apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: nvadmissioncontrolsecurityrules.neuvector.com
spec:
  group: neuvector.com
  names:
    kind: NvAdmissionControlSecurityRule
    listKind: NvAdmissionControlSecurityRuleList
    plural: nvadmissioncontrolsecurityrules
    singular: nvadmissioncontrolsecurityrule
  scope: Cluster
  versions:
  - name: v1
    schema:
      openAPIV3Schema:
        properties:
          spec:
            properties:
              config:
                properties:
                  client_mode:
                    enum:
                    - service
                    - url
                    type: string
                  enable:
                    type: boolean
                  mode:
                    enum:
                    - monitor
                    - protect
                    type: string
                required:
                - enable
                - mode
                - client_mode
                type: object
              rules:
                items:
                  properties:
                    action:
                      enum:
                      - allow
                      - deny
                      type: string
                    comment:
                      type: string
                    criteria:
                      items:
                        properties:
                          name:
                            type: string
                          op:
                            type: string
                          path:
                            type: string
                          sub_criteria:
                            items:
                              properties:
                                name:
                                  type: string
                                op:
                                  type: string
                                value:
                                  type: string
                              required:
                              - name
                              - op
                              - value
                              type: object
                            type: array
                          template_kind:
                            type: string
                          type:
                            type: string
                          value:
                            type: string
                          value_type:
                            type: string
                        required:
                        - name
                        - op
                        - value
                        type: object
                      type: array
                    disabled:
                      type: boolean
                    id:
                      type: integer
                    rule_mode:
                      enum:
                      - ""
                      - monitor
                      - protect
                      type: string
                    containers:
                      items:
                        enum:
                        - containers
                        - init_containers
                        - ephemeral_containers
                        type: string
                      type: array
                  required:
                  - action
                  - criteria
                  type: object
                type: array
            type: object
        type: object
    served: true
    storage: true