v1alpha1

type AffectMode string

type ClusterOverridePolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec represents the desired behavior of ClusterOverridePolicy.
	Spec OverridePolicySpec `json:"spec"`
}

type ClusterOverridePolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClusterOverridePolicy `json:"items"`
}

type ClusterValidatePolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec ClusterValidatePolicySpec `json:"spec,omitempty"`
}

type ClusterValidatePolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClusterValidatePolicy `json:"items"`
}

type ClusterValidatePolicySpec struct {
	// ResourceSelectors restricts resource types that this validate policy applies to.
	// nil means matching all resources.
	// +optional
	ResourceSelectors []ResourceSelector `json:"resourceSelectors,omitempty"`

	// ValidateRules defines a collection of validate rules on target operations.
	// +required
	ValidateRules []ValidateRuleWithOperation `json:"validateRules"`
}

type Cond string

type ConstantValue struct {
	// String as a string
	// +optional
	String *string `json:"string,omitempty"`
	// Integer as an integer(int64)
	// +optional
	Integer *int64 `json:"integer,omitempty"`
	// Float as float but use string to store, so please provide in comma (e.g. float: "1.2")
	// +optional
	Float *Float64 `json:"float,omitempty"`
	// Boolean only true or false can be recognized.
	// +optional
	Boolean *bool `json:"boolean,omitempty"`
	// StringSlice as a slice of string(e.g. ["a","b"])
	// +optional
	StringSlice []string `json:"stringSlice,omitempty"`
	// IntegerSlice as a slice of integer(int64) (e.g. [1,2,3])
	// +optional
	IntegerSlice []int64 `json:"integerSlice,omitempty"`
	// FloatSlice as a slice of float but using string (e.g. ["1.2", "2.3"])
	// +optional
	FloatSlice []Float64 `json:"floatSlice,omitempty"`
	// StringMap as key-value set and both are string.
	// +optional
	StringMap map[string]string `json:"stringMap,omitempty"`
}

type FieldSelector struct {
	// matchFields is a map of {key,value} pairs. A single {key,value} in the matchFields
	// map is equivalent to an element of matchExpressions, whose key field is "key", the
	// operator is "In", and the values array contains only "value".
	// +optional
	MatchFields map[string]string `json:"matchFields,omitempty"`
	// matchExpressions is a list of fields selector requirements. The requirements are ANDed.
	// +optional
	MatchExpressions []*FieldSelectorRequirement `json:"matchExpressions,omitempty"`
}

type FieldSelectorRequirement struct {
	// Field is the field key that the selector applies to.
	// Must provide whole path of key, such as `metadata.annotations.uid`
	Field string `json:"field"`
	// operator represents a key's relationship to a set of values.
	// Valid operators are In, NotIn, Exists and DoesNotExist.
	Operator metav1.LabelSelectorOperator `json:"operator"`
	// values is an array of string values. If the operator is In or NotIn,
	// the values array must be non-empty. If the operator is Exists or DoesNotExist,
	// the values array must be empty.
	// +optional
	Value []string `json:"value,omitempty"`
}

type Float64 string

type HttpDataRef struct {
	// URL as whole http url
	// +required
	URL string `json:"url,omitempty"`
	// Method as basic http method(e.g. GET or POST)
	// +required
	// +kubebuilder:validation:Enum=GET;POST
	Method string `json:"method,omitempty"`
	// Header represents the custom header added to http request header.
	// +optional
	Header map[string]string `json:"header,omitempty"`
	// Params represents the query value for http request.
	// +optional
	Params map[string]string `json:"params,omitempty"`
	// Body represents the json body when http method is POST.
	// +optional
	Body apiextensionsv1.JSON `json:"body,omitempty"`
	// Auth defines basic info for get authorization token before do request.
	// Note: it will request authURL with post and `Header.Set("Authorization", "Basic "+basicAuth(username, password))`
	//  and get token from response body. Response Body must be a valid json and contains token like this: `{"token": "xxx"} .
	//	After get the token, the request will add a new key value to header, key is "Authorization" and value is "Bearer xxx".
	Auth *HttpRequestAuth `json:"auth,omitempty"`
}

type HttpRequestAuth struct {
	// StaticToken represents for static token for call api instead of get token from remote api.
	// StaticToken and other fields are mutually exclusive, staticToken is priority to take effect.
	// +optional
	StaticToken string `json:"staticToken,omitempty"`
	// Username represents username for auth.
	// +optional
	Username string `json:"username,omitempty"`
	// Password represents Password for auth.
	// +optional
	Password string `json:"password,omitempty"`
	// AuthURL represents remote url to request and get token.
	// +optional
	AuthURL string `json:"authUrl,omitempty"`
	// ExpireDuration is providing for some auth api won't return exact expire time, so can you this field set
	//  an expiry duration for token
	// +optional
	ExpireDuration metav1.Duration `json:"expireDuration,omitempty"`
	// Token stores the latest token get from AuthURL, and it'll be updated when token expired.
	// This filed is not fill by user, so don't edit it.
	// +optional
	Token string `json:"token,omitempty"`
	// ExpireAt sores the token expire time. Same as above field, this field also updated automatically.
	// This filed is not fill by user, so don't edit it.
	// +optional
	ExpireAt metav1.Time `json:"expireAt,omitempty"`
}

