// If a validation evaluates to false it is always enforced according to these actions.
  //
  // Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according
  // to these actions only if the FailurePolicy is set to Fail, otherwise the failures are
  // ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.

  // it acts on some changes in a ReplicaSet object.
  // +optional
  optional k8s.io.api.core.v1.ObjectReference regarding = 8;

  // related is the optional secondary object for more complex actions. E.g. when regarding object triggers
  // a creation or deletion of related object.
  // +optional
  optional k8s.io.api.core.v1.ObjectReference related = 9;

  //   must be a BER-encoded ASN.1 Certificate structure as described in section 4 of RFC5280.
  //  3. Non-PEM content may appear before or after the "CERTIFICATE" PEM blocks and is unvalidated,
  //   to allow for explanatory text as described in section 5.2 of RFC7468.
  //
  // If more than one PEM block is present, and the definition of the requested spec.signerName

  // If this field is not specified, it will default based on the existence of Ingress or Egress rules;
  // policies that contain an Egress section are assumed to affect Egress, and all policies
  // (whether or not they contain an Ingress section) are assumed to affect Ingress.
  // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ].

  // characters, '-', '_' or '.'. The serialized form of the secret data is a
  // base64 encoded string, representing the arbitrary (possibly non-string)
  // data value here. Described in https://tools.ietf.org/html/rfc4648#section-4
  // +optional
  map<string, bytes> data = 2;

  // stringData allows specifying non-binary secret data in string form.
  // It is provided as a write-only input field for convenience.

}

// SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace.
// The returned list of actions may be incomplete depending on the server's authorization mode,
// and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions,

  optional int32 expirationSeconds = 8;

  // allowedUsages specifies a set of usage contexts the key will be
  // valid for.
  // See:
  // 	https://tools.ietf.org/html/rfc5280#section-4.2.1.3
  // 	https://tools.ietf.org/html/rfc5280#section-4.2.1.12
  //
  // Valid values are:
  //  "signing",
  //  "digital signature",
  //  "content commitment",
  //  "key encipherment",
  //  "key agreement",

  // it acts on some changes in a ReplicaSet object.
  // +optional
  optional k8s.io.api.core.v1.ObjectReference regarding = 8;

  // related is the optional secondary object for more complex actions. E.g. when regarding object triggers
  // a creation or deletion of related object.
  // +optional
  optional k8s.io.api.core.v1.ObjectReference related = 9;

}

// SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace.
// The returned list of actions may be incomplete depending on the server's authorization mode,
// and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions,

  // If this field is not specified, it will default based on the existence of ingress or egress rules;
  // policies that contain an egress section are assumed to affect egress, and all policies
  // (whether or not they contain an ingress section) are assumed to affect ingress.
  // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ].