty bool + out io.Writer +} + +// NewSpinnerPrinter returns a new SpinnerPrinter. If pretty is true, animated +// spinners will be used; otherwise plain text output will be used. +func NewSpinnerPrinter(out io.Writer, pretty bool) SpinnerPrinter { + return &defaultSpinnerPrinter{ + pretty: pretty, + out: out, + } +} + +func (p *defaultSpinnerPrinter) NewSuccessSpinner(msg string) *SuccessSpinner { + return newSuccessSpinner(p.out, msg) +} + +func (p *defaultSpinnerPrinter) WrapWithSuccessSpinner(msg string, f func() error) error { + if p.pretty { + return p.wrapPretty(msg, f) + } + return p.wrapPlain(msg, f) +} + +func (p *defaultSpinnerPrinter) wrapPretty(msg string, f func() error) error { + sp := newSuccessSpinner(p.out, msg) + sp.Start() + + err := f() + + if err != nil { + sp.Fail() + } else { + sp.Success() + } + + return err +} + +func (p *defaultSpinnerPrinter) wrapPlain(msg string, f func() error) error { + _, _ = fmt.Fprintln(p.out, msg+"...") + + err := f() + + ind := "✓" + if err != nil { + ind = "✗" + } + _, _ = fmt.Fprintf(p.out, "%s %s\n", ind, msg) + + return err +} + +func (p *defaultSpinnerPrinter) WrapAsyncWithSuccessSpinners(fn func(ch async.EventChannel) error) error { + if p.pretty { + return p.asyncPretty(fn) + } + + return p.asyncPlain(fn) +} + +func (p *defaultSpinnerPrinter) asyncPretty(fn func(ch async.EventChannel) error) error { + var ( + updateChan = make(async.EventChannel, 10) + doneChan = make(chan error, 1) + ) + + go func() { + err := fn(updateChan) + close(updateChan) + doneChan <- err + }() + multi := &MultiSpinner{ + out: p.out, + } + multi.Start() + + for update := range updateChan { + switch update.Status { + case async.EventStatusStarted: + multi.Add(update.Text) + case async.EventStatusSuccess: + multi.Success(update.Text) + case async.EventStatusFailure: + multi.Fail(update.Text) + } + } + err := <-doneChan + + multi.Stop() + return err +} + +func (p *defaultSpinnerPrinter) asyncPlain(fn func(ch async.EventChannel) error) error { + var ( + updateChan = make(async.EventChannel, 10) + doneChan = make(chan error, 1) + ) + + go func() { + err := fn(updateChan) + close(updateChan) + doneChan <- err + }() + + statusMap := make(map[string]string) + printed := make(map[string]bool) + + for update := range updateChan { + prevStatus := statusMap[update.Text] + switch update.Status { + case async.EventStatusStarted: + if !printed[update.Text] { + _, _ = fmt.Fprintln(p.out, update.Text+"...") + printed[update.Text] = true + statusMap[update.Text] = "started" + } + case async.EventStatusSuccess: + if prevStatus != "success" { + _, _ = fmt.Fprintln(p.out, "✓ "+update.Text) + statusMap[update.Text] = "success" + } + case async.EventStatusFailure: + if prevStatus != "failure" { + _, _ = fmt.Fprintln(p.out, "✗ "+update.Text) + statusMap[update.Text] = "failure" + } + } + } + + return <-doneChan +} + +// MultiSpinner is a collection of independent spinners that get displayed +// together. Spinners can be dynamically added. +type MultiSpinner struct { + spinners []*SuccessSpinner + mu sync.Mutex + program *tea.Program + out io.Writer +} + +type tickMsg time.Time + +func tick(t time.Time) tea.Msg { + return tickMsg(t) +} + +// Init satisfies tea.Model. +func (m *MultiSpinner) Init() tea.Cmd { + return tea.Tick(bspinner.Dot.FPS, tick) +} + +// Update satisfies tea.Model. +func (m *MultiSpinner) Update(msg tea.Msg) (tea.Model, tea.Cmd) { + m.mu.Lock() + defer m.mu.Unlock() + + if _, ok := msg.(tickMsg); !ok { + return m, nil + } + + for _, sp := range m.spinners { + _, _ = sp.Update(msg) + } + + return m, tea.Tick(bspinner.Dot.FPS, tick) +} + +// View satisfies tea.Model. +func (m *MultiSpinner) View() string { + m.mu.Lock() + defer m.mu.Unlock() + + views := make([]string, len(m.spinners)) + for i, sp := range m.spinners { + views[i] = sp.View() + } + + return strings.Join(views, "\n") + "\n" +} + +// Add adds a spinner to the multi-spinner. +func (m *MultiSpinner) Add(title string) { + m.mu.Lock() + defer m.mu.Unlock() + + for _, sp := range m.spinners { + if sp.title == title { + return + } + } + + m.spinners = append(m.spinners, newSuccessSpinner(m.out, title)) +} + +// Success marks an existing spinner in the multi-spinner as having succeeded. +func (m *MultiSpinner) Success(title string) { + m.mu.Lock() + defer m.mu.Unlock() + + for _, sp := range m.spinners { + if sp.title != title { + continue + } + sp.setSuccess(true) + return + } +} + +// Fail marks an existing spinner in the multi-spinner as having failed. +func (m *MultiSpinner) Fail(title string) { + m.mu.Lock() + defer m.mu.Unlock() + + for _, sp := range m.spinners { + if sp.title != title { + continue + } + sp.setSuccess(false) + return + } +} + +// Start starts the spinners. +func (m *MultiSpinner) Start() { + m.program = tea.NewProgram(m, + tea.WithInput(nil), + tea.WithoutSignalHandler(), + tea.WithOutput(m.out), + ) + + go runProgramWithSignalHandler(m.program) +} + +func runProgramWithSignalHandler(p *tea.Program) { + sigCh := make(chan os.Signal, 1) + signal.Notify(sigCh, os.Interrupt, syscall.SIGTERM) + defer func() { + signal.Stop(sigCh) + close(sigCh) + }() + go func() { + _, ok := <-sigCh + if ok { + _ = p.ReleaseTerminal() + os.Exit(130) + } + }() + + _, _ = p.Run() +} + +// Stop stops the spinners. +func (m *MultiSpinner) Stop() { + if m.program == nil { + return + } + + m.program.Send(tick(time.Now())) + m.program.Quit() + m.program.Wait() +} + +// SuccessSpinner is a spinner that can be marked as successful or failed and +// updates its view accordingly. It is used by MultiSpinner, but can also be +// used as a standalone spinner. +type SuccessSpinner struct { + title string + out io.Writer + + success *bool + spinner bspinner.Model + log []string + mu sync.Mutex + + program *tea.Program +} + +func newSuccessSpinner(w io.Writer, msg string) *SuccessSpinner { + return &SuccessSpinner{ + title: msg, + out: w, + spinner: bspinner.New( + bspinner.WithSpinner(bspinner.Dot), + bspinner.WithStyle(accentStyle), + ), + } +} + +// Init satisfies tea.Model. +func (ss *SuccessSpinner) Init() tea.Cmd { + return tea.Tick(bspinner.Dot.FPS, tick) +} + +// Update satisfies tea.Model. +func (ss *SuccessSpinner) Update(msg tea.Msg) (tea.Model, tea.Cmd) { + ss.mu.Lock() + defer ss.mu.Unlock() + + if _, ok := msg.(tickMsg); !ok { + return ss, nil + } + ss.spinner, _ = ss.spinner.Update(ss.spinner.Tick()) + + return ss, tea.Tick(bspinner.Dot.FPS, tick) +} + +// View satisfies tea.Model. +func (ss *SuccessSpinner) View() string { + ss.mu.Lock() + defer ss.mu.Unlock() + + ind := ss.spinner.View() + if ss.success != nil { + ind = accentStyle.Render("✓") + if !*ss.success { + ind = accentStyle.Render("✗") + } + } + + view := fmt.Sprintf("%s %s", ind, ss.title) + if len(ss.log) > 0 { + view += "\n" + strings.Join(ss.log, "\n") + "\n" + } + + return view +} + +// UpdateText updates the spinner's text. +func (ss *SuccessSpinner) UpdateText(msg string) { + ss.mu.Lock() + defer ss.mu.Unlock() + + ss.title = msg +} + +// Success marks the spinner as having succeeded. +func (ss *SuccessSpinner) Success() { + ss.setSuccess(true) + ss.stop() +} + +// Fail marks the spinner as having failed. +func (ss *SuccessSpinner) Fail() { + ss.setSuccess(false) + ss.stop() +} + +func (ss *SuccessSpinner) setSuccess(v bool) { + ss.mu.Lock() + defer ss.mu.Unlock() + ss.success = &v +} + +// Logf adds a formatted message to the log printed under the spinner. +func (ss *SuccessSpinner) Logf(format string, args ...any) { + ss.mu.Lock() + defer ss.mu.Unlock() + + ss.log = append(ss.log, fmt.Sprintf("ℹ️ "+format, args...)) +} + +// Start starts the spinner. +func (ss *SuccessSpinner) Start() { + ss.program = tea.NewProgram(ss, + tea.WithOutput(ss.out), + tea.WithInput(nil), + tea.WithoutSignalHandler(), + ) + + go runProgramWithSignalHandler(ss.program) +} + +func (ss *SuccessSpinner) stop() { + if ss.program == nil { + return + } + + ss.program.Send(tick(time.Now())) + ss.program.Quit() + ss.program.Wait() + + _, _ = fmt.Fprintln(ss.out, ss.View()) +} diff --git a/internal/xpkg/client.go b/internal/xpkg/client.go new file mode 100644 index 0000000..9001b5e --- /dev/null +++ b/internal/xpkg/client.go @@ -0,0 +1,108 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package xpkg + +import ( + "github.com/spf13/afero" + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/signature" + + pkgv1beta1 "github.com/crossplane/crossplane/apis/v2/pkg/v1beta1" +) + +type options struct { + cacheFs afero.Fs + cacheDir string + imageConfigs []pkgv1beta1.ImageConfig +} + +// ClientOption configures a new client. +type ClientOption func(*options) + +// WithCacheDir configures the cache filesystem and directory for the client. If +// not provided, a non-caching client will be returned. +func WithCacheDir(fs afero.Fs, path string) ClientOption { + return func(o *options) { + o.cacheFs = fs + o.cacheDir = path + } +} + +// WithImageConfigs injects image configs for the client. +func WithImageConfigs(ics []pkgv1beta1.ImageConfig) ClientOption { + return func(o *options) { + o.imageConfigs = ics + } +} + +// NewClient assembles an xpkg.Client. +func NewClient(fetcher xpkg.Fetcher, opts ...ClientOption) (xpkg.Client, error) { + o := &options{} + for _, opt := range opts { + opt(o) + } + + metaScheme, err := xpkg.BuildMetaScheme() + if err != nil { + return nil, errors.Wrap(err, "cannot build package meta scheme") + } + objScheme, err := xpkg.BuildObjectScheme() + if err != nil { + return nil, errors.Wrap(err, "cannot build package object scheme") + } + + var cache xpkg.PackageCache = xpkg.NewNopCache() + if o.cacheDir != "" { + if err := o.cacheFs.MkdirAll(o.cacheDir, 0o755); err != nil { + return nil, errors.Wrapf(err, "cannot create xpkg cache directory %s", o.cacheDir) + } + cache = xpkg.NewFsPackageCache(o.cacheDir, o.cacheFs) + } + + client := xpkg.NewCachedClient( + fetcher, + parser.New(metaScheme, objScheme), + cache, + NewStaticImageConfigStore(o.imageConfigs), + signature.NopValidator{}, + ) + + return client, nil +} + +// NewStaticImageConfigStore returns an xpkg.ConfigStore that uses the given set +// of ImageConfigs. +func NewStaticImageConfigStore(imageConfigs []pkgv1beta1.ImageConfig) xpkg.ConfigStore { + objs := make([]client.Object, len(imageConfigs)) + for i := range imageConfigs { + objs[i] = &imageConfigs[i] + } + sc := runtime.NewScheme() + _ = pkgv1beta1.AddToScheme(sc) + configClient := fake.NewClientBuilder(). + WithScheme(sc). + WithObjects(objs...). + Build() + + return xpkg.NewImageConfigStore(configClient, "") +} diff --git a/internal/xpkg/doc.go b/internal/xpkg/doc.go new file mode 100644 index 0000000..9405348 --- /dev/null +++ b/internal/xpkg/doc.go @@ -0,0 +1,19 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package xpkg contains CLI-specific functionality for working with Crossplane +// packages. +package xpkg diff --git a/internal/xpkg/fetcher.go b/internal/xpkg/fetcher.go new file mode 100644 index 0000000..cacf0f6 --- /dev/null +++ b/internal/xpkg/fetcher.go @@ -0,0 +1,106 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package xpkg + +import ( + "context" + "net/http" + + "github.com/google/go-containerregistry/pkg/authn" + "github.com/google/go-containerregistry/pkg/name" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/remote" +) + +// RemoteFetcher implements a local (non-Kubernetes) xpkg.Fetcher. Pull secret +// arguments are accepted but ignored since there is no Kubernetes API to +// resolve them against in the CLI context. +type RemoteFetcher struct { + keychain authn.Keychain + transport http.RoundTripper + userAgent string +} + +// RemoteFetcherOption configures a RemoteFetcher. +type RemoteFetcherOption func(*RemoteFetcher) + +// WithKeychain sets the authn.Keychain used to authenticate registry +// requests. Defaults to authn.DefaultKeychain. +func WithKeychain(k authn.Keychain) RemoteFetcherOption { + return func(f *RemoteFetcher) { f.keychain = k } +} + +// WithUserAgent sets the User-Agent header sent on registry requests. +func WithUserAgent(ua string) RemoteFetcherOption { + return func(f *RemoteFetcher) { f.userAgent = ua } +} + +// WithTransport sets the http.RoundTripper used for registry requests. +// Defaults to remote.DefaultTransport. +func WithTransport(t http.RoundTripper) RemoteFetcherOption { + return func(f *RemoteFetcher) { f.transport = t } +} + +// NewRemoteFetcher returns a RemoteFetcher with the given options applied. +func NewRemoteFetcher(opts ...RemoteFetcherOption) *RemoteFetcher { + f := &RemoteFetcher{ + keychain: authn.DefaultKeychain, + transport: remote.DefaultTransport, + } + for _, o := range opts { + o(f) + } + return f +} + +// Fetch retrieves a package image from the registry. +func (f *RemoteFetcher) Fetch(ctx context.Context, ref name.Reference, _ ...string) (v1.Image, error) { + return remote.Image(ref, f.commonOpts(ctx)...) +} + +// Head retrieves an image descriptor, falling back to a GET if the registry +// rejects HEAD. +func (f *RemoteFetcher) Head(ctx context.Context, ref name.Reference, _ ...string) (*v1.Descriptor, error) { + d, err := remote.Head(ref, f.commonOpts(ctx)...) + if err == nil && d != nil { + return d, nil + } + + rd, gerr := remote.Get(ref, f.commonOpts(ctx)...) + if gerr != nil { + if err != nil { + return nil, err + } + return nil, gerr + } + + return &rd.Descriptor, nil +} + +// Tags lists tags for a package source. +func (f *RemoteFetcher) Tags(ctx context.Context, ref name.Reference, _ ...string) ([]string, error) { + return remote.List(ref.Context(), f.commonOpts(ctx)...) +} + +func (f *RemoteFetcher) commonOpts(ctx context.Context) []remote.Option { + return []remote.Option{ + remote.WithAuthFromKeychain(f.keychain), + remote.WithTransport(f.transport), + remote.WithContext(ctx), + remote.WithUserAgent(f.userAgent), + } +} diff --git a/internal/xpkg/metadata.go b/internal/xpkg/metadata.go new file mode 100644 index 0000000..c42b322 --- /dev/null +++ b/internal/xpkg/metadata.go @@ -0,0 +1,63 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package xpkg + +import ( + "fmt" + + "github.com/spf13/afero" + apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + apiextv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/yaml" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser" +) + +// CRDFilesystem writes each CRD object in the package to a separate +// YAML file in an in-memory filesystem. Files are named +// ..yaml so the schema generator sees per-CRD inputs. +// Non-CRD objects in the package are skipped. +func CRDFilesystem(pkg *parser.Package) (afero.Fs, error) { + fs := afero.NewMemMapFs() + for _, obj := range pkg.GetObjects() { + name, ok := crdFilename(obj) + if !ok { + continue + } + bs, err := yaml.Marshal(obj) + if err != nil { + return nil, errors.Wrapf(err, "cannot marshal CRD %s", name) + } + if err := afero.WriteFile(fs, name, bs, 0o644); err != nil { + return nil, errors.Wrapf(err, "cannot write CRD %s", name) + } + } + return fs, nil +} + +func crdFilename(obj runtime.Object) (string, bool) { + switch c := obj.(type) { + case *apiextv1.CustomResourceDefinition: + return fmt.Sprintf("%s.%s.yaml", c.Spec.Names.Plural, c.Spec.Group), true + case *apiextv1beta1.CustomResourceDefinition: + return fmt.Sprintf("%s.%s.yaml", c.Spec.Names.Plural, c.Spec.Group), true + default: + return "", false + } +} diff --git a/internal/xpkg/resolver.go b/internal/xpkg/resolver.go new file mode 100644 index 0000000..0dbf666 --- /dev/null +++ b/internal/xpkg/resolver.go @@ -0,0 +1,117 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package xpkg + +import ( + "context" + "sort" + "strings" + + "github.com/Masterminds/semver/v3" + "github.com/google/go-containerregistry/pkg/name" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg" +) + +// Resolver translates a CLI-style package reference into a fully qualified OCI +// ref, returning the resolved semantic version or tag where applicable. +// +// It handles four shapes: +// +// - pkg@digest → returned unchanged, version="" +// - pkg: → returned unchanged, version= +// - pkg: → tags listed via ListVersions, highest match wins +// +// Opaque (non-semver, non-constraint) tags are returned unchanged with +// version=tag. +type Resolver struct { + client xpkg.Client +} + +// NewResolver returns a Resolver backed by client. +func NewResolver(client xpkg.Client) *Resolver { + return &Resolver{client: client} +} + +// Resolve returns the resolved reference and the exact version tag extracted +// from it (empty for digest refs and bare sources). +func (r *Resolver) Resolve(ctx context.Context, ref string) (name.Reference, string, error) { + // If the ref is specified by digest it doesn't need to be resolved. Return + // it verbatim. + if dgst, err := name.NewDigest(ref, name.StrictValidation); err == nil { + return dgst, "", nil + } + + // The registry part of a ref can contain a colon (for a port number), so + // look for the *last* colon, which should separate the repository from the + // tag. + parts := strings.Split(ref, ":") + if len(parts) < 2 { + return nil, "", errors.Errorf("ref %s is missing a version", ref) + } + + tagOrConstraint := parts[len(parts)-1] + repo, err := name.NewRepository(strings.Join(parts[:len(parts)-1], ":"), name.StrictValidation) + if err != nil { + return nil, "", errors.Wrapf(err, "ref %s has an invalid repository", ref) + } + + sc, err := semver.NewConstraint(tagOrConstraint) + if err != nil { + // Not a constraint - treat as an opaque tag. + tag, err := name.NewTag(ref, name.StrictValidation) + if err != nil { + return nil, "", errors.Wrapf(err, "invalid ref %s", ref) + } + return tag, tag.TagStr(), nil + } + + tags, err := r.client.ListVersions(ctx, repo.Name()) + if err != nil { + return nil, "", errors.Wrapf(err, "cannot list versions for %s", repo) + } + v := highestSatisfying(tags, sc) + if v == "" { + return nil, "", errors.Errorf("cannot find version to satisfy constraint %s", sc) + } + + return repo.Tag(v), v, nil +} + +// highestSatisfying returns the original-form string of the highest +// version in tags that satisfies c, or "" if none matches. +func highestSatisfying(tags []string, c *semver.Constraints) string { + vs := make(semver.Collection, 0, len(tags)) + for _, t := range tags { + v, err := semver.NewVersion(t) + if err != nil { + continue + } + vs = append(vs, v) + } + + sort.Sort(sort.Reverse(vs)) + + for _, v := range vs { + if c.Check(v) { + return v.Original() + } + } + + return "" +} diff --git a/internal/xpkg/resolver_test.go b/internal/xpkg/resolver_test.go new file mode 100644 index 0000000..bccb90b --- /dev/null +++ b/internal/xpkg/resolver_test.go @@ -0,0 +1,151 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package xpkg + +import ( + "context" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + "github.com/google/go-containerregistry/pkg/name" + + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg" +) + +// fakeClient is a fake xpkg.Client whose ListVersions returns a fixed +// list of tags and whose Get is unused by the resolver. +type fakeClient struct { + tags []string + listErr error +} + +func (f *fakeClient) Get(_ context.Context, _ string, _ ...xpkg.GetOption) (*xpkg.Package, error) { + return nil, nil +} + +func (f *fakeClient) ListVersions(_ context.Context, _ string, _ ...xpkg.GetOption) ([]string, error) { + if f.listErr != nil { + return nil, f.listErr + } + return f.tags, nil +} + +func TestResolver_Resolve(t *testing.T) { + tags := []string{"v1.0.0", "v1.1.0", "v2.0.0", "latest", "invalid"} + + type args struct { + ref string + tags []string + } + + type want struct { + ref name.Reference + version string + err error + } + + tests := map[string]struct { + args args + want want + }{ + "DigestRef": { + args: args{ + ref: "pkg.example/foo@sha256:5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03", + }, + want: want{ + ref: name.MustParseReference("pkg.example/foo@sha256:5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03"), + }, + }, + "ExactSemver": { + args: args{ + ref: "pkg.example/foo:v1.0.0", + tags: tags, + }, + want: want{ + ref: name.MustParseReference("pkg.example/foo:v1.0.0"), + version: "v1.0.0", + }, + }, + "OpaqueTag": { + args: args{ + ref: "pkg.example/foo:latest", + }, + want: want{ + ref: name.MustParseReference("pkg.example/foo:latest"), + version: "latest", + }, + }, + "ConstraintRange": { + args: args{ + ref: "pkg.example/foo:>=v1.0.0, =v3.0.0", + tags: tags, + }, + want: want{ + err: cmpopts.AnyError, + }, + }, + } + + for tname, tc := range tests { + t.Run(tname, func(t *testing.T) { + r := NewResolver(&fakeClient{tags: tc.args.tags}) + gotRef, gotVer, err := r.Resolve(context.Background(), tc.args.ref) + if diff := cmp.Diff(tc.want.err, err, cmpopts.EquateErrors()); diff != "" { + t.Errorf("Resolve(...), -want error, +got error:\n%s", diff) + } + + // The name types have some embedded unexported fields that aren't + // comparable, so we have to ignore them. + ignoreUnexported := cmpopts.IgnoreUnexported(name.Registry{}, name.Repository{}, name.Tag{}, name.Digest{}) + if diff := cmp.Diff(tc.want.ref, gotRef, ignoreUnexported); diff != "" { + t.Errorf("Resolve(...), -want ref +got ref:\n%s", diff) + } + if diff := cmp.Diff(tc.want.version, gotVer); diff != "" { + t.Errorf("Resolve(...), -want verfsion +got versfion:\n%s", diff) + } + }) + } +} diff --git a/internal/xrd/infer.go b/internal/xrd/infer.go new file mode 100644 index 0000000..f14b964 --- /dev/null +++ b/internal/xrd/infer.go @@ -0,0 +1,132 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package xrd contains utilities for working with CompositeResourceDefinitions. +package xrd + +import ( + "fmt" + "maps" + + extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" +) + +// InferProperties infers JSON schema properties from a map of values. +func InferProperties(spec map[string]any) (map[string]extv1.JSONSchemaProps, error) { + properties := make(map[string]extv1.JSONSchemaProps) + + for key, value := range spec { + strKey := fmt.Sprintf("%v", key) + inferredProp, err := inferProperty(value) + if err != nil { + return nil, errors.Wrapf(err, "error inferring property for key '%s'", strKey) + } + properties[strKey] = inferredProp + } + + return properties, nil +} + +// inferArrayProperty handles array type inference with property merging for objects. +func inferArrayProperty(v []any) (extv1.JSONSchemaProps, error) { + if len(v) == 0 { + return extv1.JSONSchemaProps{ + Type: "array", + Items: &extv1.JSONSchemaPropsOrArray{ + Schema: &extv1.JSONSchemaProps{ + Type: "object", + }, + }, + }, nil + } + + firstElemSchema, err := inferProperty(v[0]) + if err != nil { + return extv1.JSONSchemaProps{}, err + } + + mergedProperties := make(map[string]extv1.JSONSchemaProps) + if firstElemSchema.Type == "object" { + maps.Copy(mergedProperties, firstElemSchema.Properties) + } + + for _, elem := range v { + elemSchema, err := inferProperty(elem) + if err != nil { + return extv1.JSONSchemaProps{}, err + } + if elemSchema.Type != firstElemSchema.Type { + return extv1.JSONSchemaProps{}, errors.New("mixed types detected in array") + } + if elemSchema.Type == "object" { + maps.Copy(mergedProperties, elemSchema.Properties) + } + } + + resultSchema := firstElemSchema + if firstElemSchema.Type == "object" && len(mergedProperties) > 0 { + resultSchema.Properties = mergedProperties + } + + return extv1.JSONSchemaProps{ + Type: "array", + Items: &extv1.JSONSchemaPropsOrArray{ + Schema: &resultSchema, + }, + }, nil +} + +func inferProperty(value any) (extv1.JSONSchemaProps, error) { + if value == nil { + return extv1.JSONSchemaProps{ + Type: "string", + }, nil + } + + switch v := value.