Skip to content

Commit 4fed2bc

Browse files
Shubbhang351tenthirtyam
authored andcommitted
Fix policy docs for scopes
Signed-off-by: vshubhang <vshubhang@vmware.com>
1 parent ad06a6a commit 4fed2bc

File tree

12 files changed

+262
-175
lines changed

12 files changed

+262
-175
lines changed

docs/resources/custom_policy.md

+34-31
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,17 @@
11
---
22
Title: "Custom Policy Resource"
33
Description: |-
4-
Creating the Tanzu Kubernetes custom policy resource.
4+
Creating the Tanzu Kubernetes custom policy resource.
55
---
66

77
# Custom Policy
88

99
The `tanzu-mission-control_custom_policy` resource enables you to attach one of the pre-defined custom policy recipes to a particular scope for management through Tanzu Mission Control.
1010

11-
1211
## Input Recipe
1312

1413
In the Tanzu Mission Control custom policy resource, there are six system defined types of custom templates that you can use:
14+
1515
- **tmc-block-nodeport-service**
1616
- **tmc-block-resources**
1717
- **tmc-block-rolebinding-subjects**
@@ -23,6 +23,7 @@ In the Tanzu Mission Control custom policy resource, there are six system define
2323
## Policy Scope and Inheritance
2424

2525
In the Tanzu Mission Control resource hierarchy, there are three levels at which you can specify custom policy resources:
26+
2627
- **organization** - `organization` block under `scope` sub-resource
2728
- **object groups** - `cluster_group` block under `scope` sub-resource
2829
- **Kubernetes objects** - `cluster` block under `scope` sub-resource
@@ -1292,12 +1293,13 @@ resource "tanzu-mission-control_custom_policy" "custom" {
12921293
```
12931294

12941295
<!-- schema generated by tfplugindocs -->
1296+
12951297
## Schema
12961298

12971299
### Required
12981300

12991301
- `name` (String) Name of the custom policy
1300-
- `scope` (Block List, Min: 1, Max: 1) Scope for the custom, security, image, network, namespace quota and mutation policy, having one of the valid scopes for custom, security, mutation, and namespace quota policy: cluster, cluster_group or organization and valid scopes for image and network policy: workspace or organization. (see [below for nested schema](#nestedblock--scope))
1302+
- `scope` (Block List, Min: 1, Max: 1) Scope for the custom, security, image, network and namespace quota policy, having one of the valid scopes for custom, security and namespace quota policy: cluster, cluster_group or organization and valid scopes for image and network policy: workspace or organization. (see [below for nested schema](#nestedblock--scope))
13011303
- `spec` (Block List, Min: 1, Max: 1) Spec for the custom policy (see [below for nested schema](#nestedblock--spec))
13021304

13031305
### Optional
@@ -1309,6 +1311,7 @@ resource "tanzu-mission-control_custom_policy" "custom" {
13091311
- `id` (String) The ID of this resource.
13101312

13111313
<a id="nestedblock--scope"></a>
1314+
13121315
### Nested Schema for `scope`
13131316

13141317
Optional:
@@ -1319,6 +1322,7 @@ Optional:
13191322
- `workspace` (Block List, Max: 1) The schema for workspace policy full name (see [below for nested schema](#nestedblock--scope--workspace))
13201323

13211324
<a id="nestedblock--scope--cluster"></a>
1325+
13221326
### Nested Schema for `scope.cluster`
13231327

13241328
Required:
@@ -1330,33 +1334,32 @@ Optional:
13301334
- `management_cluster_name` (String) Name of the management cluster
13311335
- `provisioner_name` (String) Provisioner of the cluster
13321336

1333-
13341337
<a id="nestedblock--scope--cluster_group"></a>
1338+
13351339
### Nested Schema for `scope.cluster_group`
13361340

13371341
Required:
13381342

13391343
- `cluster_group` (String) Name of this cluster group
13401344

1341-
13421345
<a id="nestedblock--scope--organization"></a>
1346+
13431347
### Nested Schema for `scope.organization`
13441348

13451349
Required:
13461350

13471351
- `organization` (String) ID of this organization
13481352

1349-
13501353
<a id="nestedblock--scope--workspace"></a>
1354+
13511355
### Nested Schema for `scope.workspace`
13521356

13531357
Required:
13541358

13551359
- `workspace` (String) Name of this workspace
13561360

1357-
