// +optional
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;

  // Items is a list of ClusterRoles
  repeated ClusterRole items = 2;
}

// PolicyRule holds information that describes a policy rule, but does not contain information
// about who the rule applies to or which namespace the rule applies to.
message PolicyRule {

			vc, err = globalBucketVersioningSys.Get(bucket)
			if err != nil {
				retErr = err
				healingLogIf(ctx, err)
				continue
			}
			// Check if the current bucket has a configured lifecycle policy
			lc, err = globalLifecycleSys.Get(bucket)
			if err != nil && !errors.Is(err, BucketLifecycleNotFound{Bucket: bucket}) {
				retErr = err
				healingLogIf(ctx, err)
				continue
			}

  // update), this timer will effectively be stopped and reset when the Job is
  // resumed again.
  // +optional
  optional int64 activeDeadlineSeconds = 3;

  // Specifies the policy of handling failed pods. In particular, it allows to
  // specify the set of actions and conditions which need to be
  // satisfied to take the associated action.

 * SSL socket. For example, if an SSL socket does not have TLS 1.3 enabled, it will not be used even
 * if it is present on the connection spec. The same policy also applies to cipher suites.
 *
 * Use [Builder.allEnabledTlsVersions] and [Builder.allEnabledCipherSuites] to defer all feature
 * selection to the underlying SSL socket.
 *

- **Auth**
  - [alpha] Container Image Policy allows an access controller to determine whether a pod may be scheduled based on a policy ([docs](http://kubernetes.io/docs/admin/admission-controllers/#imagepolicywebhook)) ([kubernetes/features#59](https://github.com/kubernetes/enhancements/issues/59))

      }

    /** Sets the trailers and returns this. */
    fun trailers(trailers: Headers) =
      apply {
        this.trailers = trailers.newBuilder()
      }

    /** Sets the socket policy and returns this. */
    fun socketPolicy(socketPolicy: SocketPolicy) =
      apply {
        this.socketPolicy = socketPolicy
      }

    /**

    boolean isUpdateSnapshots();

    MavenExecutionRequest setNoSnapshotUpdates(boolean noSnapshotUpdates);

    boolean isNoSnapshotUpdates();

    // Checksum policy
    MavenExecutionRequest setGlobalChecksumPolicy(String globalChecksumPolicy);

    String getGlobalChecksumPolicy();

    // Local repository

  repeated string items = 1;
}

// LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace.
// Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions
// checking.
message LocalSubjectAccessReview {
  // Standard list metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

### CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

        if (null == name) {
            return defaultClazz; // just use the default type
        }

        // TCCL allows surrounding container to influence class loading policy
        final ClassLoader tccl = Thread.currentThread().getContextClassLoader();
        if (tccl != null) {
            try {
                return tccl.loadClass(name);
            } catch (final Exception e) {