(type) { + case string: + return extv1.JSONSchemaProps{ + Type: "string", + }, nil + case int, int32, int64: + return extv1.JSONSchemaProps{ + Type: "integer", + }, nil + case float32, float64: + return extv1.JSONSchemaProps{ + Type: "number", + }, nil + case bool: + return extv1.JSONSchemaProps{ + Type: "boolean", + }, nil + case map[string]any: + inferredProps, err := InferProperties(v) + if err != nil { + return extv1.JSONSchemaProps{}, errors.Wrap(err, "error inferring properties for object") + } + return extv1.JSONSchemaProps{ + Type: "object", + Properties: inferredProps, + }, nil + case []any: + return inferArrayProperty(v) + default: + return extv1.JSONSchemaProps{}, errors.Errorf("unknown type: %T", value) + } +} diff --git a/internal/xrd/infer_test.go b/internal/xrd/infer_test.go new file mode 100644 index 0000000..900b8b0 --- /dev/null +++ b/internal/xrd/infer_test.go @@ -0,0 +1,247 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package xrd + +import ( + "testing" + + "github.com/google/go-cmp/cmp" + extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" +) + +func TestInferProperty(t *testing.T) { + type want struct { + output extv1.JSONSchemaProps + err error + } + + cases := map[string]struct { + input any + want want + }{ + "StringType": { + input: "hello", + want: want{ + output: extv1.JSONSchemaProps{Type: "string"}, + }, + }, + "IntegerType": { + input: 42, + want: want{ + output: extv1.JSONSchemaProps{Type: "integer"}, + }, + }, + "FloatType": { + input: 3.14, + want: want{ + output: extv1.JSONSchemaProps{Type: "number"}, + }, + }, + "BooleanType": { + input: true, + want: want{ + output: extv1.JSONSchemaProps{Type: "boolean"}, + }, + }, + "ObjectType": { + input: map[string]any{ + "key": "value", + }, + want: want{ + output: extv1.JSONSchemaProps{ + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "key": {Type: "string"}, + }, + }, + }, + }, + "ArrayTypeWithElements": { + input: []any{"one", "two"}, + want: want{ + output: extv1.JSONSchemaProps{ + Type: "array", + Items: &extv1.JSONSchemaPropsOrArray{ + Schema: &extv1.JSONSchemaProps{Type: "string"}, + }, + }, + }, + }, + "ArrayTypeEmpty": { + input: []any{}, + want: want{ + output: extv1.JSONSchemaProps{ + Type: "array", + Items: &extv1.JSONSchemaPropsOrArray{ + Schema: &extv1.JSONSchemaProps{Type: "object"}, + }, + }, + }, + }, + "NilValue": { + input: nil, + want: want{ + output: extv1.JSONSchemaProps{Type: "string"}, + }, + }, + "ArrayWithMixedTypes": { + input: []any{1, "2", true}, + want: want{ + output: extv1.JSONSchemaProps{}, + err: errors.New("mixed types detected in array"), + }, + }, + "ArrayOfObjectsWithOptionalFields": { + input: []any{ + map[string]any{ + "name": "aks-subnet", + "cidr": "10.0.1.0/24", + "serviceEndpoints": []any{"Microsoft.ContainerRegistry"}, + }, + map[string]any{ + "name": "database-subnet", + "cidr": "10.0.2.0/24", + "delegation": "Microsoft.DBforMySQL/flexibleServers", + "serviceEndpoints": []any{"Microsoft.Storage"}, + }, + }, + want: want{ + output: extv1.JSONSchemaProps{ + Type: "array", + Items: &extv1.JSONSchemaPropsOrArray{ + Schema: &extv1.JSONSchemaProps{ + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "name": {Type: "string"}, + "cidr": {Type: "string"}, + "serviceEndpoints": { + Type: "array", + Items: &extv1.JSONSchemaPropsOrArray{ + Schema: &extv1.JSONSchemaProps{Type: "string"}, + }, + }, + "delegation": {Type: "string"}, + }, + }, + }, + }, + }, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + got, err := inferProperty(tc.input) + + if err != nil || tc.want.err != nil { + if err == nil || tc.want.err == nil || err.Error() != tc.want.err.Error() { + t.Errorf("inferProperty() error = %v, wantErr %v", err, tc.want.err) + } + return + } + + if diff := cmp.Diff(got, tc.want.output); diff != "" { + t.Errorf("inferProperty() -got, +want:\n%s", diff) + } + }) + } +} + +func TestInferProperties(t *testing.T) { + type want struct { + output map[string]extv1.JSONSchemaProps + err error + } + + cases := map[string]struct { + input map[string]any + want want + }{ + "SimpleObject": { + input: map[string]any{ + "key1": "value1", + "key2": 42, + }, + want: want{ + output: map[string]extv1.JSONSchemaProps{ + "key1": {Type: "string"}, + "key2": {Type: "integer"}, + }, + }, + }, + "NestedObject": { + input: map[string]any{ + "nested": map[string]any{ + "key": true, + }, + }, + want: want{ + output: map[string]extv1.JSONSchemaProps{ + "nested": { + Type: "object", + Properties: map[string]extv1.JSONSchemaProps{ + "key": {Type: "boolean"}, + }, + }, + }, + }, + }, + "ArrayInObject": { + input: map[string]any{ + "array": []any{"a", "b"}, + }, + want: want{ + output: map[string]extv1.JSONSchemaProps{ + "array": { + Type: "array", + Items: &extv1.JSONSchemaPropsOrArray{ + Schema: &extv1.JSONSchemaProps{Type: "string"}, + }, + }, + }, + }, + }, + "ObjectWithMixedArray": { + input: map[string]any{ + "array": []any{1, "2"}, + }, + want: want{ + output: nil, + err: errors.New("error inferring property for key 'array': mixed types detected in array"), + }, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + got, err := InferProperties(tc.input) + + if err != nil || tc.want.err != nil { + if err == nil || tc.want.err == nil || err.Error() != tc.want.err.Error() { + t.Errorf("InferProperties() error = %v, wantErr %v", err, tc.want.err) + } + return + } + + if diff := cmp.Diff(got, tc.want.output); diff != "" { + t.Errorf("InferProperties() -got, +want:\n%s", diff) + } + }) + } +} From 6b7fc37adc67064946d79f9e73f29ccf0ba70d26 Mon Sep 17 00:00:00 2001 From: Adam Wolfe Gordon Date: Tue, 12 May 2026 11:46:55 -0600 Subject: [PATCH 3/3] render: Support projects with embedded functions When running render in a project directory, allow the functions argument to be omitted, resolving external functions based on the project's dependencies and building embedded functions. Signed-off-by: Adam Wolfe Gordon --- cmd/crossplane/render/op/cmd.go | 114 +++++++++++++++++++- cmd/crossplane/render/op/cmd_test.go | 17 ++- cmd/crossplane/render/xr/cmd.go | 126 ++++++++++++++++++++-- cmd/crossplane/render/xr/cmd_test.go | 18 +++- gomod2nix.toml | 2 +- internal/project/render.go | 152 +++++++++++++++++++++++++++ 6 files changed, 410 insertions(+), 19 deletions(-) create mode 100644 internal/project/render.go diff --git a/cmd/crossplane/render/op/cmd.go b/cmd/crossplane/render/op/cmd.go index 6abc564..cf6f4b1 100644 --- a/cmd/crossplane/render/op/cmd.go +++ b/cmd/crossplane/render/op/cmd.go @@ -20,6 +20,8 @@ package op import ( "context" "fmt" + "os" + "path/filepath" "time" "github.com/alecthomas/kong" @@ -33,9 +35,20 @@ import ( "github.com/crossplane/crossplane-runtime/v2/pkg/logging" opsv1alpha1 "github.com/crossplane/crossplane/apis/v2/ops/v1alpha1" + pkgv1 "github.com/crossplane/crossplane/apis/v2/pkg/v1" "github.com/crossplane/cli/v2/cmd/crossplane/render" "github.com/crossplane/cli/v2/cmd/crossplane/render/contextfn" + "github.com/crossplane/cli/v2/internal/async" + "github.com/crossplane/cli/v2/internal/dependency" + "github.com/crossplane/cli/v2/internal/project" + "github.com/crossplane/cli/v2/internal/project/functions" + "github.com/crossplane/cli/v2/internal/project/projectfile" + "github.com/crossplane/cli/v2/internal/schemas/generator" + "github.com/crossplane/cli/v2/internal/schemas/manager" + "github.com/crossplane/cli/v2/internal/schemas/runner" + "github.com/crossplane/cli/v2/internal/terminal" + clixpkg "github.com/crossplane/cli/v2/internal/xpkg" ) // Cmd arguments and flags for alpha render op subcommand. @@ -43,8 +56,8 @@ type Cmd struct { render.EngineFlags `prefix:""` // Arguments. - Operation string `arg:"" help:"A YAML file specifying the Operation to render." predictor:"yaml_file" type:"existingfile"` - Functions string `arg:"" help:"A YAML file or directory of YAML files specifying the operation functions to use to render the Operation." predictor:"yaml_file_or_directory" type:"path"` + Operation string `arg:"" help:"A YAML file specifying the Operation to render." predictor:"yaml_file" type:"existingfile"` + Functions string `arg:"" help:"A YAML file or directory of YAML files specifying the operation functions to use to render the Operation. May be omitted when running in a project." optional:"" predictor:"yaml_file_or_directory" type:"path"` // Flags. Keep them in alphabetical order. ContextFiles map[string]string `help:"Comma-separated context key-value pairs to pass to the function pipeline. Values must be files containing JSON." mapsep:"" predictor:"file"` @@ -58,7 +71,10 @@ type Cmd struct { RequiredSchemas string `help:"A directory of JSON files specifying OpenAPI schemas to pass to the function pipeline." placeholder:"DIR" predictor:"directory" type:"path"` WatchedResource string `help:"A YAML file specifying the watched resource for WatchOperation rendering. The resource is also added to required resources." placeholder:"PATH" predictor:"yaml_file" short:"w" type:"existingfile"` - Timeout time.Duration `default:"1m" help:"How long to run before timing out."` + CacheDir string `env:"CROSSPLANE_XPKG_CACHE" help:"Directory for cached xpkg package contents." name:"cache-dir"` + MaxConcurrency uint `default:"8" help:"Maximum concurrency for building embedded functions."` + ProjectFile string `default:"crossplane-project.yaml" help:"Path to the project file. Optional." optional:"" predictor:"yaml_file" short:"f" type:"path"` + Timeout time.Duration `default:"1m" help:"How long to run before timing out."` fs afero.Fs @@ -167,7 +183,7 @@ func (c *Cmd) AfterApply() error { } // Run alpha render op. -func (c *Cmd) Run(k *kong.Context, log logging.Logger) error { //nolint:gocognit // Orchestration is inherently complex. +func (c *Cmd) Run(k *kong.Context, log logging.Logger, sp terminal.SpinnerPrinter) error { //nolint:gocognit // Orchestration is inherently complex. ctx, cancel := context.WithTimeout(context.Background(), c.Timeout) defer cancel() @@ -214,7 +230,7 @@ func (c *Cmd) Run(k *kong.Context, log logging.Logger) error { //nolint:gocognit } // Load functions - fns, err := render.LoadFunctions(c.fs, c.Functions) + fns, err := c.loadFunctions(ctx, log, sp) if err != nil { return err } @@ -368,3 +384,91 @@ func (c *Cmd) Run(k *kong.Context, log logging.Logger) error { //nolint:gocognit return nil } + +func (c *Cmd) loadFunctions(ctx context.Context, log logging.Logger, sp terminal.SpinnerPrinter) ([]pkgv1.Function, error) { + if c.Functions != "" { + fns, err := render.LoadFunctions(c.fs, c.Functions) + if err != nil { + return nil, errors.Wrapf(err, "cannot load functions from %q", c.Functions) + } + return fns, nil + } + + projFilePath, err := filepath.Abs(c.ProjectFile) + if err != nil { + return nil, errors.Wrap(err, "cannot determine project file path") + } + projDir := filepath.Dir(projFilePath) + + if _, err := os.Stat(projFilePath); err != nil { + return nil, errors.New("functions argument is required when not in a project") + } + + log.Debug("Loading functions from project", "project-file", projFilePath) + + projFS := afero.NewBasePathFs(afero.NewOsFs(), projDir) + proj, err := projectfile.Parse(projFS, filepath.Base(projFilePath)) + if err != nil { + return nil, errors.Wrapf(err, "cannot parse project file %q", projFilePath) + } + + cacheDir := c.CacheDir + if cacheDir == "" { + cacheDir = dependency.DefaultCacheDir() + } + + xpkgClient, err := clixpkg.NewClient( + clixpkg.NewRemoteFetcher(), + clixpkg.WithCacheDir(afero.NewOsFs(), cacheDir), + clixpkg.WithImageConfigs(proj.Spec.ImageConfigs), + ) + if err != nil { + return nil, errors.Wrap(err, "cannot create xpkg client") + } + resolver := clixpkg.NewResolver(xpkgClient) + + depMgr := dependency.NewManager(proj, projFS, + dependency.WithProjectFile(filepath.Base(projFilePath)), + dependency.WithXpkgClient(xpkgClient), + dependency.WithResolver(resolver), + ) + + var fns []pkgv1.Function + if err := sp.WrapWithSuccessSpinner("Resolving function dependencies", func() error { + var err error + fns, err = project.LoadFunctionDependencies(depMgr, proj) + return err + }); err != nil { + return nil, errors.Wrap(err, "cannot load project functions") + } + + if err := sp.WrapAsyncWithSuccessSpinners(func(ch async.EventChannel) error { + schemasFS := afero.NewBasePathFs(projFS, proj.Spec.Paths.Schemas) + generators := generator.AllLanguages() + schemaRunner := runner.NewRealSchemaRunner(runner.WithImageConfig(proj.Spec.ImageConfigs)) + schemaMgr := manager.New(schemasFS, generators, schemaRunner) + + b := project.NewBuilder( + project.BuildWithMaxConcurrency(c.MaxConcurrency), + project.BuildWithFunctionIdentifier(functions.DefaultIdentifier), + project.BuildWithSchemaManager(schemaMgr), + project.BuildWithDependencyManager(depMgr), + ) + + imgMap, err := b.Build(ctx, proj, projFS, + project.BuildWithLogger(log), + project.BuildWithEventChannel(ch), + ) + if err != nil { + return err + } + + embeddedFns, err := project.EmbeddedFunctionsToDaemon(ctx, imgMap) + fns = append(fns, embeddedFns...) + return err + }); err != nil { + return nil, errors.Wrap(err, "cannot build embedded functions") + } + + return fns, nil +} diff --git a/cmd/crossplane/render/op/cmd_test.go b/cmd/crossplane/render/op/cmd_test.go index 880286d..f17ec0c 100644 --- a/cmd/crossplane/render/op/cmd_test.go +++ b/cmd/crossplane/render/op/cmd_test.go @@ -36,6 +36,7 @@ import ( pkgv1 "github.com/crossplane/crossplane/apis/v2/pkg/v1" "github.com/crossplane/cli/v2/cmd/crossplane/render" + "github.com/crossplane/cli/v2/internal/terminal" renderv1alpha1 "github.com/crossplane/cli/v2/proto/render/v1alpha1" _ "embed" @@ -155,6 +156,20 @@ func TestCmdRun(t *testing.T) { }, want: want{err: cmpopts.AnyError}, }, + "MissingFunctionsArgNoProject": { + reason: "Omitting the Functions arg without a project file should return a clear error.", + args: args{ + cmd: Cmd{ + Operation: "operation.yaml", + // Functions intentionally empty. + ProjectFile: "/nonexistent/path/crossplane-project.yaml", + Timeout: time.Minute, + fs: newTestFS(nil), + newEngine: newEngineFunc(&render.MockEngine{}), + }, + }, + want: want{err: cmpopts.AnyError}, + }, "LoadOperationWrongKind": { reason: "An input that is not an Operation/CronOperation/WatchOperation should error.", args: args{ @@ -372,7 +387,7 @@ func TestCmdRun(t *testing.T) { buf := &bytes.Buffer{} kctx := &kong.Context{Kong: &kong.Kong{Stdout: buf, Stderr: io.Discard}} - err := tc.args.cmd.Run(kctx, logging.NewNopLogger()) + err := tc.args.cmd.Run(kctx, logging.NewNopLogger(), terminal.NewSpinnerPrinter(io.Discard, false)) if diff := cmp.Diff(tc.want.err, err, cmpopts.EquateErrors()); diff != "" { t.Errorf("\n%s\nRun(...): -want error, +got error:\n%s", tc.reason, diff) } diff --git a/cmd/crossplane/render/xr/cmd.go b/cmd/crossplane/render/xr/cmd.go index 90abee6..00bda55 100644 --- a/cmd/crossplane/render/xr/cmd.go +++ b/cmd/crossplane/render/xr/cmd.go @@ -20,6 +20,8 @@ package xr import ( "context" "fmt" + "os" + "path/filepath" "time" "dario.cat/mergo" @@ -36,9 +38,20 @@ import ( "github.com/crossplane/crossplane-runtime/v2/pkg/xcrd" apiextensionsv1 "github.com/crossplane/crossplane/apis/v2/apiextensions/v1" + pkgv1 "github.com/crossplane/crossplane/apis/v2/pkg/v1" "github.com/crossplane/cli/v2/cmd/crossplane/render" "github.com/crossplane/cli/v2/cmd/crossplane/render/contextfn" + "github.com/crossplane/cli/v2/internal/async" + "github.com/crossplane/cli/v2/internal/dependency" + "github.com/crossplane/cli/v2/internal/project" + "github.com/crossplane/cli/v2/internal/project/functions" + "github.com/crossplane/cli/v2/internal/project/projectfile" + "github.com/crossplane/cli/v2/internal/schemas/generator" + "github.com/crossplane/cli/v2/internal/schemas/manager" + "github.com/crossplane/cli/v2/internal/schemas/runner" + "github.com/crossplane/cli/v2/internal/terminal" + clixpkg "github.com/crossplane/cli/v2/internal/xpkg" ) // Cmd arguments and flags for the `render xr` subcommand. @@ -46,9 +59,9 @@ type Cmd struct { render.EngineFlags `prefix:""` // Arguments. - CompositeResource string `arg:"" help:"A YAML file specifying the composite resource (XR) to render." predictor:"yaml_file" type:"existingfile"` - Composition string `arg:"" help:"A YAML file specifying the Composition to use to render the XR. Must be mode: Pipeline." predictor:"yaml_file" type:"existingfile"` - Functions string `arg:"" help:"A YAML file or directory of YAML files specifying the Composition Functions to use to render the XR." predictor:"yaml_file_or_directory" type:"path"` + CompositeResource string `arg:"" help:"A YAML file specifying the composite resource (XR) to render." predictor:"yaml_file" type:"existingfile"` + Composition string `arg:"" help:"A YAML file specifying the Composition to use to render the XR. Must be mode: Pipeline." predictor:"yaml_file" type:"existingfile"` + Functions string `arg:"" help:"A YAML file or directory of YAML files specifying the Composition Functions to use to render the XR. May be omitted when running in a project." optional:"" predictor:"yaml_file_or_directory" type:"path"` // Flags. Keep them in alphabetical order. ContextFiles map[string]string `help:"Comma-separated context key-value pairs to pass to the Function pipeline. Values must be files containing JSON/YAML." mapsep:"" predictor:"file"` @@ -63,8 +76,11 @@ type Cmd struct { FunctionCredentials string `help:"A YAML file or directory of YAML files specifying credentials to use for Functions to render the XR." placeholder:"PATH" predictor:"yaml_file_or_directory" type:"path"` FunctionAnnotations []string `help:"Override function annotations for all functions. Can be repeated." placeholder:"KEY=VALUE" short:"a"` - Timeout time.Duration `default:"1m" help:"How long to run before timing out."` - XRD string `help:"A YAML file specifying the CompositeResourceDefinition (XRD) that defines the XR's schema and properties." optional:"" placeholder:"PATH" type:"existingfile"` + CacheDir string `env:"CROSSPLANE_XPKG_CACHE" help:"Directory for cached xpkg package contents." name:"cache-dir"` + MaxConcurrency uint `default:"8" help:"Maximum concurrency for building embedded functions."` + ProjectFile string `default:"crossplane-project.yaml" help:"Path to the project file. Optional." optional:"" predictor:"yaml_file" short:"f" type:"path"` + Timeout time.Duration `default:"1m" help:"How long to run before timing out."` + XRD string `help:"A YAML file specifying the CompositeResourceDefinition (XRD) that defines the XR's schema and properties." optional:"" placeholder:"PATH" type:"existingfile"` fs afero.Fs @@ -177,7 +193,10 @@ func (c *Cmd) AfterApply() error { } // Run render. -func (c *Cmd) Run(k *kong.Context, log logging.Logger) error { //nolint:gocognit // Orchestration is inherently complex. +func (c *Cmd) Run(k *kong.Context, log logging.Logger, sp terminal.SpinnerPrinter) error { //nolint:gocognit // Orchestration is inherently complex. + ctx, cancel := context.WithTimeout(context.Background(), c.Timeout) + defer cancel() + xr, err := render.LoadCompositeResource(c.fs, c.CompositeResource) if err != nil { return errors.Wrapf(err, "cannot load composite resource from %q", c.CompositeResource) @@ -220,9 +239,9 @@ func (c *Cmd) Run(k *kong.Context, log logging.Logger) error { //nolint:gocognit return errors.Errorf("render only supports Composition Function pipelines: Composition %q must use spec.mode: Pipeline", comp.GetName()) } - fns, err := render.LoadFunctions(c.fs, c.Functions) + fns, err := c.loadFunctions(ctx, log, sp) if err != nil { - return errors.Wrapf(err, "cannot load functions from %q", c.Functions) + return err } // Apply global annotation overrides to each function @@ -289,9 +308,6 @@ func (c *Cmd) Run(k *kong.Context, log logging.Logger) error { //nolint:gocognit } } - ctx, cancel := context.WithTimeout(context.Background(), c.Timeout) - defer cancel() - engine := c.newEngine(&c.EngineFlags, log) seedCtx := len(c.ContextValues) > 0 || len(c.ContextFiles) > 0 @@ -429,3 +445,91 @@ func (c *Cmd) Run(k *kong.Context, log logging.Logger) error { //nolint:gocognit return nil } + +func (c *Cmd) loadFunctions(ctx context.Context, log logging.Logger, sp terminal.SpinnerPrinter) ([]pkgv1.Function, error) { + if c.Functions != "" { + fns, err := render.LoadFunctions(c.fs, c.Functions) + if err != nil { + return nil, errors.Wrapf(err, "cannot load functions from %q", c.Functions) + } + return fns, nil + } + + projFilePath, err := filepath.Abs(c.ProjectFile) + if err != nil { + return nil, errors.Wrap(err, "cannot determine project file path") + } + projDir := filepath.Dir(projFilePath) + + if _, err := os.Stat(projFilePath); err != nil { + return nil, errors.New("functions argument is required when not in a project") + } + + log.Debug("Loading functions from project", "project-file", projFilePath) + + projFS := afero.NewBasePathFs(afero.NewOsFs(), projDir) + proj, err := projectfile.Parse(projFS, filepath.Base(projFilePath)) + if err != nil { + return nil, errors.Wrapf(err, "cannot parse project file %q", projFilePath) + } + + cacheDir := c.CacheDir + if cacheDir == "" { + cacheDir = dependency.DefaultCacheDir() + } + + xpkgClient, err := clixpkg.NewClient( + clixpkg.NewRemoteFetcher(), + clixpkg.WithCacheDir(afero.NewOsFs(), cacheDir), + clixpkg.WithImageConfigs(proj.Spec.ImageConfigs), + ) + if err != nil { + return nil, errors.Wrap(err, "cannot create xpkg client") + } + resolver := clixpkg.NewResolver(xpkgClient) + + depMgr := dependency.NewManager(proj, projFS, + dependency.WithProjectFile(filepath.Base(projFilePath)), + dependency.WithXpkgClient(xpkgClient), + dependency.WithResolver(resolver), + ) + + var fns []pkgv1.Function + if err := sp.WrapWithSuccessSpinner("Resolving function dependencies", func() error { + var err error + fns, err = project.LoadFunctionDependencies(depMgr, proj) + return err + }); err != nil { + return nil, errors.Wrap(err, "cannot load project functions") + } + + if err := sp.WrapAsyncWithSuccessSpinners(func(ch async.EventChannel) error { + schemasFS := afero.NewBasePathFs(projFS, proj.Spec.Paths.Schemas) + generators := generator.AllLanguages() + schemaRunner := runner.NewRealSchemaRunner(runner.WithImageConfig(proj.Spec.ImageConfigs)) + schemaMgr := manager.New(schemasFS, generators, schemaRunner) + + b := project.NewBuilder( + project.BuildWithMaxConcurrency(c.MaxConcurrency), + project.BuildWithFunctionIdentifier(functions.DefaultIdentifier), + project.BuildWithSchemaManager(schemaMgr), + project.BuildWithDependencyManager(depMgr), + ) + + imgMap, err := b.Build(ctx, proj, projFS, + project.BuildWithLogger(log), + project.BuildWithEventChannel(ch), + ) + if err != nil { + return err + } + + embeddedFns, err := project.EmbeddedFunctionsToDaemon(ctx, imgMap) + fns = append(fns, embeddedFns...) + return err + }); err != nil { + return nil, errors.Wrap(err, "cannot build embedded functions") + } + + return fns, nil +} diff --git a/cmd/crossplane/render/xr/cmd_test.go b/cmd/crossplane/render/xr/cmd_test.go index 0d740ba..d57cc14 100644 --- a/cmd/crossplane/render/xr/cmd_test.go +++ b/cmd/crossplane/render/xr/cmd_test.go @@ -36,6 +36,7 @@ import ( pkgv1 "github.com/crossplane/crossplane/apis/v2/pkg/v1" "github.com/crossplane/cli/v2/cmd/crossplane/render" + "github.com/crossplane/cli/v2/internal/terminal" renderv1alpha1 "github.com/crossplane/cli/v2/proto/render/v1alpha1" _ "embed" @@ -454,6 +455,21 @@ func TestCmdRun(t *testing.T) { stdout: includeFunctionResultsOutput, }, }, + "MissingFunctionsArgNoProject": { + reason: "Omitting the Functions arg without a project file should return a clear error.", + args: args{ + cmd: Cmd{ + CompositeResource: "xr.yaml", + Composition: "composition.yaml", + // Functions intentionally empty. + ProjectFile: "/nonexistent/path/crossplane-project.yaml", + Timeout: time.Minute, + fs: newTestFS(nil), + newEngine: newEngineFunc(&render.MockEngine{}), + }, + }, + want: want{err: cmpopts.AnyError}, + }, "IncludeFullXR": { reason: "With --include-full-xr, the rendered XR is merged into the input XR so the input's spec.fromXR survives alongside any updated fields.", args: args{ @@ -488,7 +504,7 @@ func TestCmdRun(t *testing.T) { buf := &bytes.Buffer{} kctx := &kong.Context{Kong: &kong.Kong{Stdout: buf, Stderr: io.Discard}} - err := tc.args.cmd.Run(kctx, logging.NewNopLogger()) + err := tc.args.cmd.Run(kctx, logging.NewNopLogger(), terminal.NewSpinnerPrinter(io.Discard, false)) if diff := cmp.Diff(tc.want.err, err, cmpopts.EquateErrors()); diff != "" { t.Errorf("\n%s\nRun(...): -want error, +got error:\n%s", tc.reason, diff) } diff --git a/gomod2nix.toml b/gomod2nix.toml index 8df5d42..d81d2ca 100644 --- a/gomod2nix.toml +++ b/gomod2nix.toml @@ -1,5 +1,5 @@ schema = 3 -cachePackages = ["al.essio.dev/pkg/shellescape", "cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario.cat/mergo", "github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/runtime/2019-08-15-preview/containerregistry", "github.com/Azure/azure-sdk-for-go/version", "github.com/Azure/go-autorest/autorest", "github.com/Azure/go-autorest/autorest/adal", "github.com/Azure/go-autorest/autorest/azure", "github.com/Azure/go-autorest/autorest/azure/auth", "github.com/Azure/go-autorest/autorest/azure/cli", "github.com/Azure/go-autorest/autorest/date", "github.com/Azure/go-autorest/logger", "github.com/Azure/go-autorest/tracing", "github.com/BurntSushi/toml", "github.com/MakeNowJust/heredoc", "github.com/Masterminds/goutils", "github.com/Masterminds/semver/v3", "github.com/Masterminds/sprig/v3", "github.com/Masterminds/squirrel", "github.com/ProtonMail/go-crypto/bitcurves", "github.com/ProtonMail/go-crypto/brainpool", "github.com/ProtonMail/go-crypto/eax", "github.com/ProtonMail/go-crypto/ocb", "github.com/ProtonMail/go-crypto/openpgp", "github.com/ProtonMail/go-crypto/openpgp/aes/keywrap", "github.com/ProtonMail/go-crypto/openpgp/armor", "github.com/ProtonMail/go-crypto/openpgp/ecdh", "github.com/ProtonMail/go-crypto/openpgp/ecdsa", "github.com/ProtonMail/go-crypto/openpgp/ed25519", "github.com/ProtonMail/go-crypto/openpgp/ed448", "github.com/ProtonMail/go-crypto/openpgp/eddsa", "github.com/ProtonMail/go-crypto/openpgp/elgamal", "github.com/ProtonMail/go-crypto/openpgp/errors", "github.com/ProtonMail/go-crypto/openpgp/packet", "github.com/ProtonMail/go-crypto/openpgp/s2k", "github.com/ProtonMail/go-crypto/openpgp/x25519", "github.com/ProtonMail/go-crypto/openpgp/x448", "github.com/alecthomas/kong", "github.com/antlr4-go/antlr/v4", "github.com/asaskevich/govalidator", "github.com/aws/aws-sdk-go-v2/aws", "github.com/aws/aws-sdk-go-v2/aws/defaults", "github.com/aws/aws-sdk-go-v2/aws/middleware", "github.com/aws/aws-sdk-go-v2/aws/protocol/query", "github.com/aws/aws-sdk-go-v2/aws/protocol/restjson", "github.com/aws/aws-sdk-go-v2/aws/protocol/xml", "github.com/aws/aws-sdk-go-v2/aws/ratelimit", "github.com/aws/aws-sdk-go-v2/aws/retry", "github.com/aws/aws-sdk-go-v2/aws/signer/v4", "github.com/aws/aws-sdk-go-v2/aws/transport/http", "github.com/aws/aws-sdk-go-v2/config", "github.com/aws/aws-sdk-go-v2/credentials", "github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds", "github.com/aws/aws-sdk-go-v2/credentials/endpointcreds", "github.com/aws/aws-sdk-go-v2/credentials/logincreds", "github.com/aws/aws-sdk-go-v2/credentials/processcreds", "github.com/aws/aws-sdk-go-v2/credentials/ssocreds", "github.com/aws/aws-sdk-go-v2/credentials/stscreds", "github.com/aws/aws-sdk-go-v2/feature/ec2/imds", "github.com/aws/aws-sdk-go-v2/service/ecr", "github.com/aws/aws-sdk-go-v2/service/ecr/types", "github.com/aws/aws-sdk-go-v2/service/ecrpublic", "github.com/aws/aws-sdk-go-v2/service/ecrpublic/types", "github.com/aws/aws-sdk-go-v2/service/signin", "github.com/aws/aws-sdk-go-v2/service/signin/types", "github.com/aws/aws-sdk-go-v2/service/sso", "github.com/aws/aws-sdk-go-v2/service/sso/types", "github.com/aws/aws-sdk-go-v2/service/ssooidc", "github.com/aws/aws-sdk-go-v2/service/ssooidc/types", "github.com/aws/aws-sdk-go-v2/service/sts", "github.com/aws/aws-sdk-go-v2/service/sts/types", "github.com/aws/smithy-go", "github.com/aws/smithy-go/auth", "github.com/aws/smithy-go/auth/bearer", "github.com/aws/smithy-go/context", "github.com/aws/smithy-go/document", "github.com/aws/smithy-go/encoding", "github.com/aws/smithy-go/encoding/httpbinding", "github.com/aws/smithy-go/encoding/json", "github.com/aws/smithy-go/encoding/xml", "github.com/aws/smithy-go/endpoints", "github.com/aws/smithy-go/endpoints/private/rulesfn", "github.com/aws/smithy-go/io", "github.com/aws/smithy-go/logging", "github.com/aws/smithy-go/metrics", "github.com/aws/smithy-go/middleware", "github.com/aws/smithy-go/private/requestcompression", "github.com/aws/smithy-go/ptr", "github.com/aws/smithy-go/rand", "github.com/aws/smithy-go/time", "github.com/aws/smithy-go/tracing", "github.com/aws/smithy-go/transport/http", "github.com/aws/smithy-go/waiter", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/config", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/version", "github.com/aymanbagabas/go-osc52/v2", "github.com/bahlo/generic-list-go", "github.com/beorn7/perks/quantile", "github.com/blang/semver", "github.com/blang/semver/v4", "github.com/buger/jsonparser", "github.com/cenkalti/backoff/v5", "github.com/cespare/xxhash/v2", "github.com/chai2010/gettext-go", "github.com/chai2010/gettext-go/mo", "github.com/chai2010/gettext-go/plural", "github.com/chai2010/gettext-go/po", "github.com/charmbracelet/bubbles/spinner", "github.com/charmbracelet/bubbletea", "github.com/charmbracelet/colorprofile", "github.com/charmbracelet/lipgloss", "github.com/charmbracelet/x/ansi", "github.com/charmbracelet/x/ansi/parser", "github.com/charmbracelet/x/cellbuf", "github.com/charmbracelet/x/term", "github.com/chrismellard/docker-credential-acr-env/pkg/credhelper", "github.com/chrismellard/docker-credential-acr-env/pkg/registry", "github.com/chrismellard/docker-credential-acr-env/pkg/token", "github.com/clipperhouse/displaywidth", "github.com/clipperhouse/stringish", "github.com/clipperhouse/uax29/v2/graphemes", "github.com/cloudflare/circl/dh/x25519", "github.com/cloudflare/circl/dh/x448", "github.com/cloudflare/circl/ecc/goldilocks", "github.com/cloudflare/circl/math", "github.com/cloudflare/circl/math/fp25519", "github.com/cloudflare/circl/math/fp448", "github.com/cloudflare/circl/math/mlsbset", "github.com/cloudflare/circl/sign", "github.com/cloudflare/circl/sign/ed25519", "github.com/cloudflare/circl/sign/ed448", "github.com/containerd/containerd/archive/compression", "github.com/containerd/containerd/content", "github.com/containerd/containerd/errdefs", "github.com/containerd/containerd/filters", "github.com/containerd/containerd/images", "github.com/containerd/containerd/labels", "github.com/containerd/containerd/pkg/randutil", "github.com/containerd/containerd/remotes", "github.com/containerd/errdefs", "github.com/containerd/errdefs/pkg/errhttp", "github.com/containerd/log", "github.com/containerd/platforms", "github.com/containerd/stargz-snapshotter/estargz", "github.com/containerd/stargz-snapshotter/estargz/errorutil", "github.com/coreos/go-oidc/v3/oidc", "github.com/crossplane/crossplane-runtime/v2/pkg/errors", "github.com/crossplane/crossplane-runtime/v2/pkg/fieldpath", "github.com/crossplane/crossplane-runtime/v2/pkg/logging", "github.com/crossplane/crossplane-runtime/v2/pkg/meta", "github.com/crossplane/crossplane-runtime/v2/pkg/resource", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured/claim", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured/composed", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured/composite", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured/reference", "github.com/crossplane/crossplane-runtime/v2/pkg/test", "github.com/crossplane/crossplane-runtime/v2/pkg/version", "github.com/crossplane/crossplane-runtime/v2/pkg/xcrd", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser/examples", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser/yaml", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/signature", "github.com/crossplane/crossplane/apis/v2/apiextensions/v1", "github.com/crossplane/crossplane/apis/v2/apiextensions/v1alpha1", "github.com/crossplane/crossplane/apis/v2/apiextensions/v1beta1", "github.com/crossplane/crossplane/apis/v2/apiextensions/v2", "github.com/crossplane/crossplane/apis/v2/core/v2", "github.com/crossplane/crossplane/apis/v2/ops/v1alpha1", "github.com/crossplane/crossplane/apis/v2/pkg", "github.com/crossplane/crossplane/apis/v2/pkg/meta/v1", "github.com/crossplane/crossplane/apis/v2/pkg/meta/v1alpha1", "github.com/crossplane/crossplane/apis/v2/pkg/meta/v1beta1", "github.com/crossplane/crossplane/apis/v2/pkg/v1", "github.com/crossplane/crossplane/apis/v2/pkg/v1beta1", "github.com/crossplane/function-sdk-go/errors", "github.com/crossplane/function-sdk-go/proto/v1", "github.com/crossplane/function-sdk-go/resource", "github.com/crossplane/function-sdk-go/resource/composed", "github.com/crossplane/function-sdk-go/resource/composite", "github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer", "github.com/cyphar/filepath-securejoin", "github.com/davecgh/go-spew/spew", "github.com/digitorus/pkcs7", "github.com/digitorus/timestamp", "github.com/dimchansky/utfbom", "github.com/distribution/reference", "github.com/docker/cli/cli/config", "github.com/docker/cli/cli/config/configfile", "github.com/docker/cli/cli/config/credentials", "github.com/docker/cli/cli/config/memorystore", "github.com/docker/cli/cli/config/types", "github.com/docker/distribution/registry/client/auth/challenge", "github.com/docker/docker-credential-helpers/client", "github.com/docker/docker-credential-helpers/credentials", "github.com/docker/docker/api", "github.com/docker/docker/api/types", "github.com/docker/docker/api/types/blkiodev", "github.com/docker/docker/api/types/build", "github.com/docker/docker/api/types/checkpoint", "github.com/docker/docker/api/types/common", "github.com/docker/docker/api/types/container", "github.com/docker/docker/api/types/events", "github.com/docker/docker/api/types/filters", "github.com/docker/docker/api/types/image", "github.com/docker/docker/api/types/mount", "github.com/docker/docker/api/types/network", "github.com/docker/docker/api/types/registry", "github.com/docker/docker/api/types/storage", "github.com/docker/docker/api/types/strslice", "github.com/docker/docker/api/types/swarm", "github.com/docker/docker/api/types/swarm/runtime", "github.com/docker/docker/api/types/system", "github.com/docker/docker/api/types/time", "github.com/docker/docker/api/types/versions", "github.com/docker/docker/api/types/volume", "github.com/docker/docker/client", "github.com/docker/docker/pkg/stdcopy", "github.com/docker/go-connections/nat", "github.com/docker/go-connections/sockets", "github.com/docker/go-connections/tlsconfig", "github.com/docker/go-units", "github.com/dprotaso/go-yit", "github.com/dustin/go-humanize", "github.com/emicklei/dot", "github.com/emicklei/go-restful/v3", "github.com/emicklei/go-restful/v3/log", "github.com/emirpasic/gods/containers", "github.com/emirpasic/gods/lists", "github.com/emirpasic/gods/lists/arraylist", "github.com/emirpasic/gods/trees", "github.com/emirpasic/gods/trees/binaryheap", "github.com/emirpasic/gods/utils", "github.com/evanphx/json-patch", "github.com/evanphx/json-patch/v5", "github.com/exponent-io/jsonpath", "github.com/fatih/color", "github.com/felixge/httpsnoop", "github.com/fsnotify/fsnotify", "github.com/fxamacker/cbor/v2", "github.com/getkin/kin-openapi/openapi3", "github.com/go-chi/chi/v5", "github.com/go-chi/chi/v5/middleware", "github.com/go-errors/errors", "github.com/go-git/gcfg", "github.com/go-git/gcfg/scanner", "github.com/go-git/gcfg/token", "github.com/go-git/gcfg/types", "github.com/go-git/go-billy/v5", "github.com/go-git/go-billy/v5/helper/chroot", "github.com/go-git/go-billy/v5/helper/iofs", "github.com/go-git/go-billy/v5/helper/polyfill", "github.com/go-git/go-billy/v5/memfs", "github.com/go-git/go-billy/v5/osfs", "github.com/go-git/go-billy/v5/util", "github.com/go-git/go-git/v5", "github.com/go-git/go-git/v5/config", "github.com/go-git/go-git/v5/plumbing", "github.com/go-git/go-git/v5/plumbing/cache", "github.com/go-git/go-git/v5/plumbing/color", "github.com/go-git/go-git/v5/plumbing/filemode", "github.com/go-git/go-git/v5/plumbing/format/config", "github.com/go-git/go-git/v5/plumbing/format/diff", "github.com/go-git/go-git/v5/plumbing/format/gitignore", "github.com/go-git/go-git/v5/plumbing/format/idxfile", "github.com/go-git/go-git/v5/plumbing/format/index", "github.com/go-git/go-git/v5/plumbing/format/objfile", "github.com/go-git/go-git/v5/plumbing/format/packfile", "github.com/go-git/go-git/v5/plumbing/format/pktline", "github.com/go-git/go-git/v5/plumbing/hash", "github.com/go-git/go-git/v5/plumbing/object", "github.com/go-git/go-git/v5/plumbing/protocol/packp", "github.com/go-git/go-git/v5/plumbing/protocol/packp/capability", "github.com/go-git/go-git/v5/plumbing/protocol/packp/sideband", "github.com/go-git/go-git/v5/plumbing/revlist", "github.com/go-git/go-git/v5/plumbing/storer", "github.com/go-git/go-git/v5/plumbing/transport", "github.com/go-git/go-git/v5/plumbing/transport/client", "github.com/go-git/go-git/v5/plumbing/transport/file", "github.com/go-git/go-git/v5/plumbing/transport/git", "github.com/go-git/go-git/v5/plumbing/transport/http", "github.com/go-git/go-git/v5/plumbing/transport/server", "github.com/go-git/go-git/v5/plumbing/transport/ssh", "github.com/go-git/go-git/v5/storage", "github.com/go-git/go-git/v5/storage/filesystem", "github.com/go-git/go-git/v5/storage/filesystem/dotgit", "github.com/go-git/go-git/v5/storage/memory", "github.com/go-git/go-git/v5/utils/binary", "github.com/go-git/go-git/v5/utils/diff", "github.com/go-git/go-git/v5/utils/ioutil", "github.com/go-git/go-git/v5/utils/merkletrie", "github.com/go-git/go-git/v5/utils/merkletrie/filesystem", "github.com/go-git/go-git/v5/utils/merkletrie/index", "github.com/go-git/go-git/v5/utils/merkletrie/noder", "github.com/go-git/go-git/v5/utils/sync", "github.com/go-git/go-git/v5/utils/trace", "github.com/go-gorp/gorp/v3", "github.com/go-jose/go-jose/v4", "github.com/go-jose/go-jose/v4/cipher", "github.com/go-jose/go-jose/v4/json", "github.com/go-json-experiment/json", "github.com/go-json-experiment/json/jsontext", "github.com/go-logr/logr", "github.com/go-logr/logr/funcr", "github.com/go-logr/logr/slogr", "github.com/go-logr/stdr", "github.com/go-logr/zapr", "github.com/go-openapi/analysis", "github.com/go-openapi/errors", "github.com/go-openapi/jsonpointer", "github.com/go-openapi/jsonreference", "github.com/go-openapi/loads", "github.com/go-openapi/runtime", "github.com/go-openapi/runtime/client", "github.com/go-openapi/runtime/logger", "github.com/go-openapi/runtime/middleware", "github.com/go-openapi/runtime/middleware/denco", "github.com/go-openapi/runtime/middleware/header", "github.com/go-openapi/runtime/middleware/untyped", "github.com/go-openapi/runtime/security", "github.com/go-openapi/runtime/yamlpc", "github.com/go-openapi/spec", "github.com/go-openapi/strfmt", "github.com/go-openapi/swag", "github.com/go-openapi/swag/cmdutils", "github.com/go-openapi/swag/conv", "github.com/go-openapi/swag/fileutils", "github.com/go-openapi/swag/jsonname", "github.com/go-openapi/swag/jsonutils", "github.com/go-openapi/swag/jsonutils/adapters", "github.com/go-openapi/swag/jsonutils/adapters/ifaces", "github.com/go-openapi/swag/jsonutils/adapters/stdlib/json", "github.com/go-openapi/swag/loading", "github.com/go-openapi/swag/mangling", "github.com/go-openapi/swag/netutils", "github.com/go-openapi/swag/stringutils", "github.com/go-openapi/swag/typeutils", "github.com/go-openapi/swag/yamlutils", "github.com/go-openapi/validate", "github.com/go-viper/mapstructure/v2", "github.com/gobuffalo/flect", "github.com/gobwas/glob", "github.com/gobwas/glob/compiler", "github.com/gobwas/glob/match", "github.com/gobwas/glob/syntax", "github.com/gobwas/glob/syntax/ast", "github.com/gobwas/glob/syntax/lexer", "github.com/gobwas/glob/util/runes", "github.com/gobwas/glob/util/strings", "github.com/golang-jwt/jwt/v4", "github.com/golang/groupcache/lru", "github.com/golang/snappy", "github.com/google/btree", "github.com/google/cel-go/cel", "github.com/google/cel-go/checker", "github.com/google/cel-go/checker/decls", "github.com/google/cel-go/common", "github.com/google/cel-go/common/ast", "github.com/google/cel-go/common/containers", "github.com/google/cel-go/common/debug", "github.com/google/cel-go/common/decls", "github.com/google/cel-go/common/env", "github.com/google/cel-go/common/functions", "github.com/google/cel-go/common/operators", "github.com/google/cel-go/common/overloads", "github.com/google/cel-go/common/runes", "github.com/google/cel-go/common/stdlib", "github.com/google/cel-go/common/types", "github.com/google/cel-go/common/types/pb", "github.com/google/cel-go/common/types/ref", "github.com/google/cel-go/common/types/traits", "github.com/google/cel-go/ext", "github.com/google/cel-go/interpreter", "github.com/google/cel-go/interpreter/functions", "github.com/google/cel-go/parser", "github.com/google/cel-go/parser/gen", "github.com/google/certificate-transparency-go", "github.com/google/certificate-transparency-go/asn1", "github.com/google/certificate-transparency-go/client", "github.com/google/certificate-transparency-go/client/configpb", "github.com/google/certificate-transparency-go/ctutil", "github.com/google/certificate-transparency-go/gossip/minimal/x509ext", "github.com/google/certificate-transparency-go/jsonclient", "github.com/google/certificate-transparency-go/loglist3", "github.com/google/certificate-transparency-go/tls", "github.com/google/certificate-transparency-go/x509", "github.com/google/certificate-transparency-go/x509/pkix", "github.com/google/certificate-transparency-go/x509util", "github.com/google/gnostic-models/compiler", "github.com/google/gnostic-models/extensions", "github.com/google/gnostic-models/jsonschema", "github.com/google/gnostic-models/openapiv2", "github.com/google/gnostic-models/openapiv3", "github.com/google/go-cmp/cmp", "github.com/google/go-cmp/cmp/cmpopts", "github.com/google/go-containerregistry/pkg/authn", "github.com/google/go-containerregistry/pkg/authn/k8schain", "github.com/google/go-containerregistry/pkg/authn/kubernetes", "github.com/google/go-containerregistry/pkg/compression", "github.com/google/go-containerregistry/pkg/crane", "github.com/google/go-containerregistry/pkg/legacy", "github.com/google/go-containerregistry/pkg/legacy/tarball", "github.com/google/go-containerregistry/pkg/logs", "github.com/google/go-containerregistry/pkg/name", "github.com/google/go-containerregistry/pkg/v1", "github.com/google/go-containerregistry/pkg/v1/daemon", "github.com/google/go-containerregistry/pkg/v1/empty", "github.com/google/go-containerregistry/pkg/v1/google", "github.com/google/go-containerregistry/pkg/v1/layout", "github.com/google/go-containerregistry/pkg/v1/match", "github.com/google/go-containerregistry/pkg/v1/mutate", "github.com/google/go-containerregistry/pkg/v1/partial", "github.com/google/go-containerregistry/pkg/v1/random", "github.com/google/go-containerregistry/pkg/v1/remote", "github.com/google/go-containerregistry/pkg/v1/remote/transport", "github.com/google/go-containerregistry/pkg/v1/static", "github.com/google/go-containerregistry/pkg/v1/stream", "github.com/google/go-containerregistry/pkg/v1/tarball", "github.com/google/go-containerregistry/pkg/v1/types", "github.com/google/ko/pkg/build", "github.com/google/ko/pkg/caps", "github.com/google/uuid", "github.com/gosuri/uitable", "github.com/gosuri/uitable/util/strutil", "github.com/gosuri/uitable/util/wordwrap", "github.com/gregjones/httpcache", "github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options", "github.com/grpc-ecosystem/grpc-gateway/v2/runtime", "github.com/grpc-ecosystem/grpc-gateway/v2/utilities", "github.com/hashicorp/errwrap", "github.com/hashicorp/go-cleanhttp", "github.com/hashicorp/go-multierror", "github.com/hashicorp/go-retryablehttp", "github.com/huandu/xstrings", "github.com/in-toto/attestation/go/v1", "github.com/in-toto/in-toto-golang/in_toto", "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common", "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.1", "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2", "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v1", "github.com/invopop/jsonschema", "github.com/jbenet/go-context/io", "github.com/jedisct1/go-minisign", "github.com/jmoiron/sqlx", "github.com/jmoiron/sqlx/reflectx", "github.com/josharian/intern", "github.com/json-iterator/go", "github.com/kevinburke/ssh_config", "github.com/klauspost/compress", "github.com/klauspost/compress/fse", "github.com/klauspost/compress/huff0", "github.com/klauspost/compress/zstd", "github.com/kubernetes-sigs/kro/pkg/graph/dag", "github.com/kubernetes-sigs/kro/pkg/simpleschema", "github.com/kubernetes-sigs/kro/pkg/simpleschema/types", "github.com/lann/builder", "github.com/lann/ps", "github.com/letsencrypt/boulder/core", "github.com/letsencrypt/boulder/core/proto", "github.com/letsencrypt/boulder/goodkey", "github.com/letsencrypt/boulder/identifier", "github.com/letsencrypt/boulder/probs", "github