1358-
13591361
<a id="nestedblock--spec"></a>
1362+
13601363
### Nested Schema for `spec`
13611364

13621365
Required:
@@ -1368,6 +1371,7 @@ Optional:
13681371
- `namespace_selector` (Block List, Max: 1) Label based Namespace Selector for the policy (see [below for nested schema](#nestedblock--spec--namespace_selector))
13691372

13701373
<a id="nestedblock--spec--input"></a>
1374+
13711375
### Nested Schema for `spec.input`
13721376

13731377
Optional:
@@ -1381,6 +1385,7 @@ Optional:
13811385
- `tmc_require_labels` (Block List, Max: 1) The input schema for custom policy tmc_require_labels recipe version v1 (see [below for nested schema](#nestedblock--spec--input--tmc_require_labels))
13821386

13831387
<a id="nestedblock--spec--input--custom"></a>
1388+
13841389
### Nested Schema for `spec.input.custom`
13851390

13861391
Required:
@@ -1394,16 +1399,16 @@ Optional:
13941399
- `parameters` (String) JSON encoded template parameters.
13951400

13961401
<a id="nestedblock--spec--input--custom--target_kubernetes_resources"></a>
1402+
13971403
### Nested Schema for `spec.input.custom.target_kubernetes_resources`
13981404

13991405
Required:
14001406

14011407
- `api_groups` (List of String) APIGroup is a group containing the resource type.
14021408
- `kinds` (List of String) Kind is the name of the object schema (resource type).
14031409

1404-
1405-
14061410
<a id="nestedblock--spec--input--tmc_block_nodeport_service"></a>
1411+
14071412
### Nested Schema for `spec.input.tmc_block_nodeport_service`
14081413

14091414
Required:
@@ -1415,16 +1420,16 @@ Optional:
14151420
- `audit` (Boolean) Audit (dry-run).
14161421

14171422
<a id="nestedblock--spec--input--tmc_block_nodeport_service--target_kubernetes_resources"></a>
1423+
14181424
### Nested Schema for `spec.input.tmc_block_nodeport_service.target_kubernetes_resources`
14191425

14201426
Required:
14211427

14221428
- `api_groups` (List of String) APIGroup is a group containing the resource type.
14231429
- `kinds` (List of String) Kind is the name of the object schema (resource type).
14241430

1425-
1426-
14271431
<a id="nestedblock--spec--input--tmc_block_resources"></a>
1432+
14281433
### Nested Schema for `spec.input.tmc_block_resources`
14291434

14301435
Required:
@@ -1436,16 +1441,16 @@ Optional:
14361441
- `audit` (Boolean) Audit (dry-run).
14371442

14381443
<a id="nestedblock--spec--input--tmc_block_resources--target_kubernetes_resources"></a>
1444+
14391445
### Nested Schema for `spec.input.tmc_block_resources.target_kubernetes_resources`
14401446

14411447
Required:
14421448

14431449
- `api_groups` (List of String) APIGroup is a group containing the resource type.
14441450
- `kinds` (List of String) Kind is the name of the object schema (resource type).
14451451

1446-
1447-
14481452
<a id="nestedblock--spec--input--tmc_block_rolebinding_subjects"></a>
1453+
14491454
### Nested Schema for `spec.input.tmc_block_rolebinding_subjects`
14501455

14511456
Required:
@@ -1458,33 +1463,33 @@ Optional:
14581463
- `audit` (Boolean) Audit (dry-run).
14591464

14601465
<a id="nestedblock--spec--input--tmc_block_rolebinding_subjects--parameters"></a>
1466+
14611467
### Nested Schema for `spec.input.tmc_block_rolebinding_subjects.parameters`
14621468

14631469
Required:
14641470

14651471
- `disallowed_subjects` (Block List, Min: 1) Disallowed Subjects. (see [below for nested schema](#nestedblock--spec--input--tmc_block_rolebinding_subjects--parameters--disallowed_subjects))
14661472

14671473
<a id="nestedblock--spec--input--tmc_block_rolebinding_subjects--parameters--disallowed_subjects"></a>
1474+
14681475
### Nested Schema for `spec.input.tmc_block_rolebinding_subjects.parameters.disallowed_subjects`
14691476

14701477
Required:
14711478

14721479
- `kind` (String) The kind of subject to disallow, can be User/Group/ServiceAccount.
14731480
- `name` (String) The name of the subject to disallow.
14741481

1475-
1476-
14771482
<a id="nestedblock--spec--input--tmc_block_rolebinding_subjects--target_kubernetes_resources"></a>
1483+
14781484
### Nested Schema for `spec.input.tmc_block_rolebinding_subjects.target_kubernetes_resources`
14791485

14801486
Required:
14811487

14821488
