// the oldObject and newObject that would be sent to the webhook, and
  // is considered to match if either object matches the selector. A null
  // object (oldObject in the case of create, or newObject in the case of
  // delete) or an object that cannot have labels (like a
  // DeploymentRollback or a PodProxyOptions object) is not considered to
  // match.

}

// SubjectAccessReviewStatus
message SubjectAccessReviewStatus {
  // Allowed is required. True if the action would be allowed, false otherwise.
  optional bool allowed = 1;

  // Denied is optional. True if the action would be denied, otherwise
  // false. If both allowed is false and denied is false, then the
  // authorizer has no opinion on whether to authorize the action. Denied
  // may not be true if Allowed is true.

  // Defaults to false.
  // +optional
  optional bool dryRun = 11;

  // Options is the operation option structure of the operation being performed.
  // e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be
  // different than the options the caller provided. e.g. for a patch request the performed
  // Operation might be a CREATE, in which case the Options will a

// package's DefaultScheme has conversion functions installed which will unpack the
// JSON stored in RawExtension, turning it into the correct object type, and storing it
// in the Object. (TODO: In the case where the object is of an unknown type, a
// runtime.Unknown object will be created and stored.)
//
// +k8s:deepcopy-gen=true
// +protobuf=true
// +k8s:openapi-gen=true
message RawExtension {

  // +kubebuilder:validation:MaxLength=316
  optional string type = 1;

  // status of the condition, one of True, False, Unknown.
  // +required
  // +kubebuilder:validation:Required
  // +kubebuilder:validation:Enum=True;False;Unknown
  optional string status = 2;

  // observedGeneration represents the .metadata.generation that the condition was set based upon.

  //
  // Only one condition of a given type is allowed.
  optional string type = 1;

  // status of the condition, one of True, False, Unknown.
  // Approved, Denied, and Failed conditions may not be "False" or "Unknown".
  optional string status = 6;

  // reason indicates a brief reason for the request state
  // +optional
  optional string reason = 2;

// When using impersonation, users will receive the user info of the user being impersonated.  If impersonation or
// request header authentication is used, any extra keys will have their case ignored and returned as lowercase.
message SelfSubjectReview {
  // Standard object's metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
  // +optional

}

// DaemonSetCondition describes the state of a DaemonSet at a certain point.
message DaemonSetCondition {
  // Type of DaemonSet condition.
  optional string type = 1;

  // Status of the condition, one of True, False, Unknown.
  optional string status = 2;

  // Last time the condition transitioned from one status to another.
  // +optional
  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3;

}

// DaemonSetCondition describes the state of a DaemonSet at a certain point.
message DaemonSetCondition {
  // Type of DaemonSet condition.
  optional string type = 1;

  // Status of the condition, one of True, False, Unknown.
  optional string status = 2;

  // Last time the condition transitioned from one status to another.
  // +optional
  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3;

}

// SubjectAccessReviewStatus
message SubjectAccessReviewStatus {
  // Allowed is required. True if the action would be allowed, false otherwise.
  optional bool allowed = 1;

  // Denied is optional. True if the action would be denied, otherwise
  // false. If both allowed is false and denied is false, then the
  // authorizer has no opinion on whether to authorize the action. Denied
  // may not be true if Allowed is true.