.com/letsencrypt/boulder/revocation", "github.com/lib/pq", "github.com/lib/pq/oid", "github.com/lib/pq/scram", "github.com/liggitt/tabwriter", "github.com/lucasb-eyer/go-colorful", "github.com/mailru/easyjson/jlexer", "github.com/mattn/go-colorable", "github.com/mattn/go-isatty", "github.com/mattn/go-runewidth", "github.com/mitchellh/copystructure", "github.com/mitchellh/go-homedir", "github.com/mitchellh/go-wordwrap", "github.com/mitchellh/reflectwalk", "github.com/moby/docker-image-spec/specs-go/v1", "github.com/moby/term", "github.com/modern-go/concurrent", "github.com/modern-go/reflect2", "github.com/mohae/deepcopy", "github.com/monochromegane/go-gitignore", "github.com/muesli/ansi", "github.com/muesli/ansi/compressor", "github.com/muesli/cancelreader", "github.com/muesli/termenv", "github.com/munnerz/goautoneg", "github.com/nozzle/throttler", "github.com/oapi-codegen/oapi-codegen/v2/pkg/codegen", "github.com/oapi-codegen/oapi-codegen/v2/pkg/util", "github.com/oasdiff/yaml", "github.com/oasdiff/yaml3", "github.com/oklog/ulid/v2", "github.com/opencontainers/go-digest", "github.com/opencontainers/image-spec/specs-go", "github.com/opencontainers/image-spec/specs-go/v1", "github.com/pb33f/ordered-map/v2", "github.com/pelletier/go-toml", "github.com/perimeterx/marshmallow", "github.com/peterbourgon/diskv", "github.com/pjbgf/sha1cd", "github.com/pjbgf/sha1cd/ubc", "github.com/pkg/browser", "github.com/pkg/errors", "github.com/pmezard/go-difflib/difflib", "github.com/posener/complete", "github.com/posener/complete/cmd", "github.com/posener/complete/cmd/install", "github.com/prometheus/client_golang/prometheus", "github.com/prometheus/client_golang/prometheus/collectors", "github.com/prometheus/client_golang/prometheus/promhttp", "github.com/prometheus/client_model/go", "github.com/prometheus/common/expfmt", "github.com/prometheus/common/model", "github.com/prometheus/procfs", "github.com/rivo/uniseg", "github.com/riywo/loginshell", "github.com/rubenv/sql-migrate", "github.com/rubenv/sql-migrate/sqlparse", "github.com/russross/blackfriday/v2", "github.com/santhosh-tekuri/jsonschema/v6", "github.com/santhosh-tekuri/jsonschema/v6/kind", "github.com/sassoftware/relic/lib/pkcs7", "github.com/sassoftware/relic/lib/x509tools", "github.com/secure-systems-lab/go-securesystemslib/cjson", "github.com/secure-systems-lab/go-securesystemslib/dsse", "github.com/secure-systems-lab/go-securesystemslib/encrypted", "github.com/secure-systems-lab/go-securesystemslib/signerverifier", "github.com/sergi/go-diff/diffmatchpatch", "github.com/shibumi/go-pathspec", "github.com/shopspring/decimal", "github.com/sigstore/cosign/v2/pkg/cosign/bundle", "github.com/sigstore/cosign/v2/pkg/cosign/env", "github.com/sigstore/cosign/v2/pkg/oci", "github.com/sigstore/cosign/v2/pkg/oci/empty", "github.com/sigstore/cosign/v2/pkg/oci/mutate", "github.com/sigstore/cosign/v2/pkg/oci/signed", "github.com/sigstore/cosign/v2/pkg/oci/static", "github.com/sigstore/cosign/v2/pkg/types", "github.com/sigstore/cosign/v3/pkg/blob", "github.com/sigstore/cosign/v3/pkg/cosign", "github.com/sigstore/cosign/v3/pkg/cosign/attestation", "github.com/sigstore/cosign/v3/pkg/cosign/bundle", "github.com/sigstore/cosign/v3/pkg/cosign/env", "github.com/sigstore/cosign/v3/pkg/cosign/fulcioverifier/ctutil", "github.com/sigstore/cosign/v3/pkg/oci", "github.com/sigstore/cosign/v3/pkg/oci/empty", "github.com/sigstore/cosign/v3/pkg/oci/layout", "github.com/sigstore/cosign/v3/pkg/oci/remote", "github.com/sigstore/cosign/v3/pkg/oci/signed", "github.com/sigstore/cosign/v3/pkg/oci/static", "github.com/sigstore/cosign/v3/pkg/types", "github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1", "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1", "github.com/sigstore/protobuf-specs/gen/pb-go/dsse", "github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1", "github.com/sigstore/protobuf-specs/gen/pb-go/trustroot/v1", "github.com/sigstore/rekor-tiles/v2/pkg/client", "github.com/sigstore/rekor-tiles/v2/pkg/client/write", "github.com/sigstore/rekor-tiles/v2/pkg/generated/protobuf", "github.com/sigstore/rekor-tiles/v2/pkg/note", "github.com/sigstore/rekor-tiles/v2/pkg/types/verifier", "github.com/sigstore/rekor-tiles/v2/pkg/verify", "github.com/sigstore/rekor/pkg/client", "github.com/sigstore/rekor/pkg/generated/client", "github.com/sigstore/rekor/pkg/generated/client/entries", "github.com/sigstore/rekor/pkg/generated/client/index", "github.com/sigstore/rekor/pkg/generated/client/pubkey", "github.com/sigstore/rekor/pkg/generated/client/tlog", "github.com/sigstore/rekor/pkg/generated/models", "github.com/sigstore/rekor/pkg/log", "github.com/sigstore/rekor/pkg/pki", "github.com/sigstore/rekor/pkg/pki/identity", "github.com/sigstore/rekor/pkg/pki/minisign", "github.com/sigstore/rekor/pkg/pki/pgp", "github.com/sigstore/rekor/pkg/pki/pkcs7", "github.com/sigstore/rekor/pkg/pki/pkitypes", "github.com/sigstore/rekor/pkg/pki/ssh", "github.com/sigstore/rekor/pkg/pki/tuf", "github.com/sigstore/rekor/pkg/pki/x509", "github.com/sigstore/rekor/pkg/tle", "github.com/sigstore/rekor/pkg/types", "github.com/sigstore/rekor/pkg/types/dsse", "github.com/sigstore/rekor/pkg/types/dsse/v0.0.1", "github.com/sigstore/rekor/pkg/types/hashedrekord", "github.com/sigstore/rekor/pkg/types/hashedrekord/v0.0.1", "github.com/sigstore/rekor/pkg/types/intoto", "github.com/sigstore/rekor/pkg/types/intoto/v0.0.1", "github.com/sigstore/rekor/pkg/types/intoto/v0.0.2", "github.com/sigstore/rekor/pkg/types/rekord", "github.com/sigstore/rekor/pkg/types/rekord/v0.0.1", "github.com/sigstore/rekor/pkg/util", "github.com/sigstore/rekor/pkg/verify", "github.com/sigstore/sigstore-go/pkg/bundle", "github.com/sigstore/sigstore-go/pkg/fulcio/certificate", "github.com/sigstore/sigstore-go/pkg/root", "github.com/sigstore/sigstore-go/pkg/sign", "github.com/sigstore/sigstore-go/pkg/tlog", "github.com/sigstore/sigstore-go/pkg/tuf", "github.com/sigstore/sigstore-go/pkg/util", "github.com/sigstore/sigstore-go/pkg/verify", "github.com/sigstore/sigstore/pkg/cryptoutils", "github.com/sigstore/sigstore/pkg/cryptoutils/goodkey", "github.com/sigstore/sigstore/pkg/fulcioroots", "github.com/sigstore/sigstore/pkg/oauth", "github.com/sigstore/sigstore/pkg/oauthflow", "github.com/sigstore/sigstore/pkg/signature", "github.com/sigstore/sigstore/pkg/signature/dsse", "github.com/sigstore/sigstore/pkg/signature/options", "github.com/sigstore/sigstore/pkg/signature/payload", "github.com/sigstore/sigstore/pkg/tuf", "github.com/sigstore/timestamp-authority/v2/pkg/verification", "github.com/sirupsen/logrus", "github.com/skeema/knownhosts", "github.com/speakeasy-api/jsonpath/pkg/jsonpath", "github.com/speakeasy-api/jsonpath/pkg/jsonpath/config", "github.com/speakeasy-api/jsonpath/pkg/jsonpath/token", "github.com/speakeasy-api/openapi/overlay", "github.com/speakeasy-api/openapi/overlay/loader", "github.com/spf13/afero", "github.com/spf13/afero/mem", "github.com/spf13/afero/tarfs", "github.com/spf13/cast", "github.com/spf13/cobra", "github.com/spf13/pflag", "github.com/syndtr/goleveldb/leveldb", "github.com/syndtr/goleveldb/leveldb/cache", "github.com/syndtr/goleveldb/leveldb/comparer", "github.com/syndtr/goleveldb/leveldb/errors", "github.com/syndtr/goleveldb/leveldb/filter", "github.com/syndtr/goleveldb/leveldb/iterator", "github.com/syndtr/goleveldb/leveldb/journal", "github.com/syndtr/goleveldb/leveldb/memdb", "github.com/syndtr/goleveldb/leveldb/opt", "github.com/syndtr/goleveldb/leveldb/storage", "github.com/syndtr/goleveldb/leveldb/table", "github.com/syndtr/goleveldb/leveldb/util", "github.com/theupdateframework/go-tuf", "github.com/theupdateframework/go-tuf/client", "github.com/theupdateframework/go-tuf/client/leveldbstore", "github.com/theupdateframework/go-tuf/data", "github.com/theupdateframework/go-tuf/pkg/keys", "github.com/theupdateframework/go-tuf/pkg/targets", "github.com/theupdateframework/go-tuf/sign", "github.com/theupdateframework/go-tuf/util", "github.com/theupdateframework/go-tuf/v2/metadata", "github.com/theupdateframework/go-tuf/v2/metadata/config", "github.com/theupdateframework/go-tuf/v2/metadata/fetcher", "github.com/theupdateframework/go-tuf/v2/metadata/trustedmetadata", "github.com/theupdateframework/go-tuf/v2/metadata/updater", "github.com/theupdateframework/go-tuf/verify", "github.com/titanous/rocacheck", "github.com/transparency-dev/formats/log", "github.com/transparency-dev/merkle", "github.com/transparency-dev/merkle/compact", "github.com/transparency-dev/merkle/proof", "github.com/transparency-dev/merkle/rfc6962", "github.com/vbatts/tar-split/archive/tar", "github.com/vmware-labs/yaml-jsonpath/pkg/yamlpath", "github.com/willabides/kongplete", "github.com/woodsbury/decimal128", "github.com/x448/float16", "github.com/xanzy/ssh-agent", "github.com/xlab/treeprint", "github.com/xo/terminfo", "go.opentelemetry.io/auto/sdk", "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "go.opentelemetry.io/otel", "go.opentelemetry.io/otel/attribute", "go.opentelemetry.io/otel/baggage", "go.opentelemetry.io/otel/codes", "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "go.opentelemetry.io/otel/metric", "go.opentelemetry.io/otel/metric/embedded", "go.opentelemetry.io/otel/metric/noop", "go.opentelemetry.io/otel/propagation", "go.opentelemetry.io/otel/sdk", "go.opentelemetry.io/otel/sdk/instrumentation", "go.opentelemetry.io/otel/sdk/resource", "go.opentelemetry.io/otel/sdk/trace", "go.opentelemetry.io/otel/semconv/v1.17.0", "go.opentelemetry.io/otel/semconv/v1.37.0", "go.opentelemetry.io/otel/semconv/v1.37.0/otelconv", "go.opentelemetry.io/otel/semconv/v1.40.0", "go.opentelemetry.io/otel/semconv/v1.40.0/httpconv", "go.opentelemetry.io/otel/semconv/v1.40.0/otelconv", "go.opentelemetry.io/otel/trace", "go.opentelemetry.io/otel/trace/embedded", "go.opentelemetry.io/otel/trace/noop", "go.opentelemetry.io/proto/otlp/collector/trace/v1", "go.opentelemetry.io/proto/otlp/common/v1", "go.opentelemetry.io/proto/otlp/resource/v1", "go.opentelemetry.io/proto/otlp/trace/v1", "go.uber.org/multierr", "go.uber.org/zap", "go.uber.org/zap/buffer", "go.uber.org/zap/zapcore", "go.yaml.in/yaml/v2", "go.yaml.in/yaml/v3", "go.yaml.in/yaml/v4", "golang.org/x/crypto/argon2", "golang.org/x/crypto/bcrypt", "golang.org/x/crypto/blake2b", "golang.org/x/crypto/blowfish", "golang.org/x/crypto/cast5", "golang.org/x/crypto/chacha20", "golang.org/x/crypto/cryptobyte", "golang.org/x/crypto/cryptobyte/asn1", "golang.org/x/crypto/curve25519", "golang.org/x/crypto/ed25519", "golang.org/x/crypto/hkdf", "golang.org/x/crypto/nacl/secretbox", "golang.org/x/crypto/ocsp", "golang.org/x/crypto/openpgp", "golang.org/x/crypto/openpgp/armor", "golang.org/x/crypto/openpgp/clearsign", "golang.org/x/crypto/openpgp/elgamal", "golang.org/x/crypto/openpgp/errors", "golang.org/x/crypto/openpgp/packet", "golang.org/x/crypto/openpgp/s2k", "golang.org/x/crypto/pbkdf2", "golang.org/x/crypto/pkcs12", "golang.org/x/crypto/salsa20/salsa", "golang.org/x/crypto/scrypt", "golang.org/x/crypto/sha3", "golang.org/x/crypto/ssh", "golang.org/x/crypto/ssh/agent", "golang.org/x/crypto/ssh/knownhosts", "golang.org/x/crypto/ssh/terminal", "golang.org/x/exp/slices", "golang.org/x/mod/modfile", "golang.org/x/mod/module", "golang.org/x/mod/semver", "golang.org/x/mod/sumdb/note", "golang.org/x/net/context", "golang.org/x/net/http/httpguts", "golang.org/x/net/http2", "golang.org/x/net/http2/hpack", "golang.org/x/net/idna", "golang.org/x/net/proxy", "golang.org/x/net/trace", "golang.org/x/net/websocket", "golang.org/x/oauth2", "golang.org/x/oauth2/authhandler", "golang.org/x/oauth2/google", "golang.org/x/oauth2/google/externalaccount", "golang.org/x/oauth2/jws", "golang.org/x/oauth2/jwt", "golang.org/x/sync/errgroup", "golang.org/x/sync/semaphore", "golang.org/x/sync/singleflight", "golang.org/x/sys/cpu", "golang.org/x/sys/execabs", "golang.org/x/sys/unix", "golang.org/x/term", "golang.org/x/text/cases", "golang.org/x/text/encoding", "golang.org/x/text/encoding/unicode", "golang.org/x/text/feature/plural", "golang.org/x/text/language", "golang.org/x/text/message", "golang.org/x/text/message/catalog", "golang.org/x/text/runes", "golang.org/x/text/secure/bidirule", "golang.org/x/text/transform", "golang.org/x/text/unicode/bidi", "golang.org/x/text/unicode/norm", "golang.org/x/time/rate", "golang.org/x/tools/go/ast/astutil", "golang.org/x/tools/go/ast/edge", "golang.org/x/tools/go/ast/inspector", "golang.org/x/tools/go/gcexportdata", "golang.org/x/tools/go/packages", "golang.org/x/tools/go/types/objectpath", "golang.org/x/tools/go/types/typeutil", "golang.org/x/tools/imports", "gomodules.xyz/jsonpatch/v2", "google.golang.org/genproto/googleapis/api", "google.golang.org/genproto/googleapis/api/annotations", "google.golang.org/genproto/googleapis/api/expr/v1alpha1", "google.golang.org/genproto/googleapis/api/httpbody", "google.golang.org/genproto/googleapis/rpc/errdetails", "google.golang.org/genproto/googleapis/rpc/status", "google.golang.org/grpc", "google.golang.org/grpc/attributes", "google.golang.org/grpc/backoff", "google.golang.org/grpc/balancer", "google.golang.org/grpc/balancer/base", "google.golang.org/grpc/balancer/endpointsharding", "google.golang.org/grpc/balancer/grpclb/state", "google.golang.org/grpc/balancer/pickfirst", "google.golang.org/grpc/balancer/roundrobin", "google.golang.org/grpc/binarylog/grpc_binarylog_v1", "google.golang.org/grpc/channelz", "google.golang.org/grpc/codes", "google.golang.org/grpc/connectivity", "google.golang.org/grpc/credentials", "google.golang.org/grpc/credentials/insecure", "google.golang.org/grpc/encoding", "google.golang.org/grpc/encoding/gzip", "google.golang.org/grpc/encoding/proto", "google.golang.org/grpc/experimental/stats", "google.golang.org/grpc/grpclog", "google.golang.org/grpc/health/grpc_health_v1", "google.golang.org/grpc/keepalive", "google.golang.org/grpc/mem", "google.golang.org/grpc/metadata", "google.golang.org/grpc/peer", "google.golang.org/grpc/resolver", "google.golang.org/grpc/resolver/dns", "google.golang.org/grpc/serviceconfig", "google.golang.org/grpc/stats", "google.golang.org/grpc/status", "google.golang.org/grpc/tap", "google.golang.org/protobuf/encoding/protodelim", "google.golang.org/protobuf/encoding/protojson", "google.golang.org/protobuf/encoding/prototext", "google.golang.org/protobuf/encoding/protowire", "google.golang.org/protobuf/proto", "google.golang.org/protobuf/protoadapt", "google.golang.org/protobuf/reflect/protodesc", "google.golang.org/protobuf/reflect/protoreflect", "google.golang.org/protobuf/reflect/protoregistry", "google.golang.org/protobuf/runtime/protoiface", "google.golang.org/protobuf/runtime/protoimpl", "google.golang.org/protobuf/testing/protocmp", "google.golang.org/protobuf/types/descriptorpb", "google.golang.org/protobuf/types/dynamicpb", "google.golang.org/protobuf/types/gofeaturespb", "google.golang.org/protobuf/types/known/anypb", "google.golang.org/protobuf/types/known/durationpb", "google.golang.org/protobuf/types/known/emptypb", "google.golang.org/protobuf/types/known/fieldmaskpb", "google.golang.org/protobuf/types/known/structpb", "google.golang.org/protobuf/types/known/timestamppb", "google.golang.org/protobuf/types/known/wrapperspb", "gopkg.in/evanphx/json-patch.v4", "gopkg.in/inf.v0", "gopkg.in/warnings.v0", "gopkg.in/yaml.v3", "helm.sh/helm/v3/pkg/action", "helm.sh/helm/v3/pkg/chart", "helm.sh/helm/v3/pkg/chart/loader", "helm.sh/helm/v3/pkg/chartutil", "helm.sh/helm/v3/pkg/cli", "helm.sh/helm/v3/pkg/downloader", "helm.sh/helm/v3/pkg/engine", "helm.sh/helm/v3/pkg/getter", "helm.sh/helm/v3/pkg/helmpath", "helm.sh/helm/v3/pkg/helmpath/xdg", "helm.sh/helm/v3/pkg/ignore", "helm.sh/helm/v3/pkg/kube", "helm.sh/helm/v3/pkg/kube/fake", "helm.sh/helm/v3/pkg/lint", "helm.sh/helm/v3/pkg/lint/rules", "helm.sh/helm/v3/pkg/lint/support", "helm.sh/helm/v3/pkg/plugin", "helm.sh/helm/v3/pkg/postrender", "helm.sh/helm/v3/pkg/provenance", "helm.sh/helm/v3/pkg/pusher", "helm.sh/helm/v3/pkg/registry", "helm.sh/helm/v3/pkg/release", "helm.sh/helm/v3/pkg/releaseutil", "helm.sh/helm/v3/pkg/repo", "helm.sh/helm/v3/pkg/storage", "helm.sh/helm/v3/pkg/storage/driver", "helm.sh/helm/v3/pkg/time", "helm.sh/helm/v3/pkg/time/ctime", "helm.sh/helm/v3/pkg/uploader", "k8s.io/api/admission/v1", "k8s.io/api/admission/v1beta1", "k8s.io/api/admissionregistration/v1", "k8s.io/api/admissionregistration/v1alpha1", "k8s.io/api/admissionregistration/v1beta1", "k8s.io/api/apidiscovery/v2", "k8s.io/api/apidiscovery/v2beta1", "k8s.io/api/apiserverinternal/v1alpha1", "k8s.io/api/apps/v1", "k8s.io/api/apps/v1beta1", "k8s.io/api/apps/v1beta2", "k8s.io/api/authentication/v1", "k8s.io/api/authentication/v1alpha1", "k8s.io/api/authentication/v1beta1", "k8s.io/api/authorization/v1", "k8s.io/api/authorization/v1beta1", "k8s.io/api/autoscaling/v1", "k8s.io/api/autoscaling/v2", "k8s.io/api/autoscaling/v2beta1", "k8s.io/api/autoscaling/v2beta2", "k8s.io/api/batch/v1", "k8s.io/api/batch/v1beta1", "k8s.io/api/certificates/v1", "k8s.io/api/certificates/v1alpha1", "k8s.io/api/certificates/v1beta1", "k8s.io/api/coordination/v1", "k8s.io/api/coordination/v1alpha2", "k8s.io/api/coordination/v1beta1", "k8s.io/api/core/v1", "k8s.io/api/discovery/v1", "k8s.io/api/discovery/v1beta1", "k8s.io/api/events/v1", "k8s.io/api/events/v1beta1", "k8s.io/api/extensions/v1beta1", "k8s.io/api/flowcontrol/v1", "k8s.io/api/flowcontrol/v1beta1", "k8s.io/api/flowcontrol/v1beta2", "k8s.io/api/flowcontrol/v1beta3", "k8s.io/api/imagepolicy/v1alpha1", "k8s.io/api/networking/v1", "k8s.io/api/networking/v1beta1", "k8s.io/api/node/v1", "k8s.io/api/node/v1alpha1", "k8s.io/api/node/v1beta1", "k8s.io/api/policy/v1", "k8s.io/api/policy/v1beta1", "k8s.io/api/rbac/v1", "k8s.io/api/rbac/v1alpha1", "k8s.io/api/rbac/v1beta1", "k8s.io/api/resource/v1", "k8s.io/api/resource/v1alpha3", "k8s.io/api/resource/v1beta1", "k8s.io/api/resource/v1beta2", "k8s.io/api/scheduling/v1", "k8s.io/api/scheduling/v1alpha1", "k8s.io/api/scheduling/v1beta1", "k8s.io/api/storage/v1", "k8s.io/api/storage/v1alpha1", "k8s.io/api/storage/v1beta1", "k8s.io/api/storagemigration/v1beta1", "k8s.io/apiextensions-apiserver/pkg/apihelpers", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/validation", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/model", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/objectmeta", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/pruning", "k8s.io/apiextensions-apiserver/pkg/apiserver/validation", "k8s.io/apiextensions-apiserver/pkg/controller/openapi/builder", "k8s.io/apiextensions-apiserver/pkg/controller/openapi/v2", "k8s.io/apiextensions-apiserver/pkg/features", "k8s.io/apiextensions-apiserver/pkg/generated/openapi", "k8s.io/apimachinery/pkg/api/equality", "k8s.io/apimachinery/pkg/api/errors", "k8s.io/apimachinery/pkg/api/meta", "k8s.io/apimachinery/pkg/api/meta/testrestmapper", "k8s.io/apimachinery/pkg/api/operation", "k8s.io/apimachinery/pkg/api/resource", "k8s.io/apimachinery/pkg/api/safe", "k8s.io/apimachinery/pkg/api/validate", "k8s.io/apimachinery/pkg/api/validate/constraints", "k8s.io/apimachinery/pkg/api/validate/content", "k8s.io/apimachinery/pkg/api/validation", "k8s.io/apimachinery/pkg/api/validation/path", "k8s.io/apimachinery/pkg/apis/meta/v1", "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured", "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructuredscheme", "k8s.io/apimachinery/pkg/apis/meta/v1/validation", "k8s.io/apimachinery/pkg/apis/meta/v1beta1", "k8s.io/apimachinery/pkg/apis/meta/v1beta1/validation", "k8s.io/apimachinery/pkg/conversion", "k8s.io/apimachinery/pkg/conversion/queryparams", "k8s.io/apimachinery/pkg/fields", "k8s.io/apimachinery/pkg/labels", "k8s.io/apimachinery/pkg/runtime", "k8s.io/apimachinery/pkg/runtime/schema", "k8s.io/apimachinery/pkg/runtime/serializer", "k8s.io/apimachinery/pkg/runtime/serializer/cbor", "k8s.io/apimachinery/pkg/runtime/serializer/cbor/direct", "k8s.io/apimachinery/pkg/runtime/serializer/json", "k8s.io/apimachinery/pkg/runtime/serializer/protobuf", "k8s.io/apimachinery/pkg/runtime/serializer/recognizer", "k8s.io/apimachinery/pkg/runtime/serializer/streaming", "k8s.io/apimachinery/pkg/runtime/serializer/versioning", "k8s.io/apimachinery/pkg/selection", "k8s.io/apimachinery/pkg/types", "k8s.io/apimachinery/pkg/util/cache", "k8s.io/apimachinery/pkg/util/diff", "k8s.io/apimachinery/pkg/util/dump", "k8s.io/apimachinery/pkg/util/duration", "k8s.io/apimachinery/pkg/util/errors", "k8s.io/apimachinery/pkg/util/framer", "k8s.io/apimachinery/pkg/util/httpstream", "k8s.io/apimachinery/pkg/util/httpstream/wsstream", "k8s.io/apimachinery/pkg/util/intstr", "k8s.io/apimachinery/pkg/util/json", "k8s.io/apimachinery/pkg/util/jsonmergepatch", "k8s.io/apimachinery/pkg/util/managedfields", "k8s.io/apimachinery/pkg/util/mergepatch", "k8s.io/apimachinery/pkg/util/naming", "k8s.io/apimachinery/pkg/util/net", "k8s.io/apimachinery/pkg/util/portforward", "k8s.io/apimachinery/pkg/util/rand", "k8s.io/apimachinery/pkg/util/remotecommand", "k8s.io/apimachinery/pkg/util/runtime", "k8s.io/apimachinery/pkg/util/sets", "k8s.io/apimachinery/pkg/util/strategicpatch", "k8s.io/apimachinery/pkg/util/uuid", "k8s.io/apimachinery/pkg/util/validation", "k8s.io/apimachinery/pkg/util/validation/field", "k8s.io/apimachinery/pkg/util/version", "k8s.io/apimachinery/pkg/util/wait", "k8s.io/apimachinery/pkg/util/yaml", "k8s.io/apimachinery/pkg/version", "k8s.io/apimachinery/pkg/watch", "k8s.io/apimachinery/third_party/forked/golang/json", "k8s.io/apimachinery/third_party/forked/golang/reflect", "k8s.io/apiserver/pkg/admission", "k8s.io/apiserver/pkg/apis/apiserver", "k8s.io/apiserver/pkg/apis/apiserver/install", "k8s.io/apiserver/pkg/apis/apiserver/v1", "k8s.io/apiserver/pkg/apis/apiserver/v1alpha1", "k8s.io/apiserver/pkg/apis/apiserver/v1beta1", "k8s.io/apiserver/pkg/apis/audit", "k8s.io/apiserver/pkg/apis/audit/v1", "k8s.io/apiserver/pkg/apis/cel", "k8s.io/apiserver/pkg/audit", "k8s.io/apiserver/pkg/authentication/serviceaccount", "k8s.io/apiserver/pkg/authentication/user", "k8s.io/apiserver/pkg/authorization/authorizer", "k8s.io/apiserver/pkg/cel", "k8s.io/apiserver/pkg/cel/common", "k8s.io/apiserver/pkg/cel/environment", "k8s.io/apiserver/pkg/cel/library", "k8s.io/apiserver/pkg/cel/metrics", "k8s.io/apiserver/pkg/cel/openapi", "k8s.io/apiserver/pkg/endpoints", "k8s.io/apiserver/pkg/endpoints/deprecation", "k8s.io/apiserver/pkg/endpoints/discovery", "k8s.io/apiserver/pkg/endpoints/handlers", "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager", "k8s.io/apiserver/pkg/endpoints/handlers/finisher", "k8s.io/apiserver/pkg/endpoints/handlers/metrics", "k8s.io/apiserver/pkg/endpoints/handlers/negotiation", "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters", "k8s.io/apiserver/pkg/endpoints/metrics", "k8s.io/apiserver/pkg/endpoints/openapi", "k8s.io/apiserver/pkg/endpoints/request", "k8s.io/apiserver/pkg/endpoints/responsewriter", "k8s.io/apiserver/pkg/endpoints/warning", "k8s.io/apiserver/pkg/features