type OperationType string

type OverridePolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec OverridePolicySpec `json:"spec,omitempty"`
}

type OverridePolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []OverridePolicy `json:"items"`
}

type OverridePolicySpec struct {
	// ResourceSelectors restricts resource types that this override policy applies to.
	// nil means matching all resources.
	// +optional
	ResourceSelectors []ResourceSelector `json:"resourceSelectors,omitempty"`

	// OverrideRules defines a collection of override rules on target operations.
	// +required
	OverrideRules []RuleWithOperation `json:"overrideRules"`
}

type OverrideRuleTemplate struct {
	// Type represents current rule operate field type.
	// +kubebuilder:validation:Enum=annotations;labels;resources;resourcesOversell;tolerations;affinity
	// +required
	Type OverrideRuleType `json:"type,omitempty"`
	// Operation represents current operation type.
	// +kubebuilder:validation:Enum=add;replace;remove
	// +required
	Operation OverriderOperator `json:"operation,omitempty"`
	// Path is field path of current object(e.g. `/spec/affinity`)
	// If current type is annotations or labels, then only need to provide the key, no need whole path.
	// +optional
	Path string `json:"path,omitempty"`
	// Value sets exact value for rule, like enum or numbers
	// Must set value when type is regex.
	// +optional
	Value *ConstantValue `json:"value,omitempty"`
	// ValueRef represents for value reference from current or remote object.
	// Need specify the type of object and how to get it.
	// +optional
	ValueRef *ResourceRefer `json:"valueRef,omitempty"`
	// Resources valid only when the type is `resources`
	// +optional
	Resources *v1.ResourceRequirements `json:"resources,omitempty"`
	// ResourcesOversell valid only when the type is `resourcesOversell`
	// +optional
	ResourcesOversell *ResourcesOversellRule `json:"resourcesOversell,omitempty"`
	// Tolerations valid only when the type is `tolerations`
	// +optional
	Tolerations []*v1.Toleration `json:"tolerations,omitempty"`
	// Affinity valid only when the type is `affinity`
	// +optional
	Affinity *v1.Affinity `json:"affinity,omitempty"`
}

type OverrideRuleType string

type OverriderOperator string

type Overriders struct {
	// Plaintext represents override rules defined with plaintext overriders.
	// +optional
	Plaintext []PlaintextOverrider `json:"plaintext,omitempty"`

	// Cue represents override rules defined with cue code.
	// +optional
	Cue string `json:"cue,omitempty"`

	// Template of rule which defines override rule, and
	// it will be rendered to CUE and store in RenderedCue field, so
	//if there are any data added manually will be erased.
	// +optional
	Template *OverrideRuleTemplate `json:"template,omitempty"`

	// RenderedCue represents override rule defined by Template.
	// Don't modify the value of this field, modify Rules instead of.
	// +optional
	RenderedCue string `json:"renderedCue,omitempty"`
}

type PlaintextOverrider struct {
	// Path indicates the path of target field
	Path string `json:"path"`
	// Operator indicates the operation on target field.
	// Available operators are: add, update and remove.
	// +kubebuilder:validation:Enum=add;remove;replace
	Operator OverriderOperator `json:"op"`
	// Value to be applied to target field.
	// Must be empty when operator is Remove.
	// +optional
	Value apiextensionsv1.JSON `json:"value,omitempty"`
}

type ResourceRefer struct {
	// From represents where this referenced object are.
	// +kubebuilder:validation:Enum=current;old;k8s;owner;http
	// +required
	From ValueRefFrom `json:"from,omitempty"`
	// Path has different meaning, it represents current object field path like "/spec/replica" when From equals "current"
	// and it also can be format like "data.result.x.y" when From equals "http", it represents the path in http response
	// Only when From is owner(means refer current object owner), the path can be empty.
	// +optional
	Path string `json:"path,omitempty"`
	// K8s means refer another object from current cluster.
	// +optional
	K8s *ResourceSelector `json:"k8s,omitempty"`
	// Http means refer data from remote api.
	// +optional
	Http *HttpDataRef `json:"http,omitempty"`
}

type ResourceSelector struct {
	// APIVersion represents the API version of the target resources.
	// +required
	APIVersion string `json:"apiVersion"`

	// Kind represents the Kind of the target resources.
	// +required
	Kind string `json:"kind"`

	// Namespace of the target resource.
	// Default is empty, which means inherit from the parent object scope.
	// +optional
	Namespace string `json:"namespace,omitempty"`

	// Name of the target resource.
	// Default is empty, which means selecting all resources.
	// +optional
	Name string `json:"name,omitempty"`

	// A label query over a set of resources.
	// If name is not empty, labelSelector will be ignored.
	// +optional
	LabelSelector *metav1.LabelSelector `json:"labelSelector,omitempty"`

	// A field query over a set of resources.
	// If name is not empty, fieldSelector wil be ignored.
	// +optional
	FieldSelector *FieldSelector `json:"fieldSelector,omitempty"`
}

type ResourcesOversellRule struct {
	// CpuFactor factor of cup oversell, it is float number less than 1, the range of value is (0,1.0)
	// +optional
	CpuFactor Float64 `json:"cpuFactor,omitempty"`
	// MemoryFactor factor of cup oversell, it is float number less than 1, the range of value is (0,1.0)
	// +optional
	MemoryFactor Float64 `json:"memoryFactor,omitempty"`
	// DiskFactor factor of cup oversell, it is float number less than 1, the range of value is (0,1.0)
	// +optional
	DiskFactor Float64 `json:"diskFactor,omitempty"`
}

type RuleWithOperation struct {
	// TargetOperations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or *
	// for all of those operations and any future admission operations that are added.
	// If '*' is present, the length of the slice must be one.
	// Required.
	TargetOperations []admissionv1.Operation `json:"targetOperations,omitempty"`

	// Overriders represents the override rules that would apply on resources
	// +required
	Overriders Overriders `json:"overriders"`
}

type ValidateCondition struct {
	// AffectMode represents the mode of policy hit affect, in default case(reject), webhook rejects the operation when
	// policy hit, otherwise it will allow the operation.
	// If mode is `allow`, only allow the operation when policy hit, otherwise reject them all.
	// +kubebuilder:validation:Enum=reject;allow
	// +required
	AffectMode AffectMode `json:"affectMode,omitempty"`
	// Cond represents type of condition (e.g. Equal, Exist)
	// +kubebuilder:validation:Enum=Equal;NotEqual;Exist;NotExist;In;NotIn;Gt;Gte;Lt;Lte
	// +required
	Cond Cond `json:"cond,omitempty"`
	// DataRef represents for data reference from current or remote object.
	// Need specify the type of object and how to get it.
	// +required
	DataRef *ResourceRefer `json:"dataRef,omitempty"`
	// Message specify reject message when policy hit.
	// +required
	Message string `json:"message,omitempty"`
	// Value sets exact value for rule, like enum or numbers
	// +optional
	Value *ConstantValue `json:"value,omitempty"`
	// ValueRef represents for value reference from current or remote object.
	// Need specify the type of object and how to get it.
	// +optional
	ValueRef *ResourceRefer `json:"valueRef,omitempty"`
	// ValueProcess represents handle process for value or valueRef.
	// Currently only support for number value, so make sure value or value from remote is a number.
	// +optional
	ValueProcess *ValueProcess `json:"valueProcess,omitempty"`
}

type ValidateRuleTemplate struct {
	// Type represents current rule operate field type.
	// +kubebuilder:validation:Enum=condition
	// +required
	Type ValidateRuleType `json:"type,omitempty"`
	// Condition represents general condition rule for more custom demand.
	// +optional
	Condition *ValidateCondition `json:"condition,omitempty"`
}

type ValidateRuleType string

type ValidateRuleWithOperation struct {
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or *
	// for all of those operations and any future admission operations that are added.
	// If '*' is present, the length of the slice must be one.
	// Required.
	TargetOperations []admissionv1.Operation `json:"targetOperations,omitempty"`

	// Cue represents validate rules defined with cue code.
	// +optional
	Cue string `json:"cue"`

	// Template of condition which defines validate cond, and
	// it will be rendered to CUE and store in RenderedCue field, so
	// if there are any data added manually will be erased.
	// +optional
	Template *ValidateRuleTemplate `json:"template,omitempty"`

	// RenderedCue represents validate rule defined by Template.
	// Don't modify the value of this field, modify Rules instead of.
	// +optional
	RenderedCue string `json:"renderedCue,omitempty"`
}

type ValueProcess struct {
	// Operation defines the type of operate value, and it should work with operationWith.
	// For example, operation is `*` and operationWith is 0.5 then in cue the value will be multiplied by 0.5.
	// +required
	Operation OperationType `json:"operation,omitempty"` // such as `+ - * /`
	// OperationWith defines value for operate to handle static value or value from remote.
	// +required
	OperationWith *intstr.IntOrString `json:"operationWith,omitempty"`
}

type ValueRefFrom string

type ValueType string