- `api_groups` (List of String) APIGroup is a group containing the resource type.
14831489
- `kinds` (List of String) Kind is the name of the object schema (resource type).
14841490

1485-
1486-
14871491
<a id="nestedblock--spec--input--tmc_external_ips"></a>
1492+
14881493
### Nested Schema for `spec.input.tmc_external_ips`
14891494

14901495
Required:
@@ -1497,24 +1502,24 @@ Optional:
14971502
- `audit` (Boolean) Audit (dry-run).
14981503

14991504
<a id="nestedblock--spec--input--tmc_external_ips--parameters"></a>
1505+
15001506
### Nested Schema for `spec.input.tmc_external_ips.parameters`
15011507

15021508
Required:
15031509

15041510
- `allowed_ips` (List of String) Allowed IPs.
15051511

1506-
15071512
<a id="nestedblock--spec--input--tmc_external_ips--target_kubernetes_resources"></a>
1513+
15081514
### Nested Schema for `spec.input.tmc_external_ips.target_kubernetes_resources`
15091515

15101516
Required:
15111517

15121518
- `api_groups` (List of String) APIGroup is a group containing the resource type.
15131519
- `kinds` (List of String) Kind is the name of the object schema (resource type).
15141520

1515-
1516-
15171521
<a id="nestedblock--spec--input--tmc_https_ingress"></a>
1522+
15181523
### Nested Schema for `spec.input.tmc_https_ingress`
15191524

15201525
Required:
@@ -1526,16 +1531,16 @@ Optional:
15261531
- `audit` (Boolean) Audit (dry-run).
15271532

15281533
<a id="nestedblock--spec--input--tmc_https_ingress--target_kubernetes_resources"></a>
1534+
15291535
### Nested Schema for `spec.input.tmc_https_ingress.target_kubernetes_resources`
15301536

15311537
Required:
15321538

15331539
- `api_groups` (List of String) APIGroup is a group containing the resource type.
15341540
- `kinds` (List of String) Kind is the name of the object schema (resource type).
15351541

1536-
1537-
15381542
<a id="nestedblock--spec--input--tmc_require_labels"></a>
1543+
15391544
### Nested Schema for `spec.input.tmc_require_labels`
15401545

15411546
Required:
@@ -1548,13 +1553,15 @@ Optional:
15481553
- `audit` (Boolean) Audit (dry-run).
15491554

15501555
<a id="nestedblock--spec--input--tmc_require_labels--parameters"></a>
1556+
15511557
### Nested Schema for `spec.input.tmc_require_labels.parameters`
15521558

15531559
Required:
15541560

15551561
- `labels` (Block List, Min: 1) Labels. (see [below for nested schema](#nestedblock--spec--input--tmc_require_labels--parameters--labels))
15561562

15571563
<a id="nestedblock--spec--input--tmc_require_labels--parameters--labels"></a>
1564+
15581565
### Nested Schema for `spec.input.tmc_require_labels.parameters.labels`
15591566

15601567
Required:
@@ -1565,27 +1572,25 @@ Optional:
15651572

15661573
- `value` (String) Optional label value to enforce (if left empty, only key will be enforced).
15671574

1568-
1569-
15701575
<a id="nestedblock--spec--input--tmc_require_labels--target_kubernetes_resources"></a>
1576+
15711577
### Nested Schema for `spec.input.tmc_require_labels.target_kubernetes_resources`
15721578

15731579
Required:
15741580

15751581
- `api_groups` (List of String) APIGroup is a group containing the resource type.
15761582
- `kinds` (List of String) Kind is the name of the object schema (resource type).
15771583

1578-
1579-
1580-
15811584
<a id="nestedblock--spec--namespace_selector"></a>
1585+
15821586
### Nested Schema for `spec.namespace_selector`
15831587

15841588
Required:
15851589

15861590
- `match_expressions` (Block List, Min: 1) Match expressions is a list of label selector requirements, the requirements are ANDed (see [below for nested schema](#nestedblock--spec--namespace_selector--match_expressions))
15871591

15881592
<a id="nestedblock--spec--namespace_selector--match_expressions"></a>
1593+
15891594
### Nested Schema for `spec.namespace_selector.match_expressions`
15901595

15911596
Required:
@@ -1597,10 +1602,8 @@ Optional:
15971602
- `key` (String) Key is the label key that the selector applies to
15981603
- `operator` (String) Operator represents a key's relationship to a set of values
15991604

1600-
1601-
1602-
16031605
<a id="nestedblock--meta"></a>
1606+
16041607
### Nested Schema for `meta`
16051608

16061609
Optional:

0 commit comments

Comments
 (0)