", "k8s.io/apiserver/pkg/registry/rest", "k8s.io/apiserver/pkg/server/egressselector", "k8s.io/apiserver/pkg/server/egressselector/metrics", "k8s.io/apiserver/pkg/server/routine", "k8s.io/apiserver/pkg/storage", "k8s.io/apiserver/pkg/storage/names", "k8s.io/apiserver/pkg/storageversion", "k8s.io/apiserver/pkg/util/apihelpers", "k8s.io/apiserver/pkg/util/compatibility", "k8s.io/apiserver/pkg/util/dryrun", "k8s.io/apiserver/pkg/util/feature", "k8s.io/apiserver/pkg/util/flushwriter", "k8s.io/apiserver/pkg/util/openapi", "k8s.io/apiserver/pkg/util/webhook", "k8s.io/apiserver/pkg/util/x509metrics", "k8s.io/apiserver/pkg/validation", "k8s.io/apiserver/pkg/warning", "k8s.io/cli-runtime/pkg/genericclioptions", "k8s.io/cli-runtime/pkg/genericiooptions", "k8s.io/cli-runtime/pkg/printers", "k8s.io/cli-runtime/pkg/resource", "k8s.io/client-go/applyconfigurations", "k8s.io/client-go/applyconfigurations/admissionregistration/v1", "k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1", "k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1", "k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1", "k8s.io/client-go/applyconfigurations/apps/v1", "k8s.io/client-go/applyconfigurations/apps/v1beta1", "k8s.io/client-go/applyconfigurations/apps/v1beta2", "k8s.io/client-go/applyconfigurations/autoscaling/v1", "k8s.io/client-go/applyconfigurations/autoscaling/v2", "k8s.io/client-go/applyconfigurations/autoscaling/v2beta1", "k8s.io/client-go/applyconfigurations/autoscaling/v2beta2", "k8s.io/client-go/applyconfigurations/batch/v1", "k8s.io/client-go/applyconfigurations/batch/v1beta1", "k8s.io/client-go/applyconfigurations/certificates/v1", "k8s.io/client-go/applyconfigurations/certificates/v1alpha1", "k8s.io/client-go/applyconfigurations/certificates/v1beta1", "k8s.io/client-go/applyconfigurations/coordination/v1", "k8s.io/client-go/applyconfigurations/coordination/v1alpha2", "k8s.io/client-go/applyconfigurations/coordination/v1beta1", "k8s.io/client-go/applyconfigurations/core/v1", "k8s.io/client-go/applyconfigurations/discovery/v1", "k8s.io/client-go/applyconfigurations/discovery/v1beta1", "k8s.io/client-go/applyconfigurations/events/v1", "k8s.io/client-go/applyconfigurations/events/v1beta1", "k8s.io/client-go/applyconfigurations/extensions/v1beta1", "k8s.io/client-go/applyconfigurations/flowcontrol/v1", "k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1", "k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2", "k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3", "k8s.io/client-go/applyconfigurations/imagepolicy/v1alpha1", "k8s.io/client-go/applyconfigurations/meta/v1", "k8s.io/client-go/applyconfigurations/networking/v1", "k8s.io/client-go/applyconfigurations/networking/v1beta1", "k8s.io/client-go/applyconfigurations/node/v1", "k8s.io/client-go/applyconfigurations/node/v1alpha1", "k8s.io/client-go/applyconfigurations/node/v1beta1", "k8s.io/client-go/applyconfigurations/policy/v1", "k8s.io/client-go/applyconfigurations/policy/v1beta1", "k8s.io/client-go/applyconfigurations/rbac/v1", "k8s.io/client-go/applyconfigurations/rbac/v1alpha1", "k8s.io/client-go/applyconfigurations/rbac/v1beta1", "k8s.io/client-go/applyconfigurations/resource/v1", "k8s.io/client-go/applyconfigurations/resource/v1alpha3", "k8s.io/client-go/applyconfigurations/resource/v1beta1", "k8s.io/client-go/applyconfigurations/resource/v1beta2", "k8s.io/client-go/applyconfigurations/scheduling/v1", "k8s.io/client-go/applyconfigurations/scheduling/v1alpha1", "k8s.io/client-go/applyconfigurations/scheduling/v1beta1", "k8s.io/client-go/applyconfigurations/storage/v1", "k8s.io/client-go/applyconfigurations/storage/v1alpha1", "k8s.io/client-go/applyconfigurations/storage/v1beta1", "k8s.io/client-go/applyconfigurations/storagemigration/v1beta1", "k8s.io/client-go/discovery", "k8s.io/client-go/discovery/cached/disk", "k8s.io/client-go/discovery/cached/memory", "k8s.io/client-go/dynamic", "k8s.io/client-go/features", "k8s.io/client-go/gentype", "k8s.io/client-go/informers", "k8s.io/client-go/informers/admissionregistration", "k8s.io/client-go/informers/admissionregistration/v1", "k8s.io/client-go/informers/admissionregistration/v1alpha1", "k8s.io/client-go/informers/admissionregistration/v1beta1", "k8s.io/client-go/informers/apiserverinternal", "k8s.io/client-go/informers/apiserverinternal/v1alpha1", "k8s.io/client-go/informers/apps", "k8s.io/client-go/informers/apps/v1", "k8s.io/client-go/informers/apps/v1beta1", "k8s.io/client-go/informers/apps/v1beta2", "k8s.io/client-go/informers/autoscaling", "k8s.io/client-go/informers/autoscaling/v1", "k8s.io/client-go/informers/autoscaling/v2", "k8s.io/client-go/informers/autoscaling/v2beta1", "k8s.io/client-go/informers/autoscaling/v2beta2", "k8s.io/client-go/informers/batch", "k8s.io/client-go/informers/batch/v1", "k8s.io/client-go/informers/batch/v1beta1", "k8s.io/client-go/informers/certificates", "k8s.io/client-go/informers/certificates/v1", "k8s.io/client-go/informers/certificates/v1alpha1", "k8s.io/client-go/informers/certificates/v1beta1", "k8s.io/client-go/informers/coordination", "k8s.io/client-go/informers/coordination/v1", "k8s.io/client-go/informers/coordination/v1alpha2", "k8s.io/client-go/informers/coordination/v1beta1", "k8s.io/client-go/informers/core", "k8s.io/client-go/informers/core/v1", "k8s.io/client-go/informers/discovery", "k8s.io/client-go/informers/discovery/v1", "k8s.io/client-go/informers/discovery/v1beta1", "k8s.io/client-go/informers/events", "k8s.io/client-go/informers/events/v1", "k8s.io/client-go/informers/events/v1beta1", "k8s.io/client-go/informers/extensions", "k8s.io/client-go/informers/extensions/v1beta1", "k8s.io/client-go/informers/flowcontrol", "k8s.io/client-go/informers/flowcontrol/v1", "k8s.io/client-go/informers/flowcontrol/v1beta1", "k8s.io/client-go/informers/flowcontrol/v1beta2", "k8s.io/client-go/informers/flowcontrol/v1beta3", "k8s.io/client-go/informers/networking", "k8s.io/client-go/informers/networking/v1", "k8s.io/client-go/informers/networking/v1beta1", "k8s.io/client-go/informers/node", "k8s.io/client-go/informers/node/v1", "k8s.io/client-go/informers/node/v1alpha1", "k8s.io/client-go/informers/node/v1beta1", "k8s.io/client-go/informers/policy", "k8s.io/client-go/informers/policy/v1", "k8s.io/client-go/informers/policy/v1beta1", "k8s.io/client-go/informers/rbac", "k8s.io/client-go/informers/rbac/v1", "k8s.io/client-go/informers/rbac/v1alpha1", "k8s.io/client-go/informers/rbac/v1beta1", "k8s.io/client-go/informers/resource", "k8s.io/client-go/informers/resource/v1", "k8s.io/client-go/informers/resource/v1alpha3", "k8s.io/client-go/informers/resource/v1beta1", "k8s.io/client-go/informers/resource/v1beta2", "k8s.io/client-go/informers/scheduling", "k8s.io/client-go/informers/scheduling/v1", "k8s.io/client-go/informers/scheduling/v1alpha1", "k8s.io/client-go/informers/scheduling/v1beta1", "k8s.io/client-go/informers/storage", "k8s.io/client-go/informers/storage/v1", "k8s.io/client-go/informers/storage/v1alpha1", "k8s.io/client-go/informers/storage/v1beta1", "k8s.io/client-go/informers/storagemigration", "k8s.io/client-go/informers/storagemigration/v1beta1", "k8s.io/client-go/kubernetes", "k8s.io/client-go/kubernetes/scheme", "k8s.io/client-go/kubernetes/typed/admissionregistration/v1", "k8s.io/client-go/kubernetes/typed/admissionregistration/v1alpha1", "k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1", "k8s.io/client-go/kubernetes/typed/apiserverinternal/v1alpha1", "k8s.io/client-go/kubernetes/typed/apps/v1", "k8s.io/client-go/kubernetes/typed/apps/v1beta1", "k8s.io/client-go/kubernetes/typed/apps/v1beta2", "k8s.io/client-go/kubernetes/typed/authentication/v1", "k8s.io/client-go/kubernetes/typed/authentication/v1alpha1", "k8s.io/client-go/kubernetes/typed/authentication/v1beta1", "k8s.io/client-go/kubernetes/typed/authorization/v1", "k8s.io/client-go/kubernetes/typed/authorization/v1beta1", "k8s.io/client-go/kubernetes/typed/autoscaling/v1", "k8s.io/client-go/kubernetes/typed/autoscaling/v2", "k8s.io/client-go/kubernetes/typed/autoscaling/v2beta1", "k8s.io/client-go/kubernetes/typed/autoscaling/v2beta2", "k8s.io/client-go/kubernetes/typed/batch/v1", "k8s.io/client-go/kubernetes/typed/batch/v1beta1", "k8s.io/client-go/kubernetes/typed/certificates/v1", "k8s.io/client-go/kubernetes/typed/certificates/v1alpha1", "k8s.io/client-go/kubernetes/typed/certificates/v1beta1", "k8s.io/client-go/kubernetes/typed/coordination/v1", "k8s.io/client-go/kubernetes/typed/coordination/v1alpha2", "k8s.io/client-go/kubernetes/typed/coordination/v1beta1", "k8s.io/client-go/kubernetes/typed/core/v1", "k8s.io/client-go/kubernetes/typed/discovery/v1", "k8s.io/client-go/kubernetes/typed/discovery/v1beta1", "k8s.io/client-go/kubernetes/typed/events/v1", "k8s.io/client-go/kubernetes/typed/events/v1beta1", "k8s.io/client-go/kubernetes/typed/extensions/v1beta1", "k8s.io/client-go/kubernetes/typed/flowcontrol/v1", "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta1", "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta2", "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta3", "k8s.io/client-go/kubernetes/typed/networking/v1", "k8s.io/client-go/kubernetes/typed/networking/v1beta1", "k8s.io/client-go/kubernetes/typed/node/v1", "k8s.io/client-go/kubernetes/typed/node/v1alpha1", "k8s.io/client-go/kubernetes/typed/node/v1beta1", "k8s.io/client-go/kubernetes/typed/policy/v1", "k8s.io/client-go/kubernetes/typed/policy/v1beta1", "k8s.io/client-go/kubernetes/typed/rbac/v1", "k8s.io/client-go/kubernetes/typed/rbac/v1alpha1", "k8s.io/client-go/kubernetes/typed/rbac/v1beta1", "k8s.io/client-go/kubernetes/typed/resource/v1", "k8s.io/client-go/kubernetes/typed/resource/v1alpha3", "k8s.io/client-go/kubernetes/typed/resource/v1beta1", "k8s.io/client-go/kubernetes/typed/resource/v1beta2", "k8s.io/client-go/kubernetes/typed/scheduling/v1", "k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1", "k8s.io/client-go/kubernetes/typed/scheduling/v1beta1", "k8s.io/client-go/kubernetes/typed/storage/v1", "k8s.io/client-go/kubernetes/typed/storage/v1alpha1", "k8s.io/client-go/kubernetes/typed/storage/v1beta1", "k8s.io/client-go/kubernetes/typed/storagemigration/v1beta1", "k8s.io/client-go/listers", "k8s.io/client-go/listers/admissionregistration/v1", "k8s.io/client-go/listers/admissionregistration/v1alpha1", "k8s.io/client-go/listers/admissionregistration/v1beta1", "k8s.io/client-go/listers/apiserverinternal/v1alpha1", "k8s.io/client-go/listers/apps/v1", "k8s.io/client-go/listers/apps/v1beta1", "k8s.io/client-go/listers/apps/v1beta2", "k8s.io/client-go/listers/autoscaling/v1", "k8s.io/client-go/listers/autoscaling/v2", "k8s.io/client-go/listers/autoscaling/v2beta1", "k8s.io/client-go/listers/autoscaling/v2beta2", "k8s.io/client-go/listers/batch/v1", "k8s.io/client-go/listers/batch/v1beta1", "k8s.io/client-go/listers/certificates/v1", "k8s.io/client-go/listers/certificates/v1alpha1", "k8s.io/client-go/listers/certificates/v1beta1", "k8s.io/client-go/listers/coordination/v1", "k8s.io/client-go/listers/coordination/v1alpha2", "k8s.io/client-go/listers/coordination/v1beta1", "k8s.io/client-go/listers/core/v1", "k8s.io/client-go/listers/discovery/v1", "k8s.io/client-go/listers/discovery/v1beta1", "k8s.io/client-go/listers/events/v1", "k8s.io/client-go/listers/events/v1beta1", "k8s.io/client-go/listers/extensions/v1beta1", "k8s.io/client-go/listers/flowcontrol/v1", "k8s.io/client-go/listers/flowcontrol/v1beta1", "k8s.io/client-go/listers/flowcontrol/v1beta2", "k8s.io/client-go/listers/flowcontrol/v1beta3", "k8s.io/client-go/listers/networking/v1", "k8s.io/client-go/listers/networking/v1beta1", "k8s.io/client-go/listers/node/v1", "k8s.io/client-go/listers/node/v1alpha1", "k8s.io/client-go/listers/node/v1beta1", "k8s.io/client-go/listers/policy/v1", "k8s.io/client-go/listers/policy/v1beta1", "k8s.io/client-go/listers/rbac/v1", "k8s.io/client-go/listers/rbac/v1alpha1", "k8s.io/client-go/listers/rbac/v1beta1", "k8s.io/client-go/listers/resource/v1", "k8s.io/client-go/listers/resource/v1alpha3", "k8s.io/client-go/listers/resource/v1beta1", "k8s.io/client-go/listers/resource/v1beta2", "k8s.io/client-go/listers/scheduling/v1", "k8s.io/client-go/listers/scheduling/v1alpha1", "k8s.io/client-go/listers/scheduling/v1beta1", "k8s.io/client-go/listers/storage/v1", "k8s.io/client-go/listers/storage/v1alpha1", "k8s.io/client-go/listers/storage/v1beta1", "k8s.io/client-go/listers/storagemigration/v1beta1", "k8s.io/client-go/metadata", "k8s.io/client-go/openapi", "k8s.io/client-go/openapi/cached", "k8s.io/client-go/openapi3", "k8s.io/client-go/pkg/apis/clientauthentication", "k8s.io/client-go/pkg/apis/clientauthentication/install", "k8s.io/client-go/pkg/apis/clientauthentication/v1", "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1", "k8s.io/client-go/pkg/version", "k8s.io/client-go/plugin/pkg/client/auth", "k8s.io/client-go/plugin/pkg/client/auth/azure", "k8s.io/client-go/plugin/pkg/client/auth/exec", "k8s.io/client-go/plugin/pkg/client/auth/gcp", "k8s.io/client-go/plugin/pkg/client/auth/oidc", "k8s.io/client-go/rest", "k8s.io/client-go/rest/watch", "k8s.io/client-go/restmapper", "k8s.io/client-go/scale", "k8s.io/client-go/scale/scheme", "k8s.io/client-go/scale/scheme/appsint", "k8s.io/client-go/scale/scheme/appsv1beta1", "k8s.io/client-go/scale/scheme/appsv1beta2", "k8s.io/client-go/scale/scheme/autoscalingv1", "k8s.io/client-go/scale/scheme/extensionsint", "k8s.io/client-go/scale/scheme/extensionsv1beta1", "k8s.io/client-go/testing", "k8s.io/client-go/third_party/forked/golang/template", "k8s.io/client-go/tools/auth", "k8s.io/client-go/tools/cache", "k8s.io/client-go/tools/cache/synctrack", "k8s.io/client-go/tools/clientcmd", "k8s.io/client-go/tools/clientcmd/api", "k8s.io/client-go/tools/clientcmd/api/latest", "k8s.io/client-go/tools/clientcmd/api/v1", "k8s.io/client-go/tools/events", "k8s.io/client-go/tools/leaderelection", "k8s.io/client-go/tools/leaderelection/resourcelock", "k8s.io/client-go/tools/metrics", "k8s.io/client-go/tools/pager", "k8s.io/client-go/tools/record", "k8s.io/client-go/tools/record/util", "k8s.io/client-go/tools/reference", "k8s.io/client-go/tools/watch", "k8s.io/client-go/transport", "k8s.io/client-go/util/apply", "k8s.io/client-go/util/cert", "k8s.io/client-go/util/connrotation", "k8s.io/client-go/util/consistencydetector", "k8s.io/client-go/util/flowcontrol", "k8s.io/client-go/util/homedir", "k8s.io/client-go/util/jsonpath", "k8s.io/client-go/util/keyutil", "k8s.io/client-go/util/retry", "k8s.io/client-go/util/watchlist", "k8s.io/client-go/util/workqueue", "k8s.io/component-base/cli/flag", "k8s.io/component-base/compatibility", "k8s.io/component-base/featuregate", "k8s.io/component-base/metrics", "k8s.io/component-base/metrics/legacyregistry", "k8s.io/component-base/metrics/prometheus/compatversion", "k8s.io/component-base/metrics/prometheus/feature", "k8s.io/component-base/metrics/prometheus/workqueue", "k8s.io/component-base/metrics/prometheusextension", "k8s.io/component-base/tracing", "k8s.io/component-base/tracing/api/v1", "k8s.io/component-base/version", "k8s.io/component-base/zpages/features", "k8s.io/klog/v2", "k8s.io/kube-openapi/pkg/aggregator", "k8s.io/kube-openapi/pkg/builder", "k8s.io/kube-openapi/pkg/builder3", "k8s.io/kube-openapi/pkg/builder3/util", "k8s.io/kube-openapi/pkg/cached", "k8s.io/kube-openapi/pkg/common", "k8s.io/kube-openapi/pkg/common/restfuladapter", "k8s.io/kube-openapi/pkg/handler3", "k8s.io/kube-openapi/pkg/schemaconv", "k8s.io/kube-openapi/pkg/schemamutation", "k8s.io/kube-openapi/pkg/spec3", "k8s.io/kube-openapi/pkg/util", "k8s.io/kube-openapi/pkg/util/proto", "k8s.io/kube-openapi/pkg/util/proto/validation", "k8s.io/kube-openapi/pkg/validation/errors", "k8s.io/kube-openapi/pkg/validation/spec", "k8s.io/kube-openapi/pkg/validation/strfmt", "k8s.io/kube-openapi/pkg/validation/strfmt/bson", "k8s.io/kube-openapi/pkg/validation/validate", "k8s.io/kubectl/pkg/cmd/util", "k8s.io/kubectl/pkg/scheme", "k8s.io/kubectl/pkg/util/i18n", "k8s.io/kubectl/pkg/util/interrupt", "k8s.io/kubectl/pkg/util/openapi", "k8s.io/kubectl/pkg/util/templates", "k8s.io/kubectl/pkg/util/term", "k8s.io/kubectl/pkg/validation", "k8s.io/metrics/pkg/apis/metrics", "k8s.io/metrics/pkg/apis/metrics/v1alpha1", "k8s.io/metrics/pkg/apis/metrics/v1beta1", "k8s.io/metrics/pkg/client/clientset/versioned", "k8s.io/metrics/pkg/client/clientset/versioned/scheme", "k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1alpha1", "k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1", "k8s.io/utils/buffer", "k8s.io/utils/clock", "k8s.io/utils/exec", "k8s.io/utils/lru", "k8s.io/utils/net", "k8s.io/utils/path", "k8s.io/utils/ptr", "k8s.io/utils/trace", "oras.land/oras-go/v2", "oras.land/oras-go/v2/content", "oras.land/oras-go/v2/content/memory", "oras.land/oras-go/v2/errdef", "oras.land/oras-go/v2/registry", "oras.land/oras-go/v2/registry/remote", "oras.land/oras-go/v2/registry/remote/auth", "oras.land/oras-go/v2/registry/remote/credentials", "oras.land/oras-go/v2/registry/remote/credentials/trace", "oras.land/oras-go/v2/registry/remote/errcode", "oras.land/oras-go/v2/registry/remote/retry", "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client", "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics", "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics", "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client", "sigs.k8s.io/controller-runtime", "sigs.k8s.io/controller-runtime/pkg/builder", "sigs.k8s.io/controller-runtime/pkg/cache", "sigs.k8s.io/controller-runtime/pkg/certwatcher", "sigs.k8s.io/controller-runtime/pkg/certwatcher/metrics", "sigs.k8s.io/controller-runtime/pkg/client", "sigs.k8s.io/controller-runtime/pkg/client/apiutil", "sigs.k8s.io/controller-runtime/pkg/client/config", "sigs.k8s.io/controller-runtime/pkg/client/fake", "sigs.k8s.io/controller-runtime/pkg/client/interceptor", "sigs.k8s.io/controller-runtime/pkg/cluster", "sigs.k8s.io/controller-runtime/pkg/config", "sigs.k8s.io/controller-runtime/pkg/controller", "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil", "sigs.k8s.io/controller-runtime/pkg/controller/priorityqueue", "sigs.k8s.io/controller-runtime/pkg/conversion", "sigs.k8s.io/controller-runtime/pkg/event", "sigs.k8s.io/controller-runtime/pkg/handler", "sigs.k8s.io/controller-runtime/pkg/healthz", "sigs.k8s.io/controller-runtime/pkg/leaderelection", "sigs.k8s.io/controller-runtime/pkg/log", "sigs.k8s.io/controller-runtime/pkg/log/zap", "sigs.k8s.io/controller-runtime/pkg/manager", "sigs.k8s.io/controller-runtime/pkg/manager/signals", "sigs.k8s.io/controller-runtime/pkg/metrics", "sigs.k8s.io/controller-runtime/pkg/metrics/server", "sigs.k8s.io/controller-runtime/pkg/predicate", "sigs.k8s.io/controller-runtime/pkg/reconcile", "sigs.k8s.io/controller-runtime/pkg/recorder", "sigs.k8s.io/controller-runtime/pkg/scheme", "sigs.k8s.io/controller-runtime/pkg/source", "sigs.k8s.io/controller-runtime/pkg/webhook", "sigs.k8s.io/controller-runtime/pkg/webhook/admission", "sigs.k8s.io/controller-runtime/pkg/webhook/admission/metrics", "sigs.k8s.io/controller-runtime/pkg/webhook/conversion", "sigs.k8s.io/controller-runtime/pkg/webhook/conversion/metrics", "sigs.k8s.io/json", "sigs.k8s.io/kind/pkg/apis/config/defaults", "sigs.k8s.io/kind/pkg/apis/config/v1alpha4", "sigs.k8s.io/kind/pkg/cluster", "sigs.k8s.io/kind/pkg/cluster/constants", "sigs.k8s.io/kind/pkg/cluster/nodes", "sigs.k8s.io/kind/pkg/cluster/nodeutils", "sigs.k8s.io/kind/pkg/cmd", "sigs.k8s.io/kind/pkg/cmd/kind/version", "sigs.k8s.io/kind/pkg/errors", "sigs.k8s.io/kind/pkg/exec", "sigs.k8s.io/kind/pkg/fs", "sigs.k8s.io/kind/pkg/log", "sigs.k8s.io/kustomize/api/filters/annotations", "sigs.k8s.io/kustomize/api/filters/fieldspec", "sigs.k8s.io/kustomize/api/filters/filtersutil", "sigs.k8s.io/kustomize/api/filters/fsslice", "sigs.k8s.io/kustomize/api/filters/iampolicygenerator", "sigs.k8s.io/kustomize/api/filters/imagetag", "sigs.k8s.io/kustomize/api/filters/labels", "sigs.k8s.io/kustomize/api/filters/nameref", "sigs.k8s.io/kustomize/api/filters/namespace", "sigs.k8s.io/kustomize/api/filters/patchjson6902", "sigs.k8s.io/kustomize/api/filters/patchstrategicmerge", "sigs.k8s.io/kustomize/api/filters/prefix", "sigs.k8s.io/kustomize/api/filters/refvar", "sigs.k8s.io/kustomize/api/filters/replacement", "sigs.k8s.io/kustomize/api/filters/replicacount", "sigs.k8s.io/kustomize/api/filters/suffix", "sigs.k8s.io/kustomize/api/filters/valueadd", "sigs.k8s.io/kustomize/api/hasher", "sigs.k8s.io/kustomize/api/ifc", "sigs.k8s.io/kustomize/api/konfig", "sigs.k8s.io/kustomize/api/krusty", "sigs.k8s.io/kustomize/api/kv", "sigs.k8s.io/kustomize/api/provenance", "sigs.k8s.io/kustomize/api/provider", "sigs.k8s.io/kustomize/api/resmap", "sigs.k8s.io/kustomize/api/resource", "sigs.k8s.io/kustomize/api/types", "sigs.k8s.io/kustomize/kyaml/comments", "sigs.k8s.io/kustomize/kyaml/errors", "sigs.k8s.io/kustomize/kyaml/ext", "sigs.k8s.io/kustomize/kyaml/fieldmeta", "sigs.k8s.io/kustomize/kyaml/filesys", "sigs.k8s.io/kustomize/kyaml/fn/runtime/container", "sigs.k8s.io/kustomize/kyaml/fn/runtime/exec", "sigs.k8s.io/kustomize/kyaml/fn/runtime/runtimeutil", "sigs.k8s.io/kustomize/kyaml/kio", "sigs.k8s.io/kustomize/kyaml/kio/kioutil", "sigs.k8s.io/kustomize/kyaml/openapi", "sigs.k8s.io/kustomize/kyaml/openapi/kubernetesapi", "sigs.k8s.io/kustomize/kyaml/openapi/kubernetesapi/v1_21_2", "sigs.k8s.io/kustomize/kyaml/openapi/kustomizationapi", "sigs.k8s.io/kustomize/kyaml/order", "sigs.k8s.io/kustomize/kyaml/resid", "sigs.k8s.io/kustomize/kyaml/runfn", "sigs.k8s.io/kustomize/kyaml/sets", "sigs.k8s.io/kustomize/kyaml/sliceutil", "sigs.k8s.io/kustomize/kyaml/utils", "sigs.k8s.io/kustomize/kyaml/yaml", "sigs.k8s.io/kustomize/kyaml/yaml/merge2", "sigs.k8s.io/kustomize/kyaml/yaml/schema", "sigs.k8s.io/kustomize/kyaml/yaml/walk", "sigs.k8s.io/randfill", "sigs.k8s.io/randfill/bytesource", "sigs.k8s.io/structured-merge-diff/v6/fieldpath", "sigs.k8s.io/structured-merge-diff/v6/merge", "sigs.k8s.io/structured-merge-diff/v6/schema", "sigs.k8s.io/structured-merge-diff/v6/typed", "sigs.k8s.io/structured-merge-diff/v6/value", "sigs.k8s.io/yaml", "sigs.k8s.io/yaml/goyaml.v3", "sigs.k8s.io/yaml/kyaml"] +cachePackages = ["al.essio.dev/pkg/shellescape", "cel.dev/expr", "cloud.google.com/go/compute/metadata", "dario.cat/mergo", "github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/runtime/2019-08-15-preview/containerregistry", "github.com/Azure/azure-sdk-for-go/version", "github.com/Azure/go-autorest/autorest", "github.com/Azure/go-autorest/autorest/adal", "github.com/Azure/go-autorest/autorest/azure", "github.com/Azure/go-autorest/autorest/azure/auth", "github.com/Azure/go-autorest/autorest/azure/cli", "github.com/Azure/go-autorest/autorest/date", "github.com/Azure/go-autorest/logger", "github.com/Azure/go-autorest/tracing", "github.com/BurntSushi/toml", "github.com/MakeNowJust/heredoc", "github.com/Masterminds/goutils", "github.com/Masterminds/semver/v3", "github.com/Masterminds/sprig/v3", "github.com/Masterminds/squirrel", "github.com/ProtonMail/go-crypto/bitcurves", "github.com/ProtonMail/go-crypto/brainpool", "github.com/ProtonMail/go-crypto/eax", "github.com/ProtonMail/go-crypto/ocb", "github.com/ProtonMail/go-crypto/openpgp", "github.com/ProtonMail/go-crypto/openpgp/aes/keywrap", "github.com/ProtonMail/go-crypto/openpgp/armor", "github.com/ProtonMail/go-crypto/openpgp/ecdh", "github.com/ProtonMail/go-crypto/openpgp/ecdsa", "github.com/ProtonMail/go-crypto/openpgp/ed25519", "github.com/ProtonMail/go-crypto/openpgp/ed448", "github.com/ProtonMail/go-crypto/openpgp/eddsa", "github.com/ProtonMail/go-crypto/openpgp/elgamal", "github.com/ProtonMail/go-crypto/openpgp/errors", "github.com/ProtonMail/go-crypto/openpgp/packet", "github.com/ProtonMail/go-crypto/openpgp/s2k", "github.com/ProtonMail/go-crypto/openpgp/x25519", "github.com/ProtonMail/go-crypto/openpgp/x448", "github.com/alecthomas/kong", "github.com/antlr4-go/antlr/v4", "github.com/asaskevich/govalidator", "github.com/aws/aws-sdk-go-v2/aws", "github.com/aws/aws-sdk-go-v2/aws/defaults", "github.com/aws/aws-sdk-go-v2/aws/middleware", "github.com/aws/aws-sdk-go-v2/aws/protocol/query", "github.com/aws/aws-sdk-go-v2/aws/protocol/restjson", "github.com/aws/aws-sdk-go-v2/aws/protocol/xml", "github.com/aws/aws-sdk-go-v2/aws/ratelimit", "github.com/aws/aws-sdk-go-v2/aws/retry", "github.com/aws/aws-sdk-go-v2/aws/signer/v4", "github.com/aws/aws-sdk-go-v2/aws/transport/http", "github.com/aws/aws-sdk-go-v2/config", "github.com/aws/aws-sdk-go-v2/credentials", "github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds", "github.com/aws/aws-sdk-go-v2/credentials/endpointcreds", "github.com/aws/aws-sdk-go-v2/credentials/logincreds", "github.com/aws/aws-sdk-go-v2/credentials/processcreds", "github.com/aws/aws-sdk-go-v2/credentials/ssocreds", "github.com/aws/aws-sdk-go-v2/credentials/stscreds", "github.com/aws/aws-sdk-go-v2/feature/ec2/imds", "github.com/aws/aws-sdk-go-v2/service/ecr", "github.com/aws/aws-sdk-go-v2/service/ecr/types", "github.com/aws/aws-sdk-go-v2/service/ecrpublic", "github.com/aws/aws-sdk-go-v2/service/ecrpublic/types", "github.com/aws/aws-sdk-go-v2/service/signin", "github.com/aws/aws-sdk-go-v2/service/signin/types", "github.com/aws/aws-sdk-go-v2/service/sso", "github.com/aws/aws-sdk-go-v2/service/sso/types", "github.com/aws/aws-sdk-go-v2/service/ssooidc", "github.com/aws/aws-sdk-go-v2/service/ssooidc/types", "github.com/aws/aws-sdk-go-v2/service/sts", "github.com/aws/aws-sdk-go-v2/service/sts/types", "github.com/aws/smithy-go", "github.com/aws/smithy-go/auth", "github.com/aws/smithy-go/auth/bearer", "github.com/aws/smithy-go/context", "github.com/aws/smithy-go/document", "github.com/aws/smithy-go/encoding", "github.com/aws/smithy-go/encoding/httpbinding", "github.com/aws/smithy-go/encoding/json", "github.com/aws/smithy-go/encoding/xml", "github.com/aws/smithy-go/endpoints", "github.com/aws/smithy-go/endpoints/private/rulesfn", "github.com/aws/smithy-go/io", "github.com/aws/smithy-go/logging", "github.com/aws/smithy-go/metrics", "github.com/aws/smithy-go/middleware", "github.com/aws/smithy-go/private/requestcompression", "github.com/aws/smithy-go/ptr", "github.com/aws/smithy-go/rand", "github.com/aws/smithy-go/time", "github.com/aws/smithy-go/tracing", "github.com/aws/smithy-go/transport/http", "github.com/aws/smithy-go/waiter", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/config", "github.com/awslabs/amazon-ecr-credential-helper/ecr-login/version", "github.com/aymanbagabas/go-osc52/v2", "github.com/bahlo/generic-list-go", "github.com/beorn7/perks/quantile", "github.com/blang/semver", "github.com/blang/semver/v4", "github.com/buger/jsonparser", "github.com/cenkalti/backoff/v5", "github.com/cespare/xxhash/v2", "github.com/chai2010/gettext-go", "github.com/chai2010/gettext-go/mo", "github.com/chai2010/gettext-go/plural", "github.com/chai2010/gettext-go/po", "github.com/charmbracelet/bubbles/spinner", "github.com/charmbracelet/bubbletea", "github.com/charmbracelet/colorprofile", "github.com/charmbracelet/lipgloss", "github.com/charmbracelet/x/ansi", "github.com/charmbracelet/x/ansi/parser", "github.com/charmbracelet/x/cellbuf", "github.com/charmbracelet/x/term", "github.com/chrismellard/docker-credential-acr-env/pkg/credhelper", "github.com/chrismellard/docker-credential-acr-env/pkg/registry", "github.com/chrismellard/docker-credential-acr-env/pkg/token", "github.com/clipperhouse/displaywidth", "github.com/clipperhouse/stringish", "github.com/clipperhouse/uax29/v2/graphemes", "github.com/cloudflare/circl/dh/x25519", "github.com/cloudflare/circl/dh/x448", "github.com/cloudflare/circl/ecc/goldilocks", "github.com/cloudflare/circl/math", "github.com/cloudflare/circl/math/fp25519", "github.com/cloudflare/circl/math/fp448", "github.com/cloudflare/circl/math/mlsbset", "github.com/cloudflare/circl/sign", "github.com/cloudflare/circl/sign/ed25519", "github.com/cloudflare/circl/sign/ed448", "github.com/containerd/containerd/archive/compression", "github.com/containerd/containerd/content", "github.com/containerd/containerd/errdefs", "github.com/containerd/containerd/filters", "github.com/containerd/containerd/images", "github.com/containerd/containerd/labels", "github.com/containerd/containerd/pkg/randutil", "github.com/containerd/containerd/remotes", "github.com/containerd/errdefs", "github.com/containerd/errdefs/pkg/errhttp", "github.com/containerd/log", "github.com/containerd/platforms", "github.com/containerd/stargz-snapshotter/estargz", "github.com/containerd/stargz-snapshotter/estargz/errorutil", "github.com/coreos/go-oidc/v3/oidc", "github.com/crossplane/crossplane-runtime/v2/pkg/errors", "github.com/crossplane/crossplane-runtime/v2/pkg/fieldpath", "github.com/crossplane/crossplane-runtime/v2/pkg/logging", "github.com/crossplane/crossplane-runtime/v2/pkg/meta", "github.com/crossplane/crossplane-runtime/v2/pkg/resource", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured/claim", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured/composed", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured/composite", "github.com/crossplane/crossplane-runtime/v2/pkg/resource/unstructured/reference", "github.com/crossplane/crossplane-runtime/v2/pkg/test", "github.com/crossplane/crossplane-runtime/v2/pkg/version", "github.com/crossplane/crossplane-runtime/v2/pkg/xcrd", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser/examples", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/parser/yaml", "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg/signature", "github.com/crossplane/crossplane/apis/v2/apiextensions/v1", "github.com/crossplane/crossplane/apis/v2/apiextensions/v1alpha1", "github.com/crossplane/crossplane/apis/v2/apiextensions/v1beta1", "github.com/crossplane/crossplane/apis/v2/apiextensions/v2", "github.com/crossplane/crossplane/apis/v2/core/v2", "github.com/crossplane/crossplane/apis/v2/ops/v1alpha1", "github.com/crossplane/crossplane/apis/v2/pkg", "github.com/crossplane/crossplane/apis/v2/pkg/meta/v1", "github.com/crossplane/crossplane/apis/v2/pkg/meta/v1alpha1", "github.com/crossplane/crossplane/apis/v2/pkg/meta/v1beta1", "github.com/crossplane/crossplane/apis/v2/pkg/v1", "github.com/crossplane/crossplane/apis/v2/pkg/v1beta1", "github.com/crossplane/function-sdk-go/errors", "github.com/crossplane/function-sdk-go/proto/v1", "github.com/crossplane/function-sdk-go/resource", "github.com/crossplane/function-sdk-go/resource/composed", "github.com/crossplane/function-sdk-go/resource/composite", "github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer", "github.com/cyphar/filepath-securejoin", "github.com/davecgh/go-spew/spew", "github.com/digitorus/pkcs7", "github.com/digitorus/timestamp", "github.com/dimchansky/utfbom", "github.com/distribution/reference", "github.com/docker/cli/cli/config", "github.com/docker/cli/cli/config/configfile", "github.com/docker/cli/cli/config/credentials", "github.com/docker/cli/cli/config/memorystore", "github.com/docker/cli/cli/config/types", "github.com/docker/distribution/registry/client/auth/challenge", "github.com/docker/docker-credential-helpers/client", "github.com/docker/docker-credential-helpers/credentials", "github.com/docker/docker/api", "github.com/docker/docker/api/types", "github.com/docker/docker/api/types/blkiodev", "github.com/docker/docker/api/types/build", "github.com/docker/docker/api/types/checkpoint", "github.com/docker/docker/api/types/common", "github.com/docker/docker/api/types/container", "github.com/docker/docker/api/types/events", "github.com/docker/docker/api/types/filters", "github.com/docker/docker/api/types/image", "github.com/docker/docker/api/types/mount", "github.com/docker/docker/api/types/network", "github.com/docker/docker/api/types/registry", "github.com/docker/docker/api/types/storage", "github.com/docker/docker/api/types/strslice", "github.com/docker/docker/api/types/swarm", "github.com/docker/docker/api/types/swarm/runtime", "github.com/docker/docker/api/types/system", "github.com/docker/docker/api/types/time", "github.com/docker/docker/api/types/versions", "github.com/docker/docker/api/types/volume", "github.com/docker/docker/client", "github.com/docker/docker/pkg/stdcopy", "github.com/docker/go-connections/nat", "github.com/docker/go-connections/sockets", "github.com/docker/go-connections/tlsconfig", "github.com/docker/go-units", "github.com/dprotaso/go-yit", "github.com/dustin/go-humanize", "github.com/emicklei/dot", "github.com/emicklei/go-restful/v3", "github.com/emicklei/go-restful/v3/log", "github.com/emirpasic/gods/containers", "github.com/emirpasic/gods/lists", "github.com/emirpasic/gods/lists/arraylist", "github.com/emirpasic/gods/trees", "github.com/emirpasic/gods/trees/binaryheap", "github.com/emirpasic/gods/utils", "github.com/evanphx/json-patch", "github.com/evanphx/json-patch/v5", "github.com/exponent-io/jsonpath", "github.com/fatih/color", "github.com/felixge/httpsnoop", "github.com/fsnotify/fsnotify", "github.com/fxamacker/cbor/v2", "github.com/getkin/kin-openapi/openapi3", "github.com/go-chi/chi/v5", "github.com/go-chi/chi/v5/middleware", "github.com/go-errors/errors", "github.com/go-git/gcfg", "github.com/go-git/gcfg/scanner", "github.com/go-git/gcfg/token", "github.com/go-git/gcfg/types", "github.com/go-git/go-billy/v5", "github.com/go-git/go-billy/v5/helper/chroot", "github.com/go-git/go-billy/v5/helper/iofs", "github.com/go-git/go-billy/v5/helper/polyfill", "github.com/go-git/go-billy/v5/memfs", "github.com/go-git/go-billy/v5/osfs", "github.com/go-git/go-billy/v5/util", "github.com/go-git/go-git/v5", "github.com/go-git/go-git/v5/config", "github.com/go-git/go-git/v5/plumbing", "github.com/go-git/go-git/v5/plumbing/cache", "github.com/go-git/go-git/v5/plumbing/color", "github.com/go-git/go-git/v5/plumbing/filemode", "github.com/go-git/go-git/v5/plumbing/format/config", "github.com/go-git/go-git/v5/plumbing/format/diff", "github.com/go-git/go-git/v5/plumbing/format/gitignore", "github.com/go-git/go-git/v5/plumbing/format/idxfile", "github.com/go-git/go-git/v5/plumbing/format/index", "github.com/go-git/go-git/v5/plumbing/format/objfile", "github.com/go-git/go-git/v5/plumbing/format/packfile", "github.com/go-git/go-git/v5/plumbing/format/pktline", "github.com/go-git/go-git/v5/plumbing/hash", "github.com/go-git/go-git/v5/plumbing/object", "github.com/go-git/go-git/v5/plumbing/protocol/packp", "github.com/go-git/go-git/v5/plumbing/protocol/packp/capability", "github.com/go-git/go-git/v5/plumbing/protocol/packp/sideband", "github.com/go-git/go-git/v5/plumbing/revlist", "github.com/go-git/go-git/v5/plumbing/storer", "github.com/go-git/go-git/v5/plumbing/transport", "github.com/go-git/go-git/v5/plumbing/transport/client", "github.com/go-git/go-git/v5/plumbing/transport/file", "github.com/go-git/go-git/v5/plumbing/transport/git", "github.com/go-git/go-git/v5/plumbing/transport/http", "github.com/go-git/go-git/v5/plumbing/transport/server", "github.com/go-git/go-git/v5/plumbing/transport/ssh", "github.com/go-git/go-git/v5/storage", "github.com/go-git/go-git/v5/storage/filesystem", "github.com/go-git/go-git/v5/storage/filesystem/dotgit", "github.com/go-git/go-git/v5/storage/memory", "github.com/go-git/go-git/v5/utils/binary", "github.com/go-git/go-git/v5/utils/diff", "github.com/go-git/go-git/v5/utils/ioutil", "github.com/go-git/go-git/v5/utils/merkletrie", "github.com/go-git/go-git/v5/utils/merkletrie/filesystem", "github.com/go-git/go-git/v5/utils/merkletrie/index", "github.com/go-git/go-git/v5/utils/merkletrie/noder", "github.com/go-git/go-git/v5/utils/sync", "github.com/go-git/go-git/v5/utils/trace", "github.com/go-gorp/gorp/v3", "github.com/go-jose/go-jose/v4", "github.com/go-jose/go-jose/v4/cipher", "github.com/go-jose/go-jose/v4/json", "github.com/go-json-experiment/json", "github.com/go-json-experiment/json/jsontext", "github.com/go-logr/logr", "github.com/go-logr/logr/funcr", "github.com/go-logr/logr/slogr", "github.com/go-logr/stdr", "github.com/go-logr/zapr", "github.com/go-openapi/analysis", "github.com/go-openapi/errors", "github.com/go-openapi/jsonpointer", "github.com/go-openapi/jsonreference", "github.com/go-openapi/loads", "github.com/go-openapi/runtime", "github.com/go-openapi/runtime/client", "github.com/go-openapi/runtime/logger", "github.com/go-openapi/runtime/middleware", "github.com/go-openapi/runtime/middleware/denco", "github.com/go-openapi/runtime/middleware/header", "github.com/go-openapi/runtime/middleware/untyped", "github.com/go-openapi/runtime/security", "github.com/go-openapi/runtime/yamlpc", "github.com/go-openapi/spec", "github.com/go-openapi/strfmt", "github.com/go-openapi/swag", "github.com/go-openapi/swag/cmdutils", "github.com/go-openapi/swag/conv", "github.com/go-openapi/swag/fileutils", "github.com/go-openapi/swag/jsonname", "github.com/go-openapi/swag/jsonutils", "github.com/go-openapi/swag/jsonutils/adapters", "github.com/go-openapi/swag/jsonutils/adapters/ifaces", "github.com/go-openapi/swag/jsonutils/adapters/stdlib/json", "github.com/go-openapi/swag/loading", "github.com/go-openapi/swag/mangling", "github.com/go-openapi/swag/netutils", "github.com/go-openapi/swag/stringutils", "github.com/go-openapi/swag/typeutils", "github.com/go-openapi/swag/yamlutils", "github.com/go-openapi/validate", "github.com/go-viper/mapstructure/v2", "github.com/gobuffalo/flect", "github.com/gobwas/glob", "github.com/gobwas/glob/compiler", "github.com/gobwas/glob/match", "github.com/gobwas/glob/syntax", "github.com/gobwas/glob/syntax/ast", "github.com/gobwas/glob/syntax/lexer", "github.com/gobwas/glob/util/runes", "github.com/gobwas/glob/util/strings", "github.com/golang-jwt/jwt/v4", "github.com/golang/groupcache/lru", "github.com/golang/snappy", "github.com/google/btree", "github.com/google/cel-go/cel", "github.com/google/cel-go/checker", "github.com/google/cel-go/checker/decls", "github.com/google/cel-go/common", "github.com/google/cel-go/common/ast", "github.com/google/cel-go/common/containers", "github.com/google/cel-go/common/debug", "github.com/google/cel-go/common/decls", "github.com/google/cel-go/common/env", "github.com/google/cel-go/common/functions", "github.com/google/cel-go/common/operators", "github.com/google/cel-go/common/overloads", "github.com/google/cel-go/common/runes", "github.com/google/cel-go/common/stdlib", "github.com/google/cel-go/common/types", "github.com/google/cel-go/common/types/pb", "github.com/google/cel-go/common/types/ref", "github.com/google/cel-go/common/types/traits", "github.com/google/cel-go/ext", "github.com/google/cel-go/interpreter", "github.com/google/cel-go/interpreter/functions", "github.com/google/cel-go/parser", "github.com/google/cel-go/parser/gen", "github.com/google/certificate-transparency-go", "github.com/google/certificate-transparency-go/asn1", "github.com/google/certificate-transparency-go/client", "github.com/google/certificate-transparency-go/client/configpb", "github.com/google/certificate-transparency-go/ctutil", "github.com/google/certificate-transparency-go/gossip/minimal/x509ext", "github.com/google/certificate-transparency-go/jsonclient", "github.com/google/certificate-transparency-go/loglist3", "github.com/google/certificate-transparency-go/tls", "github.com/google/certificate-transparency-go/x509", "github.com/google/certificate-transparency-go/x509/pkix", "github.com/google/certificate-transparency-go/x509util", "github.com/google/gnostic-models/compiler", "github.com/google/gnostic-models/extensions", "github.com/google/gnostic-models/jsonschema", "github.com/google/gnostic-models/openapiv2", "github.com/google/gnostic-models/openapiv3", "github.com/google/go-cmp/cmp", "github.com/google/go-cmp/cmp/cmpopts", "github.com/google/go-containerregistry/pkg/authn", "github.com/google/go-containerregistry/pkg/authn/k8schain", "github.com/google/go-containerregistry/pkg/authn/kubernetes", "github.com/google/go-containerregistry/pkg/compression", "github.com/google/go-containerregistry/pkg/crane", "github.com/google/go-containerregistry/pkg/legacy", "github.com/google/go-containerregistry/pkg/legacy/tarball", "github.com/google/go-containerregistry/pkg/logs", "github.com/google/go-containerregistry/pkg/name", "github.com/google/go-containerregistry/pkg/registry", "github.com/google/go-containerregistry/pkg/v1", "github.com/google/go-containerregistry/pkg/v1/daemon", "github.com/google/go-containerregistry/pkg/v1/empty", "github.com/google/go-containerregistry/pkg/v1/google", "github.com/google/go-containerregistry/pkg/v1/layout", "github.com/google/go-containerregistry/pkg/v1/match", "github.com/google/go-containerregistry/pkg/v1/mutate", "github.com/google/go-containerregistry/pkg/v1/partial", "github.com/google/go-containerregistry/pkg/v1/random", "github.com/google/go-containerregistry/pkg/v1/remote", "github.com/google/go-containerregistry/pkg/v1/remote/transport", "github.com/google/go-containerregistry/pkg/v1/static", "github.com/google/go-containerregistry/pkg/v1/stream", "github.com/google/go-containerregistry/pkg/v1/tarball", "github.com/google/go-containerregistry/pkg/v1/types", "github.com/google/ko/pkg/build", "github.com/google/ko/pkg/caps", "github.com/google/uuid", "github.com/gosuri/uitable", "github.com/gosuri/uitable/util/strutil", "github.com/gosuri/uitable/util/wordwrap", "github.com/gregjones/httpcache", "github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options", "github.com/grpc-ecosystem/grpc-gateway/v2/runtime", "github.com/grpc-ecosystem/grpc-gateway/v2/utilities", "github.com/hashicorp/errwrap", "github.com/hashicorp/go-cleanhttp", "github.com/hashicorp/go-multierror", "github.com/hashicorp/go-retryablehttp", "github.com/huandu/xstrings", "github.com/in-toto/attestation/go/v1", "github.com/in-toto/in-toto-golang/in_toto", "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common", "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.1", "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2", "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v1", "github.com/invopop/jsonschema", "github.com/jbenet/go-context/io", "github.com/jedisct1/go-minisign", "github.com/jmoiron/sqlx", "github.com/jmoiron/sqlx/reflectx", "github.com/josharian/intern", "github.com/json-iterator/go", "github.com/kevinburke/ssh_config", "github.com/klauspost/compress", "github.com/klauspost/compress/fse", "github.com/klauspost/compress/huff0", "github.com/klauspost/compress/zstd", "github.com/kubernetes-sigs/kro/pkg/graph/dag", "github.com/kubernetes-sigs/kro/pkg/simpleschema", "github.com/kubernetes-sigs/kro/pkg/simpleschema/types", "github.com/lann/builder", "github.com/lann/ps", "github.com/letsencrypt/boulder/core", "github.com/letsencrypt/boulder/core/proto", "github.com/letsencrypt/boulder/goodkey", "github.com/letsencrypt/boulder/identifier", "github.com/letsencrypt/boulder/probs", "github.com/letsencrypt/boulder/revocation", "github.com/lib/pq", "github.com/lib/pq/oid", "github.com/lib/pq/scram", "github.com/liggitt/tabwriter", "github.com/lucasb-eyer/go-colorful", "github.com/mailru/easyjson/jlexer", "github.com/mattn/go-colorable", "github.com/mattn/go-isatty", "github.com/mattn/go-runewidth", "github.com/mitchellh/copystructure", "github.com/mitchellh/go-homedir", "github.com/mitchellh/go-wordwrap", "github.com/mitchellh/reflectwalk", "github.com/moby/docker-image-spec/specs-go/v1", "github.com/moby/term", "github.com/modern-go/concurrent", "github.com/modern-go/reflect2", "github.com/mohae/deepcopy", "github.com/monochromegane/go-gitignore", "github.com/muesli/ansi", "github.com/muesli/ansi/compressor", "github.com/muesli/cancelreader", "github.com/muesli/termenv", "github.com/munnerz/goautoneg", "github.com/nozzle/throttler", "github.com/oapi-codegen/oapi-codegen/v2/pkg/codegen", "github.com/oapi-codegen/oapi-codegen/v2/pkg/util", "github.com/oasdiff/yaml", "github.com/oasdiff/yaml3", "github.com/oklog/ulid/v2", "github.com/opencontainers/go-digest", "github.com/opencontainers/image-spec/specs-go", "github.com/opencontainers/image-spec/specs-go/v1", "github.com/pb33f/ordered-map/v2", "github.com/pelletier/go-toml", "github.com/perimeterx/marshmallow", "github.com/peterbourgon/diskv", "github.com/pjbgf/sha1cd", "github.com/pjbgf/sha1cd/ubc", "github.com/pkg/browser", "github.com/pkg/errors", "github.com/pmezard/go-difflib/difflib", "github.com/posener/complete", "github.com/posener/complete/cmd", "github.com/posener/complete/cmd/install", "github.com/prometheus/client_golang/prometheus", "github.com/prometheus/client_golang/prometheus/collectors", "github.com/prometheus/client_golang/prometheus/promhttp", "github.com/prometheus/client_model/go", "github.com/prometheus/common/expfmt", "github.com/prometheus/common/model", "github.com/prometheus/procfs", "github.com/rivo/uniseg", "github.com/riywo/loginshell", "github.com/rubenv/sql-migrate", "github.com/rubenv/sql-migrate/sqlparse", "github.com/russross/blackfriday/v2", "github.com/santhosh-tekuri/jsonschema/v6", "github.com/santhosh-tekuri/jsonschema/v6/kind", "github.com/sassoftware/relic/lib/pkcs7", "github.com/sassoftware/relic/lib/x509tools", "github.com/secure-systems-lab/go-securesystemslib/cjson", "github.com/secure-systems-lab/go-securesystemslib/dsse", "github.com/secure-systems-lab/go-securesystemslib/encrypted", "github.com/secure-systems-lab/go-securesystemslib/signerverifier", "github.com/sergi/go-diff/diffmatchpatch", "github.com/shibumi/go-pathspec", "github.com/shopspring/decimal", "github.com/sigstore/cosign/v2/pkg/cosign/bundle", "github.com/sigstore/cosign/v2/pkg/cosign/env", "github.com/sigstore/cosign/v2/pkg/oci", "github.com/sigstore/cosign/v2/pkg/oci/empty", "github.com/sigstore/cosign/v2/pkg/oci/mutate", "github.com/sigstore/cosign/v2/pkg/oci/signed", "github.com/sigstore/cosign/v2/pkg/oci/static", "github.com/sigstore/cosign/v2/pkg/types", "github.com/sigstore/cosign/v3/pkg/blob", "github.com/sigstore/cosign/v3/pkg/cosign", "github.com/sigstore/cosign/v3/pkg/cosign/attestation", "github.com/sigstore/cosign/v3/pkg/cosign/bundle", "github.com/sigstore/cosign/v3/pkg/cosign/env", "github.com/sigstore/cosign/v3/pkg/cosign/fulcioverifier/ctutil", "github.com/sigstore/cosign/v3/pkg/oci", "github.com/sigstore/cosign/v3/pkg/oci/empty", "github.com/sigstore/cosign/v3/pkg/oci/layout", "github.com/sigstore/cosign/v3/pkg/oci/remote", "github.com/sigstore/cosign/v3/pkg/oci/signed", "github.com/sigstore/cosign/v3/pkg/oci/static", "github.com/sigstore/cosign/v3/pkg/types", "github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1", "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1", "github.com/sigstore/protobuf-specs/gen/pb-go/dsse", "github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1", "github.com/sigstore/protobuf-specs/gen/pb-go/trustroot/v1", "github.com/sigstore/rekor-tiles/v2/pkg/client", "github.com/sigstore/rekor-tiles/v2/pkg/client/write", "github.com/sigstore/rekor-tiles/v2/pkg/generated/protobuf", "github.com/sigstore/rekor-tiles/v2/pkg/note", "github.com/sigstore/rekor-tiles/v2/pkg/types/verifier", "github.com/sigstore/rekor-tiles/v2/pkg/verify", "github.com/sigstore/rekor/pkg/client", "github.com/sigstore/rekor/pkg/generated/client", "github.com/sigstore/rekor/pkg/generated/client/entries", "github.com/sigstore/rekor/pkg/generated/client/index", "github.com/sigstore/rekor/pkg/generated/client/pubkey", "github.com/sigstore/rekor/pkg/generated/client/tlog", "github.com/sigstore/rekor/pkg/generated/models", "github.com/sigstore/rekor/pkg/log", "github.com/sigstore/rekor/pkg/pki", "github.com/sigstore/rekor/pkg/pki/identity", "github.com/sigstore/rekor/pkg/pki/minisign", "github.com/sigstore/rekor/pkg/pki/pgp", "github.com/sigstore/rekor/pkg/pki/pkcs7", "github.com/sigstore/rekor/pkg/pki/pkitypes", "github.com/sigstore/rekor/pkg/pki/ssh", "github.com/sigstore/rekor/pkg/pki/tuf", "github.com/sigstore/rekor/pkg/pki/x509", "github.com/sigstore/rekor/pkg/tle", "github.com/sigstore/rekor/pkg/types", "github.com/sigstore/rekor/pkg/types/dsse", "github.com/sigstore/rekor/pkg/types/dsse/v0.0.1", "github.com/sigstore/rekor/pkg/types/hashedrekord", "github.com/sigstore/rekor/pkg/types/hashedrekord/v0.0.1", "github.com/sigstore/rekor/pkg/types/intoto", "github.com/sigstore/rekor/pkg/types/intoto/v0.0.1", "github.com/sigstore/rekor/pkg/types/intoto/v0.0.2", "github.com/sigstore/rekor/pkg/types/rekord", "github.com/sigstore/rekor/pkg/types/rekord/v0.0.1", "github.com/sigstore/rekor/pkg/util", "github.com/sigstore/rekor/pkg/verify", "github.com/sigstore/sigstore-go/pkg/bundle", "github.com/sigstore/sigstore-go/pkg/fulcio/certificate", "github.com/sigstore/sigstore-go/pkg/root", "github.com/sigstore/sigstore-go/pkg/sign", "github.com/sigstore/sigstore-go/pkg/tlog", "github.com/sigstore/sigstore-go/pkg/tuf", "github.com/sigstore/sigstore-go/pkg/util", "github.com/sigstore/sigstore-go/pkg/verify", "github.com/sigstore/sigstore/pkg/cryptoutils", "github.com/sigstore/sigstore/pkg/cryptoutils/goodkey", "github.com/sigstore/sigstore/pkg/fulcioroots", "github.com/sigstore/sigstore/pkg/oauth", "github.com/sigstore/sigstore/pkg/oauthflow", "github.com/sigstore/sigstore/pkg/signature", "github.com/sigstore/sigstore/pkg/signature/dsse", "github.com/sigstore/sigstore/pkg/signature/options", "github.com/sigstore/sigstore/pkg/signature/payload", "github.com/sigstore/sigstore/pkg/tuf", "github.com/sigstore/timestamp-authority/v2/pkg/verification", "github.com/sirupsen/logrus", "github.com/skeema/knownhosts", "github.com/speakeasy-api/jsonpath/pkg/jsonpath", "github.com/speakeasy-api/jsonpath/pkg/jsonpath/config", "github.com/speakeasy-api/jsonpath/pkg/jsonpath/token", "github.com/speakeasy-api/openapi/overlay", "github.com/speakeasy-api/openapi/overlay/loader", "github.com/spf13/afero", "github.com/spf13/afero/mem", "github.com/spf13/afero/tarfs", "github.com/spf13/cast", "github.com/spf13/cobra", "github.com/spf13/pflag", "github.com/syndtr/goleveldb/leveldb", "github.com/syndtr/goleveldb/leveldb/cache", "github.com/syndtr/goleveldb/leveldb/comparer", "github.com/syndtr/goleveldb/leveldb/errors", "github.com/syndtr/goleveldb/leveldb/filter", "github.com/syndtr/goleveldb/leveldb/iterator", "github.com/syndtr/goleveldb/leveldb/journal", "github.com/syndtr/goleveldb/leveldb/memdb", "github.com/syndtr/goleveldb/leveldb/opt", "github.com/syndtr/goleveldb/leveldb/storage", "github.com/syndtr/goleveldb/leveldb/table", "github.com/syndtr/goleveldb/leveldb/util", "github.com/theupdateframework/go-tuf", "github.com/theupdateframework/go-tuf/client", "github.com/theupdateframework/go-tuf/client/leveldbstore", "github.com/theupdateframework/go-tuf/data", "github.com/theupdateframework/go-tuf/pkg/keys", "github.com/theupdateframework/go-tuf/pkg/targets", "github.com/theupdateframework/go-tuf/sign", "github.com/theupdateframework/go-tuf/util", "github.com/theupdateframework/go-tuf/v2/metadata", "github.com/theupdateframework/go-tuf/v2/metadata/config", "github.com/theupdateframework/go-tuf/v2/metadata/fetcher", "github.com/theupdateframework/go-tuf/v2/metadata/trustedmetadata", "github.com/theupdateframework/go-tuf/v2/metadata/updater", "github.com/theupdateframework/go-tuf/verify", "github.com/titanous/rocacheck", "github.com/transparency-dev/formats/log", "github.com/transparency-dev/merkle", "github.com/transparency-dev/merkle/compact", "github.com/transparency-dev/merkle/proof", "github.com/transparency-dev/merkle/rfc6962", "github.com/vbatts/tar-split/archive/tar", "github.com/vmware-labs/yaml-jsonpath/pkg/yamlpath", "github.com/willabides/kongplete", "github.com/woodsbury/decimal128", "github.com/x448/float16", "github.com/xanzy/ssh-agent", "github.com/xlab/treeprint", "github.com/xo/terminfo", "go.opentelemetry.io/auto/sdk", "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "go.opentelemetry.io/otel", "go.opentelemetry.io/otel/attribute", "go.opentelemetry.io/otel/baggage", "go.opentelemetry.io/otel/codes", "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "go.opentelemetry.io/otel/metric", "go.opentelemetry.io/otel/metric/embedded", "go.opentelemetry.io/otel/metric/noop", "go.opentelemetry.io/otel/propagation", "go.opentelemetry.io/otel/sdk", "go.opentelemetry.io/otel/sdk/instrumentation", "go.opentelemetry.io/otel/sdk/resource", "go.opentelemetry.io/otel/sdk/trace", "go.opentelemetry.io/otel/semconv/v1.17.0", "go.opentelemetry.io/otel/semconv/v1.37.0", "go.opentelemetry.io/otel/semconv/v1.37.0/otelconv", "go.opentelemetry.io/otel/semconv/v1.40.0", "go.opentelemetry.io/otel/semconv/v1.40.0/httpconv", "go.opentelemetry.io/otel/semconv/v1.40.0/otelconv", "go.opentelemetry.io/otel/trace", "go.opentelemetry.io/otel/trace/embedded", "go.opentelemetry.io/otel/trace/noop", "go.opentelemetry.io/proto/otlp/collector/trace/v1", "go.opentelemetry.io/proto/otlp/common/v1", "go.opentelemetry.io/proto/otlp/resource/v1", "go.opentelemetry.io/proto/otlp/trace/v1", "go.uber.org/multierr", "go.uber.org/zap", "go.uber.org/zap/buffer", "go.uber.org/zap/zapcore", "go.yaml.in/yaml/v2", "go.yaml.in/yaml/v3", "go.yaml.in/yaml/v4", "golang.org/x/crypto/argon2", "golang.org/x/crypto/bcrypt", "golang.org/x/crypto/blake2b", "golang.org/x/crypto/blowfish", "golang.org/x/crypto/cast5", "golang.org/x/crypto/chacha20", "golang.org/x/crypto/cryptobyte", "golang.org/x/crypto/cryptobyte/asn1", "golang.org/x/crypto/curve25519", "golang.org/x/crypto/ed25519", "golang.org/x/crypto/hkdf", "golang.org/x/crypto/nacl/secretbox", "golang.org/x/crypto/ocsp", "golang.org/x/crypto/openpgp", "golang.org/x/crypto/openpgp/armor", "golang.org/x/crypto/openpgp/clearsign", "golang.org/x/crypto/openpgp/elgamal", "golang.org/x/crypto/openpgp/errors", "golang.org/x/crypto/openpgp/packet", "golang.org/x/crypto/openpgp/s2k", "golang.org/x/crypto/pbkdf2", "golang.org/x/crypto/pkcs12", "golang.org/x/crypto/salsa20/salsa", "golang.org/x/crypto/scrypt", "golang.org/x/crypto/sha3", "golang.org/x/crypto/ssh", "golang.org/x/crypto/ssh/agent", "golang.org/x/crypto/ssh/knownhosts", "golang.org/x/crypto/ssh/terminal", "golang.org/x/exp/slices", "golang.org/x/mod/modfile", "golang.org/x/mod/module", "golang.org/x/mod/semver", "golang.org/x/mod/sumdb/note", "golang.org/x/net/context", "golang.org/x/net/http/httpguts", "golang.org/x/net/http2", "golang.org/x/net/http2/hpack", "golang.org/x/net/idna", "golang.org/x/net/proxy", "golang.org/x/net/trace", "golang.org/x/net/websocket", "golang.org/x/oauth2", "golang.org/x/oauth2/authhandler", "golang.org/x/oauth2/google", "golang.org/x/oauth2/google/externalaccount", "golang.org/x/oauth2/jws", "golang.org/x/oauth2/jwt", "golang.org/x/sync/errgroup", "golang.org/x/sync/semaphore", "golang.org/x/sync/singleflight", "golang.org/x/sys/cpu", "golang.org/x/sys/execabs", "golang.org/x/sys/unix", "golang.org/x/term", "golang.org/x/text/cases", "golang.org/x/text/encoding", "golang.org/x/text/encoding/unicode", "golang.org/x/text/feature/plural", "golang.org/x/text/language", "golang.org/x/text/message", "golang.org/x/text/message/catalog", "golang.org/x/text/runes", "golang.org/x/text/secure/bidirule", "golang.org/x/text/transform", "golang.org/x/text/unicode/bidi", "golang.org/x/text/unicode/norm", "golang.org/x/time/rate", "golang.org/x/tools/go/ast/astutil", "golang.org/x/tools/go/ast/edge", "golang.org/x/tools/go/ast/inspector", "golang.org/x/tools/go/gcexportdata", "golang.org/x/tools/go/packages", "golang.org/x/tools/go/types/objectpath", "golang.org/x/tools/go/types/typeutil", "golang.org/x/tools/imports", "gomodules.xyz/jsonpatch/v2", "google.golang.org/genproto/googleapis/api", "google.golang.org/genproto/googleapis/api/annotations", "google.golang.org/genproto/googleapis/api/expr/v1alpha1", "google.golang.org/genproto/googleapis/api/httpbody", "google.golang.org/genproto/googleapis/rpc/errdetails", "google.golang.org/genproto/googleapis/rpc/status", "google.golang.org/grpc", "google.golang.org/grpc/attributes", "google.golang.org/grpc/backoff", "google.golang.org/grpc/balancer", "google.golang.org/grpc/balancer/base", "google.golang.org/grpc/balancer/endpointsharding", "google.golang.org/grpc/balancer/grpclb/state", "google.golang.org/grpc/balancer/pickfirst", "google.golang.org/grpc/balancer/roundrobin", "google.golang.org/grpc/binarylog/grpc_binarylog_v1", "google.golang.org/grpc/channelz", "google.golang.org/grpc/codes", "google.golang.org/grpc/connectivity", "google.golang.org/grpc/credentials", "google.golang.org/grpc/credentials/insecure", "google.golang.org/grpc/encoding", "google.golang.org/grpc/encoding/gzip", "google.golang.org/grpc/encoding/proto", "google.golang.org/grpc/experimental/stats", "google.golang.org/grpc/grpclog", "google.golang.org/grpc/health/grpc_health_v1", "google.golang.org/grpc/keepalive", "google.golang.org/grpc/mem", "google.golang.org/grpc/metadata", "google.golang.org/grpc/peer", "google.golang.org/grpc/resolver", "google.golang.org/grpc/resolver/dns", "google.golang.org/grpc/serviceconfig", "google.golang.org/grpc/stats", "google.golang.org/grpc/status", "google.golang.org/grpc/tap", "google.golang.org/protobuf/encoding/protodelim", "google.golang.org/protobuf/encoding/protojson", "google.golang.org/protobuf/encoding/prototext", "google.golang.org/protobuf/encoding/protowire", "google.golang.org/protobuf/proto", "google.golang.org/protobuf/protoadapt", "google.golang.org/protobuf/reflect/protodesc", "google.golang.org/protobuf/reflect/protoreflect", "google.golang.org/protobuf/reflect/protoregistry", "google.golang.org/protobuf/runtime/protoiface", "google.golang.org/protobuf/runtime/protoimpl", "google.golang.org/protobuf/testing/protocmp", "google.golang.org/protobuf/types/descriptorpb", "google.golang.org/protobuf/types/dynamicpb", "google.golang.org/protobuf/types/gofeaturespb", "google.golang.org/protobuf/types/known/anypb", "google.golang.org/protobuf/types/known/durationpb", "google.golang.org/protobuf/types/known/emptypb", "google.golang.org/protobuf/types/known/fieldmaskpb", "google.golang.org/protobuf/types/known/structpb", "google.golang.org/protobuf/types/known/timestamppb", "google.golang.org/protobuf/types/known/wrapperspb", "gopkg.in/evanphx/json-patch.v4", "gopkg.in/inf.v0", "gopkg.in/warnings.v0", "gopkg.in/yaml.v3", "helm.sh/helm/v3/pkg/action", "helm.sh/helm/v3/pkg/chart", "helm.sh/helm/v3/pkg/chart/loader", "helm.sh/helm/v3/pkg/chartutil", "helm.sh/helm/v3/pkg/cli", "helm.sh/helm/v3/pkg/downloader", "helm.sh/helm/v3/pkg/engine", "helm.sh/helm/v3/pkg/getter", "helm.sh/helm/v3/pkg/helmpath", "helm.sh/helm/v3/pkg/helmpath/xdg", "helm.sh/helm/v3/pkg/ignore", "helm.sh/helm/v3/pkg/kube", "helm.sh/helm/v3/pkg/kube/fake", "helm.sh/helm/v3/pkg/lint", "helm.sh/helm/v3/pkg/lint/rules", "helm.sh/helm/v3/pkg/lint/support", "helm.sh/helm/v3/pkg/plugin", "helm.sh/helm/v3/pkg/postrender", "helm.sh/helm/v3/pkg/provenance", "helm.sh/helm/v3/pkg/pusher", "helm.sh/helm/v3/pkg/registry", "helm.sh/helm/v3/pkg/release", "helm.sh/helm/v3/pkg/releaseutil", "helm.sh/helm/v3/pkg/repo", "helm.sh/helm/v3/pkg/storage", "helm.sh/helm/v3/pkg/storage/driver", "helm.sh/helm/v3/pkg/time", "helm.sh/helm/v3/pkg/time/ctime", "helm.sh/helm/v3/pkg/uploader", "k8s.io/api/admission/v1", "k8s.io/api/admission/v1beta1", "k8s.io/api/admissionregistration/v1", "k8s.io/api/admissionregistration/v1alpha1", "k8s.io/api/admissionregistration/v1beta1", "k8s.io/api/apidiscovery/v2", "k8s.io/api/apidiscovery/v2beta1", "k8s.io/api/apiserverinternal/v1alpha1", "k8s.io/api/apps/v1", "k8s.io/api/apps/v1beta1", "k8s.io/api/apps/v1beta2", "k8s.io/api/authentication/v1", "k8s.io/api/authentication/v1alpha1", "k8s.io/api/authentication/v1beta1", "k8s.io/api/authorization/v1", "k8s.io/api/authorization/v1beta1", "k8s.io/api/autoscaling/v1", "k8s.io/api/autoscaling/v2", "k8s.io/api/autoscaling/v2beta1", "k8s.io/api/autoscaling/v2beta2", "k8s.io/api/batch/v1", "k8s.io/api/batch/v1beta1", "k8s.io/api/certificates/v1", "k8s.io/api/certificates/v1alpha1", "k8s.io/api/certificates/v1beta1", "k8s.io/api/coordination/v1", "k8s.io/api/coordination/v1alpha2", "k8s.io/api/coordination/v1beta1", "k8s.io/api/core/v1", "k8s.io/api/discovery/v1", "k8s.io/api/discovery/v1beta1", "k8s.io/api/events/v1", "k8s.io/api/events/v1beta1", "k8s.io/api/extensions/v1beta1", "k8s.io/api/flowcontrol/v1", "k8s.io/api/flowcontrol/v1beta1", "k8s.io/api/flowcontrol/v1beta2", "k8s.io/api/flowcontrol/v1beta3", "k8s.io/api/imagepolicy/v1alpha1", "k8s.io/api/networking/v1", "k8s.io/api/networking/v1beta1", "k8s.io/api/node/v1", "k8s.io/api/node/v1alpha1", "k8s.io/api/node/v1beta1", "k8s.io/api/policy/v1", "k8s.io/api/policy/v1beta1", "k8s.io/api/rbac/v1", "k8s.io/api/rbac/v1alpha1", "k8s.io/api/rbac/v1beta1", "k8s.io/api/resource/v1", "k8s.io/api/resource/v1alpha3", "k8s.io/api/resource/v1beta1", "k8s.io/api/resource/v1beta2", "k8s.io/api/scheduling/v1", "k8s.io/api/scheduling/v1alpha1", "k8s.io/api/scheduling/v1beta1", "k8s.io/api/storage/v1", "k8s.io/api/storage/v1alpha1", "k8s.io/api/storage/v1beta1", "k8s.io/api/storagemigration/v1beta1", "k8s.io/apiextensions-apiserver/pkg/apihelpers", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/validation", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/cel/model", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/defaulting", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/objectmeta", "k8s.io/apiextensions-apiserver/pkg/apiserver/schema/pruning", "k8s.io/apiextensions-apiserver/pkg/apiserver/validation", "k8s.io/apiextensions-apiserver/pkg/controller/openapi/builder", "k8s.io/apiextensions-apiserver/pkg/controller/openapi/v2", "k8s.io/apiextensions-apiserver/pkg/features", "k8s.io/apiextensions-apiserver/pkg/generated/openapi", "k8s.io/apimachinery/pkg/api/equality", "k8s.io/apimachinery/pkg/api/errors", "k8s.io/apimachinery/pkg/api/meta", "k8s.io/apimachinery/pkg/api/meta/testrestmapper", "k8s.io/apimachinery/pkg/api/operation", "k8s.io/apimachinery/pkg/api/resource", "k8s.io/apimachinery/pkg/api/safe", "k8s.io/apimachinery/pkg/api/validate", "k8s.io/apimachinery/pkg/api/validate/constraints", "k8s.io/apimachinery/pkg/api/validate/content", "k8s.io/apimachinery/pkg/api/validation", "k8s.io/apimachinery/pkg/api/validation/path", "k8s.io/apimachinery/pkg/apis/meta/v1", "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured", "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructuredscheme", "k8s.io/apimachinery/pkg/apis/meta/v1/validation", "k8s.io/apimachinery/pkg/apis/meta/v1beta1", "k8s.io/apimachinery/pkg/apis/meta/v1beta1/validation", "k8s.io/apimachinery/pkg/conversion", "k8s.io/apimachinery/pkg/conversion/queryparams", "k8s.io/apimachinery/pkg/fields", "k8s.io/apimachinery/pkg/labels", "k8s.io/apimachinery/pkg/runtime", "k8s.io/apimachinery/pkg/runtime/schema", "k8s.io/apimachinery/pkg/runtime/serializer", "k8s.io/apimachinery/pkg/runtime/serializer/cbor", "k8s.io/apimachinery/pkg/runtime/serializer/cbor/direct", "k8s.io/apimachinery/pkg/runtime/serializer/json", "k8s.io/apimachinery/pkg/runtime/serializer/protobuf", "k8s.io/apimachinery/pkg/runtime/serializer/recognizer", "k8s.io/apimachinery/pkg/runtime/serializer/streaming", "k8s.io/apimachinery/pkg/runtime/serializer/versioning", "k8s.io/apimachinery/pkg/selection", "k8s.io/apimachinery/pkg/types", "k8s.io/apimachinery/pkg/util/cache", "k8s.io/apimachinery/pkg/util/diff", "k8s.io/apimachinery/pkg/util/dump", "k8s.io/apimachinery/pkg/util/duration", "k8s.io/apimachinery/pkg/util/errors", "k8s.io/apimachinery/pkg/util/framer", "k8s.io/apimachinery/pkg/util/httpstream", "k8s.io/apimachinery/pkg/util/httpstream/wsstream", "k8s.io/apimachinery/pkg/util/intstr", "k8s.io/apimachinery/pkg/util/json", "k8s.io/apimachinery/pkg/util/jsonmergepatch", "k8s.io/apimachinery/pkg/util/managedfields", "k8s.io/apimachinery/pkg/util/mergepatch", "k8s.io/apimachinery/pkg/util/naming", "k8s.io/apimachinery/pkg/util/net", "k8s.io/apimachinery/pkg/util/portforward", "k8s.io/apimachinery/pkg/util/rand", "k8s.io/apimachinery/pkg/util/remotecommand", "k8s.io/apimachinery/pkg/util/runtime", "k8s.io/apimachinery/pkg/util/sets", "k8s.io/apimachinery/pkg/util/strategicpatch", "k8s.io/apimachinery/pkg/util/uuid", "k8s.io/apimachinery/pkg/util/validation", "k8s.io/apimachinery/pkg/util/validation/field", "k8s.io/apimachinery/pkg/util/version", "k8s.io/apimachinery/pkg/util/wait", "k8s.io/apimachinery/pkg/util/yaml", "k8s.io/apimachinery/pkg/version", "k8s.io/apimachinery/pkg/watch", "k8s.io/apimachinery/third_party/forked/golang/json", "k8s.io/apimachinery/third_party/forked/golang/reflect", "k8s.io/apiserver/pkg/admission", "k8s.io/apiserver/pkg/apis/apiserver", "k8s.io/apiserver/pkg/apis/apiserver/install", "k8s.io/apiserver/pkg/apis/apiserver/v1", "k8s.io/apiserver/pkg/apis/apiserver/v1alpha1", "k8s.io/apiserver/pkg/apis/apiserver/v1beta1", "k8s.io/apiserver/pkg/apis/audit", "k8s.io/apiserver/pkg/apis/audit/v1", "k8s.io/apiserver/pkg/apis/cel", "k8s.io/apiserver/pkg/audit", "k8s.io/apiserver/pkg/authentication/serviceaccount", "k8s.io/apiserver/pkg/authentication/user", "k8s.io/apiserver/pkg/authorization/authorizer", "k8s.io/apiserver/pkg/cel", "k8s.io/apiserver/pkg/cel/common", "k8s.io/apiserver/pkg/cel/environment", "k8s.io/apiserver/pkg/cel/library", "k8s.io/apiserver/pkg/cel/metrics", "k8s.io/apiserver/pkg/cel/openapi", "k8s.io/apiserver/pkg/endpoints", "k8s.io/apiserver/pkg/endpoints/deprecation", "k8s.io/apiserver/pkg/endpoints/discovery", "k8s.io/apiserver/pkg/endpoints/handlers", "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager", "k8s.io/apiserver/pkg/endpoints/handlers/finisher", "k8s.io/apiserver/pkg/endpoints/handlers/metrics", "k8s.io/apiserver/pkg/endpoints/handlers/negotiation", "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters", "k8s.io/apiserver/pkg/endpoints/metrics", "k8s.io/apiserver/pkg/endpoints/openapi", "k8s.io/apiserver/pkg/endpoints/request", "k8s.io/apiserver/pkg/endpoints/responsewriter", "k8s.io/apiserver/pkg/endpoints/warning", "k8s.io/apiserver/pkg/features", "k8s.io/apiserver/pkg/registry/rest", "k8s.io/apiserver/pkg/server/egressselector", "k8s.io/apiserver/pkg/server/egressselector/metrics", "k8s.io/apiserver/pkg/server/routine", "k8s.io/apiserver/pkg/storage", "k8s.io/apiserver/pkg/storage/names", "k8s.io/apiserver/pkg/storageversion", "k8s.io/apiserver/pkg/util/apihelpers", "k8s.io/apiserver/pkg/util/compatibility", "k8s.io/apiserver/pkg/util/dryrun", "k8s.io/apiserver/pkg/util/feature", "k8s.io/apiserver/pkg/util/flushwriter", "k8s.io/apiserver/pkg/util/openapi", "k8s.io/apiserver/pkg/util/webhook", "k8s.io/apiserver/pkg/util/x509metrics", "k8s.io/apiserver/pkg/validation", "k8s.io/apiserver/pkg/warning", "k8s.io/cli-runtime/pkg/genericclioptions", "k8s.io/cli-runtime/pkg/genericiooptions", "k8s.io/cli-runtime/pkg/printers", "k8s.io/cli-runtime/pkg/resource", "k8s.io/client-go/applyconfigurations", "k8s.io/client-go/applyconfigurations/admissionregistration/v1", "k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1", "k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1", "k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1", "k8s.io/client-go/applyconfigurations/apps/v1", "k8s.io/client-go/applyconfigurations/apps/v1beta1", "k8s.io/client-go/applyconfigurations/apps/v1beta2", "k8s.io/client-go/applyconfigurations/autoscaling/v1", "k8s.io/client-go/applyconfigurations/autoscaling/v2", "k8s.io/client-go/applyconfigurations/autoscaling/v2beta1", "k8s.io/client-go/applyconfigurations/autoscaling/v2beta2", "k8s.io/client-go/applyconfigurations/batch/v1", "k8s.io/client-go/applyconfigurations/batch/v1beta1", "k8s.io/client-go/applyconfigurations/certificates/v1", "k8s.io/client-go/applyconfigurations/certificates/v1alpha1", "k8s.io/client-go/applyconfigurations/certificates/v1beta1", "k8s.io/client-go/applyconfigurations/coordination/v1", "k8s.io/client-go/applyconfigurations/coordination/v1alpha2", "k8s.io/client-go/applyconfigurations/coordination/v1beta1", "k8s.io/client-go/applyconfigurations/core/v1", "k8s.io/client-go/applyconfigurations/discovery/v1", "k8s.io/client-go/applyconfigurations/discovery/v1beta1", "k8s.io/client-go/applyconfigurations/events/v1", "k8s.io/client-go/applyconfigurations/events/v1beta1", "k8s.io/client-go/applyconfigurations/extensions/v1beta1", "k8s.io/client-go/applyconfigurations/flowcontrol/v1", "k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1", "k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2", "k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3", "k8s.io/client-go/applyconfigurations/imagepolicy/v1alpha1", "k8s.io/client-go/applyconfigurations/meta/v1", "k8s.io/client-go/applyconfigurations/networking/v1", "k8s.io/client-go/applyconfigurations/networking/v1beta1", "k8s.io/client-go/applyconfigurations/node/v1", "k8s.io/client-go/applyconfigurations/node/v1alpha1", "k8s.io/client-go/applyconfigurations/node/v1beta1", "k8s.io/client-go/applyconfigurations/policy/v1", "k8s.io/client-go/applyconfigurations/policy/v1beta1", "k8s.io/client-go/applyconfigurations/rbac/v1", "k8s.io/client-go/applyconfigurations/rbac/v1alpha1", "k8s.io/client-go/applyconfigurations/rbac/v1beta1", "k8s.io/client-go/applyconfigurations/resource/v1", "k8s.io/client-go/applyconfigurations/resource/v1alpha3", "k8s.io/client-go/applyconfigurations/resource/v1beta1", "k8s.io/client-go/applyconfigurations/resource/v1beta2", "k8s.io/client-go/applyconfigurations/scheduling/v1", "k8s.io/client-go/applyconfigurations/scheduling/v1alpha1", "k8s.io/client-go/applyconfigurations/scheduling/v1beta1", "k8s.io/client-go/applyconfigurations/storage/v1", "k8s.io/client-go/applyconfigurations/storage/v1alpha1", "k8s.io/client-go/applyconfigurations/storage/v1beta1", "k8s.io/client-go/applyconfigurations/storagemigration/v1beta1", "k8s.io/client-go/discovery", "k8s.io/client-go/discovery/cached/disk", "k8s.io/client-go/discovery/cached/memory", "k8s.io/client-go/dynamic", "k8s.io/client-go/features", "k8s.io/client-go/gentype", "k8s.io/client-go/informers", "k8s.io/client-go/informers/admissionregistration", "k8s.io/client-go/informers/admissionregistration/v1", "k8s.io/client-go/informers/admissionregistration/v1alpha1", "k8s.io/client-go/informers/admissionregistration/v1beta1", "k8s.io/client-go/informers/apiserverinternal", "k8s.io/client-go/informers/apiserverinternal/v1alpha1", "k8s.io/client-go/informers/apps", "k8s.io/client-go/informers/apps/v1", "k8s.io/client-go/informers/apps/v1beta1", "k8s.io/client-go/informers/apps/v1beta2", "k8s.io/client-go/informers/autoscaling", "k8s.io/client-go/informers/autoscaling/v1", "k8s.io/client-go/informers/autoscaling/v2", "k8s.io/client-go/informers/autoscaling/v2beta1", "k8s.io/client-go/informers/autoscaling/v2beta2", "k8s.io/client-go/informers/batch", "k8s.io/client-go/informers/batch/v1", "k8s.io/client-go/informers/batch/v1beta1", "k8s.io/client-go/informers/certificates", "k8s.io/client-go/informers/certificates/v1", "k8s.io/client-go/informers/certificates/v1alpha1", "k8s.io/client-go/informers/certificates/v1beta1", "k8s.io/client-go/informers/coordination", "k8s.io/client-go/informers/coordination/v1", "k8s.io/client-go/informers/coordination/v1alpha2", "k8s.io/client-go/informers/coordination/v1beta1", "k8s.io/client-go/informers/core", "k8s.io/client-go/informers/core/v1", "k8s.io/client-go/informers/discovery", "k8s.io/client-go/informers/discovery/v1", "k8s.io/client-go/informers/discovery/v1beta1", "k8s.io/client-go/informers/events", "k8s.io/client-go/informers/events/v1", "k8s.io/client-go/informers/events/v1beta1", "k8s.io/client-go/informers/extensions", "k8s.io/client-go/informers/extensions/v1beta1", "k8s.io/client-go/informers/flowcontrol", "k8s.io/client-go/informers/flowcontrol/v1", "k8s.io/client-go/informers/flowcontrol/v1beta1", "k8s.io/client-go/informers/flowcontrol/v1beta2", "k8s.io/client-go/informers/flowcontrol/v1beta3", "k8s.io/client-go/informers/networking", "k8s.io/client-go/informers/networking/v1", "k8s.io/client-go/informers/networking/v1beta1", "k8s.io/client-go/informers/node", "k8s.io/client-go/informers/node/v1", "k8s.io/client-go/informers/node/v1alpha1", "k8s.io/client-go/informers/node/v1beta1", "k8s.io/client-go/informers/policy", "k8s.io/client-go/informers/policy/v1", "k8s.io/client-go/informers/policy/v1beta1", "k8s.io/client-go/informers/rbac", "k8s.io/client-go/informers/rbac/v1", "k8s.io/client-go/informers/rbac/v1alpha1", "k8s.io/client-go/informers/rbac/v1beta1", "k8s.io/client-go/informers/resource", "k8s.io/client-go/informers/resource/v1", "k8s.io/client-go/informers/resource/v1alpha3", "k8s.io/client-go/informers/resource/v1beta1", "k8s.io/client-go/informers/resource/v1beta2", "k8s.io/client-go/informers/scheduling", "k8s.io/client-go/informers/scheduling/v1", "k8s.io/client-go/informers/scheduling/v1alpha1", "k8s.io/client-go/informers/scheduling/v1beta1", "k8s.io/client-go/informers/storage", "k8s.io/client-go/informers/storage/v1", "k8s.io/client-go/informers/storage/v1alpha1", "k8s.io/client-go/informers/storage/v1beta1", "k8s.io/client-go/informers/storagemigration", "k8s.io/client-go/informers/storagemigration/v1beta1", "k8s.io/client-go/kubernetes", "k8s.io/client-go/kubernetes/scheme", "k8s.io/client-go/kubernetes/typed/admissionregistration/v1", "k8s.io/client-go/kubernetes/typed/admissionregistration/v1alpha1", "k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1", "k8s.io/client-go/kubernetes/typed/apiserverinternal/v1alpha1", "k8s.io/client-go/kubernetes/typed/apps/v1", "k8s.io/client-go/kubernetes/typed/apps/v1beta1", "k8s.io/client-go/kubernetes/typed/apps/v1beta2", "k8s.io/client-go/kubernetes/typed/authentication/v1", "k8s.io/client-go/kubernetes/typed/authentication/v1alpha1", "k8s.io/client-go/kubernetes/typed/authentication/v1beta1", "k8s.io/client-go/kubernetes/typed/authorization/v1", "k8s.io/client-go/kubernetes/typed/authorization/v1beta1", "k8s.io/client-go/kubernetes/typed/autoscaling/v1", "k8s.io/client-go/kubernetes/typed/autoscaling/v2", "k8s.io/client-go/kubernetes/typed/autoscaling/v2beta1", "k8s.io/client-go/kubernetes/typed/autoscaling/v2beta2", "k8s.io/client-go/kubernetes/typed/batch/v1", "k8s.io/client-go/kubernetes/typed/batch/v1beta1", "k8s.io/client-go/kubernetes/typed/certificates/v1", "k8s.io/client-go/kubernetes/typed/certificates/v1alpha1", "k8s.io/client-go/kubernetes/typed/certificates/v1beta1", "k8s.io/client-go/kubernetes/typed/coordination/v1", "k8s.io/client-go/kubernetes/typed/coordination/v1alpha2", "k8s.io/client-go/kubernetes/typed/coordination/v1beta1", "k8s.io/client-go/kubernetes/typed/core/v1", "k8s.io/client-go/kubernetes/typed/discovery/v1", "k8s.io/client-go/kubernetes/typed/discovery/v1beta1", "k8s.io/client-go/kubernetes/typed/events/v1", "k8s.io/client-go/kubernetes/typed/events/v1beta1", "k8s.io/client-go/kubernetes/typed/extensions/v1beta1", "k8s.io/client-go/kubernetes/typed/flowcontrol/v1", "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta1", "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta2", "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta3", "k8s.io/client-go/kubernetes/typed/networking/v1", "k8s.io/client-go/kubernetes/typed/networking/v1beta1", "k8s.io/client-go/kubernetes/typed/node/v1", "k8s.io/client-go/kubernetes/typed/node/v1alpha1", "k8s.io/client-go/kubernetes/typed/node/v1beta1", "k8s.io/client-go/kubernetes/typed/policy/v1", "k8s.io/client-go/kubernetes/typed/policy/v1beta1", "k8s.io/client-go/kubernetes/typed/rbac/v1", "k8s.io/client-go/kubernetes/typed/rbac/v1alpha1", "k8s.io/client-go/kubernetes/typed/rbac/v1beta1", "k8s.io/client-go/kubernetes/typed/resource/v1", "k8s.io/client-go/kubernetes/typed/resource/v1alpha3", "k8s.io/client-go/kubernetes/typed/resource/v1beta1", "k8s.io/client-go/kubernetes/typed/resource/v1beta2", "k8s.io/client-go/kubernetes/typed/scheduling/v1", "k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1", "k8s.io/client-go/kubernetes/typed/scheduling/v1beta1", "k8s.io/client-go/kubernetes/typed/storage/v1", "k8s.io/client-go/kubernetes/typed/storage/v1alpha1", "k8s.io/client-go/kubernetes/typed/storage/v1beta1", "k8s.io/client-go/kubernetes/typed/storagemigration/v1beta1", "k8s.io/client-go/listers", "k8s.io/client-go/listers/admissionregistration/v1", "k8s.io/client-go/listers/admissionregistration/v1alpha1", "k8s.io/client-go/listers/admissionregistration/v1beta1", "k8s.io/client-go/listers/apiserverinternal/v1alpha1", "k8s.io/client-go/listers/apps/v1", "k8s.io/client-go/listers/apps/v1beta1", "k8s.io/client-go/listers/apps/v1beta2", "k8s.io/client-go/listers/autoscaling/v1", "k8s.io/client-go/listers/autoscaling/v2", "k8s.io/client-go/listers/autoscaling/v2beta1", "k8s.io/client-go/listers/autoscaling/v2beta2", "k8s.io/client-go/listers/batch/v1", "k8s.io/client-go/listers/batch/v1beta1", "k8s.io/client-go/listers/certificates/v1", "k8s.io/client-go/listers/certificates/v1alpha1", "k8s.io/client-go/listers/certificates/v1beta1", "k8s.io/client-go/listers/coordination/v1", "k8s.io/client-go/listers/coordination/v1alpha2", "k8s.io/client-go/listers/coordination/v1beta1", "k8s.io/client-go/listers/core/v1", "k8s.io/client-go/listers/discovery/v1", "k8s.io/client-go/listers/discovery/v1beta1", "k8s.io/client-go/listers/events/v1", "k8s.io/client-go/listers/events/v1beta1", "k8s.io/client-go/listers/extensions/v1beta1", "k8s.io/client-go/listers/flowcontrol/v1", "k8s.io/client-go/listers/flowcontrol/v1beta1", "k8s.io/client-go/listers/flowcontrol/v1beta2", "k8s.io/client-go/listers/flowcontrol/v1beta3", "k8s.io/client-go/listers/networking/v1", "k8s.io/client-go/listers/networking/v1beta1", "k8s.io/client-go/listers/node/v1", "k8s.io/client-go/listers/node/v1alpha1", "k8s.io/client-go/listers/node/v1beta1", "k8s.io/client-go/listers/policy/v1", "k8s.io/client-go/listers/policy/v1beta1", "k8s.io/client-go/listers/rbac/v1", "k8s.io/client-go/listers/rbac/v1alpha1", "k8s.io/client-go/listers/rbac/v1beta1", "k8s.io/client-go/listers/resource/v1", "k8s.io/client-go/listers/resource/v1alpha3", "k8s.io/client-go/listers/resource/v1beta1", "k8s.io/client-go/listers/resource/v1beta2", "k8s.io/client-go/listers/scheduling/v1", "k8s.io/client-go/listers/scheduling/v1alpha1", "k8s.io/client-go/listers/scheduling/v1beta1", "k8s.io/client-go/listers/storage/v1", "k8s.io/client-go/listers/storage/v1alpha1", "k8s.io/client-go/listers/storage/v1beta1", "k8s.io/client-go/listers/storagemigration/v1beta1", "k8s.io/client-go/metadata", "k8s.io/client-go/openapi", "k8s.io/client-go/openapi/cached", "k8s.io/client-go/openapi3", "k8s.io/client-go/pkg/apis/clientauthentication", "k8s.io/client-go/pkg/apis/clientauthentication/install", "k8s.io/client-go/pkg/apis/clientauthentication/v1", "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1", "k8s.io/client-go/pkg/version", "k8s.io/client-go/plugin/pkg/client/auth", "k8s.io/client-go/plugin/pkg/client/auth/azure", "k8s.io/client-go/plugin/pkg/client/auth/exec", "k8s.io/client-go/plugin/pkg/client/auth/gcp", "k8s.io/client-go/plugin/pkg/client/auth/oidc", "k8s.io/client-go/rest", "k8s.io/client-go/rest/watch", "k8s.io/client-go/restmapper", "k8s.io/client-go/scale", "k8s.io/client-go/scale/scheme", "k8s.io/client-go/scale/scheme/appsint", "k8s.io/client-go/scale/scheme/appsv1beta1", "k8s.io/client-go/scale/scheme/appsv1beta2", "k8s.io/client-go/scale/scheme/autoscalingv1", "k8s.io/client-go/scale/scheme/extensionsint", "k8s.io/client-go/scale/scheme/extensionsv1beta1", "k8s.io/client-go/testing", "k8s.io/client-go/third_party/forked/golang/template", "k8s.io/client-go/tools/auth", "k8s.io/client-go/tools/cache", "k8s.io/client-go/tools/cache/synctrack", "k8s.io/client-go/tools/clientcmd", "k8s.io/client-go/tools/clientcmd/api", "k8s.io/client-go/tools/clientcmd/api/latest", "k8s.io/client-go/tools/clientcmd/api/v1", "k8s.io/client-go/tools/events", "k8s.io/client-go/tools/leaderelection", "k8s.io/client-go/tools/leaderelection/resourcelock", "k8s.io/client-go/tools/metrics", "k8s.io/client-go/tools/pager", "k8s.io/client-go/tools/record", "k8s.io/client-go/tools/record/util", "k8s.io/client-go/tools/reference", "k8s.io/client-go/tools/watch", "k8s.io/client-go/transport", "k8s.io/client-go/util/apply", "k8s.io/client-go/util/cert", "k8s.io/client-go/util/connrotation", "k8s.io/client-go/util/consistencydetector", "k8s.io/client-go/util/flowcontrol", "k8s.io/client-go/util/homedir", "k8s.io/client-go/util/jsonpath", "k8s.io/client-go/util/keyutil", "k8s.io/client-go/util/retry", "k8s.io/client-go/util/watchlist", "k8s.io/client-go/util/workqueue", "k8s.io/component-base/cli/flag", "k8s.io/component-base/compatibility", "k8s.io/component-base/featuregate", "k8s.io/component-base/metrics", "k8s.io/component-base/metrics/legacyregistry", "k8s.io/component-base/metrics/prometheus/compatversion", "k8s.io/component-base/metrics/prometheus/feature", "k8s.io/component-base/metrics/prometheus/workqueue", "k8s.io/component-base/metrics/prometheusextension", "k8s.io/component-base/tracing", "k8s.io/component-base/tracing/api/v1", "k8s.io/component-base/version", "k8s.io/component-base/zpages/features", "k8s.io/klog/v2", "k8s.io/kube-openapi/pkg/aggregator", "k8s.io/kube-openapi/pkg/builder", "k8s.io/kube-openapi/pkg/builder3", "k8s.io/kube-openapi/pkg/builder3/util", "k8s.io/kube-openapi/pkg/cached", "k8s.io/kube-openapi/pkg/common", "k8s.io/kube-openapi/pkg/common/restfuladapter", "k8s.io/kube-openapi/pkg/handler3", "k8s.io/kube-openapi/pkg/schemaconv", "k8s.io/kube-openapi/pkg/schemamutation", "k8s.io/kube-openapi/pkg/spec3", "k8s.io/kube-openapi/pkg/util", "k8s.io/kube-openapi/pkg/util/proto", "k8s.io/kube-openapi/pkg/util/proto/validation", "k8s.io/kube-openapi/pkg/validation/errors", "k8s.io/kube-openapi/pkg/validation/spec", "k8s.io/kube-openapi/pkg/validation/strfmt", "k8s.io/kube-openapi/pkg/validation/strfmt/bson", "k8s.io/kube-openapi/pkg/validation/validate", "k8s.io/kubectl/pkg/cmd/util", "k8s.io/kubectl/pkg/scheme", "k8s.io/kubectl/pkg/util/i18n", "k8s.io/kubectl/pkg/util/interrupt", "k8s.io/kubectl/pkg/util/openapi", "k8s.io/kubectl/pkg/util/templates", "k8s.io/kubectl/pkg/util/term", "k8s.io/kubectl/pkg/validation", "k8s.io/metrics/pkg/apis/metrics", "k8s.io/metrics/pkg/apis/metrics/v1alpha1", "k8s.io/metrics/pkg/apis/metrics/v1beta1", "k8s.io/metrics/pkg/client/clientset/versioned", "k8s.io/metrics/pkg/client/clientset/versioned/scheme", "k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1alpha1", "k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1", "k8s.io/utils/buffer", "k8s.io/utils/clock", "k8s.io/utils/exec", "k8s.io/utils/lru", "k8s.io/utils/net", "k8s.io/utils/path", "k8s.io/utils/ptr", "k8s.io/utils/trace", "oras.land/oras-go/v2", "oras.land/oras-go/v2/content", "oras.land/oras-go/v2/content/memory", "oras.land/oras-go/v2/errdef", "oras.land/oras-go/v2/registry", "oras.land/oras-go/v2/registry/remote", "oras.land/oras-go/v2/registry/remote/auth", "oras.land/oras-go/v2/registry/remote/credentials", "oras.land/oras-go/v2/registry/remote/credentials/trace", "oras.land/oras-go/v2/registry/remote/errcode", "oras.land/oras-go/v2/registry/remote/retry", "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client", "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/metrics", "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/common/metrics", "sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client", "sigs.k8s.io/controller-runtime", "sigs.k8s.io/controller-runtime/pkg/builder", "sigs.k8s.io/controller-runtime/pkg/cache", "sigs.k8s.io/controller-runtime/pkg/certwatcher", "sigs.k8s.io/controller-runtime/pkg/certwatcher/metrics", "sigs.k8s.io/controller-runtime/pkg/client", "sigs.k8s.io/controller-runtime/pkg/client/apiutil", "sigs.k8s.io/controller-runtime/pkg/client/config", "sigs.k8s.io/controller-runtime/pkg/client/fake", "sigs.k8s.io/controller-runtime/pkg/client/interceptor", "sigs.k8s.io/controller-runtime/pkg/cluster", "sigs.k8s.io/controller-runtime/pkg/config", "sigs.k8s.io/controller-runtime/pkg/controller", "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil", "sigs.k8s.io/controller-runtime/pkg/controller/priorityqueue", "sigs.k8s.io/controller-runtime/pkg/conversion", "sigs.k8s.io/controller-runtime/pkg/event", "sigs.k8s.io/controller-runtime/pkg/handler", "sigs.k8s.io/controller-runtime/pkg/healthz", "sigs.k8s.io/controller-runtime/pkg/leaderelection", "sigs.k8s.io/controller-runtime/pkg/log", "sigs.k8s.io/controller-runtime/pkg/log/zap", "sigs.k8s.io/controller-runtime/pkg/manager", "sigs.k8s.io/controller-runtime/pkg/manager/signals", "sigs.k8s.io/controller-runtime/pkg/metrics", "sigs.k8s.io/controller-runtime/pkg/metrics/server", "sigs.k8s.io/controller-runtime/pkg/predicate", "sigs.k8s.io/controller-runtime/pkg/reconcile", "sigs.k8s.io/controller-runtime/pkg/recorder", "sigs.k8s.io/controller-runtime/pkg/scheme", "sigs.k8s.io/controller-runtime/pkg/source", "sigs.k8s.io/controller-runtime/pkg/webhook", "sigs.k8s.io/controller-runtime/pkg/webhook/admission", "sigs.k8s.io/controller-runtime/pkg/webhook/admission/metrics", "sigs.k8s.io/controller-runtime/pkg/webhook/conversion", "sigs.k8s.io/controller-runtime/pkg/webhook/conversion/metrics", "sigs.k8s.io/json", "sigs.k8s.io/kind/pkg/apis/config/defaults", "sigs.k8s.io/kind/pkg/apis/config/v1alpha4", "sigs.k8s.io/kind/pkg/cluster", "sigs.k8s.io/kind/pkg/cluster/constants", "sigs.k8s.io/kind/pkg/cluster/nodes", "sigs.k8s.io/kind/pkg/cluster/nodeutils", "sigs.k8s.io/kind/pkg/cmd", "sigs.k8s.io/kind/pkg/cmd/kind/version", "sigs.k8s.io/kind/pkg/errors", "sigs.k8s.io/kind/pkg/exec", "sigs.k8s.io/kind/pkg/fs", "sigs.k8s.io/kind/pkg/log", "sigs.k8s.io/kustomize/api/filters/annotations", "sigs.k8s.io/kustomize/api/filters/fieldspec", "sigs.k8s.io/kustomize/api/filters/filtersutil", "sigs.k8s.io/kustomize/api/filters/fsslice", "sigs.k8s.io/kustomize/api/filters/iampolicygenerator", "sigs.k8s.io/kustomize/api/filters/imagetag", "sigs.k8s.io/kustomize/api/filters/labels", "sigs.k8s.io/kustomize/api/filters/nameref", "sigs.k8s.io/kustomize/api/filters/namespace", "sigs.k8s.io/kustomize/api/filters/patchjson6902", "sigs.k8s.io/kustomize/api/filters/patchstrategicmerge", "sigs.k8s.io/kustomize/api/filters/prefix", "sigs.k8s.io/kustomize/api/filters/refvar", "sigs.k8s.io/kustomize/api/filters/replacement", "sigs.k8s.io/kustomize/api/filters/replicacount", "sigs.k8s.io/kustomize/api/filters/suffix", "sigs.k8s.io/kustomize/api/filters/valueadd", "sigs.k8s.io/kustomize/api/hasher", "sigs.k8s.io/kustomize/api/ifc", "sigs.k8s.io/kustomize/api/konfig", "sigs.k8s.io/kustomize/api/krusty", "sigs.k8s.io/kustomize/api/kv", "sigs.k8s.io/kustomize/api/provenance", "sigs.k8s.io/kustomize/api/provider", "sigs.k8s.io/kustomize/api/resmap", "sigs.k8s.io/kustomize/api/resource", "sigs.k8s.io/kustomize/api/types", "sigs.k8s.io/kustomize/kyaml/comments", "sigs.k8s.io/kustomize/kyaml/errors", "sigs.k8s.io/kustomize/kyaml/ext", "sigs.k8s.io/kustomize/kyaml/fieldmeta", "sigs.k8s.io/kustomize/kyaml/filesys", "sigs.k8s.io/kustomize/kyaml/fn/runtime/container", "sigs.k8s.io/kustomize/kyaml/fn/runtime/exec", "sigs.k8s.io/kustomize/kyaml/fn/runtime/runtimeutil", "sigs.k8s.io/kustomize/kyaml/kio", "sigs.k8s.io/kustomize/kyaml/kio/kioutil", "sigs.k8s.io/kustomize/kyaml/openapi", "sigs.k8s.io/kustomize/kyaml/openapi/kubernetesapi", "sigs.k8s.io/kustomize/kyaml/openapi/kubernetesapi/v1_21_2", "sigs.k8s.io/kustomize/kyaml/openapi/kustomizationapi", "sigs.k8s.io/kustomize/kyaml/order", "sigs.k8s.io/kustomize/kyaml/resid", "sigs.k8s.io/kustomize/kyaml/runfn", "sigs.k8s.io/kustomize/kyaml/sets", "sigs.k8s.io/kustomize/kyaml/sliceutil", "sigs.k8s.io/kustomize/kyaml/utils", "sigs.k8s.io/kustomize/kyaml/yaml", "sigs.k8s.io/kustomize/kyaml/yaml/merge2", "sigs.k8s.io/kustomize/kyaml/yaml/schema", "sigs.k8s.io/kustomize/kyaml/yaml/walk", "sigs.k8s.io/randfill", "sigs.k8s.io/randfill/bytesource", "sigs.k8s.io/structured-merge-diff/v6/fieldpath", "sigs.k8s.io/structured-merge-diff/v6/merge", "sigs.k8s.io/structured-merge-diff/v6/schema", "sigs.k8s.io/structured-merge-diff/v6/typed", "sigs.k8s.io/structured-merge-diff/v6/value", "sigs.k8s.io/yaml", "sigs.k8s.io/yaml/goyaml.v3", "sigs.k8s.io/yaml/kyaml"] [mod] [mod."al.essio.dev/pkg/shellescape"] diff --git a/internal/project/render.go b/internal/project/render.go new file mode 100644 index 0000000..6f2c21e --- /dev/null +++ b/internal/project/render.go @@ -0,0 +1,152 @@ +/* +Copyright 2026 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package project + +import ( + "context" + "fmt" + "os" + "runtime" + "strings" + + "github.com/google/go-containerregistry/pkg/name" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/daemon" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/crossplane/crossplane-runtime/v2/pkg/errors" + "github.com/crossplane/crossplane-runtime/v2/pkg/xpkg" + + pkgv1 "github.com/crossplane/crossplane/apis/v2/pkg/v1" + + devv1alpha1 "github.com/crossplane/cli/v2/apis/dev/v1alpha1" + "github.com/crossplane/cli/v2/internal/docker" +) + +// A Resolver resolves a CLI-style package reference to an OCI reference. +type Resolver interface { + ResolveRef(ref string) (name.Reference, error) +} + +// LoadFunctionDependencies loads function manifests from a project's +// dependencies, resolving version constraints using the provided resolver. +func LoadFunctionDependencies(resolver Resolver, proj *devv1alpha1.Project) ([]pkgv1.Function, error) { + fns := make([]pkgv1.Function, 0, len(proj.Spec.Dependencies)) + for _, dep := range proj.Spec.Dependencies { + if dep.Type != devv1alpha1.DependencyTypeXpkg { + continue + } + if dep.Xpkg == nil || dep.Xpkg.APIOnly { + continue + } + + var ref string + if _, err := v1.NewHash(dep.Xpkg.Version); err == nil { + ref = fmt.Sprintf("%s@%s", dep.Xpkg.Package, dep.Xpkg.Version) + } else { + ref = fmt.Sprintf("%s:%s", dep.Xpkg.Package, dep.Xpkg.Version) + } + + resolved, err := resolver.ResolveRef(ref) + if err != nil { + return nil, errors.Wrapf(err, "cannot resolve function dependency %s", ref) + } + + f := pkgv1.Function{ + ObjectMeta: metav1.ObjectMeta{ + Name: xpkg.ToDNSLabel(resolved.Context().RepositoryStr()), + }, + Spec: pkgv1.FunctionSpec{ + PackageSpec: pkgv1.PackageSpec{ + Package: resolved.Name(), + }, + }, + } + fns = append(fns, f) + } + + return fns, nil +} + +// EmbeddedFunctionsToDaemon loads each compatible image in the ImageTagMap into +// the Docker daemon and returns Function manifests. +func EmbeddedFunctionsToDaemon(ctx context.Context, imageMap ImageTagMap) ([]pkgv1.Function, error) { + targetArch := getDockerDaemonArchitecture(ctx) + + fns := make([]pkgv1.Function, 0, len(imageMap)) + for tag, img := range imageMap { + cfgFile, err := img.ConfigFile() + if err != nil { + return nil, errors.Wrapf(err, "cannot get platform info for image %s", tag) + } + + if cfgFile.Architecture != targetArch { + continue + } + + if _, err := daemon.Write(tag, img); err != nil { + return nil, errors.Wrapf(err, "cannot push image %s to daemon", tag) + } + + fns = append(fns, pkgv1.Function{ + ObjectMeta: metav1.ObjectMeta{ + Name: xpkg.ToDNSLabel(tag.Context().RepositoryStr()), + }, + Spec: pkgv1.FunctionSpec{ + PackageSpec: pkgv1.PackageSpec{ + Package: tag.Name(), + }, + }, + }) + } + + return fns, nil +} + +// getDockerDaemonArchitecture detects the Docker daemon's architecture. +func getDockerDaemonArchitecture(ctx context.Context) string { + dockerHost := os.Getenv("DOCKER_HOST") + + if dockerHost == "" || strings.HasPrefix(dockerHost, "unix://") { + return runtime.GOARCH + } + + cli, err := docker.NewClient() + if err != nil { + return runtime.GOARCH + } + defer cli.Close() //nolint:errcheck // best effort + + info, err := cli.Info(ctx) + if err != nil { + return runtime.GOARCH + } + + return normalizeArchitecture(info.Architecture) +} + +// normalizeArchitecture converts Docker's architecture naming to Go's GOARCH format. +func normalizeArchitecture(dockerArch string) string { + switch dockerArch { + case "x86_64": + return "amd64" + case "aarch64": + return "arm64" + default: + return dockerArch + } +}