diff --git a/.features/pending/cel-validation.md b/.features/pending/cel-validation.md
new file mode 100644
index 000000000000..fbef9319582d
--- /dev/null
+++ b/.features/pending/cel-validation.md
@@ -0,0 +1,71 @@
+Description: Added CRD validation rules
+Authors: [Alan Clucas](https://github.com/Joibel
+Component: General
+Issues: 13503
+
+Added some validation rules to the full CRDs which allow some simpler validation to happen as the object is added to the kubernetes cluster.
+This is useful if you're using a mechanism which bypasses the validator such as kubectl apply.
+It will inform you of
+
+**Note:** Some validations cannot be implemented as CEL rules due to Kubernetes limitations.
+Fields marked with `+kubebuilder:validation:Schemaless` (like `withItems`) or `+kubebuilder:pruning:PreserveUnknownFields` (like `inline`) are not visible to CEL validation expressions.
+
+**CEL Budget Management:** Kubernetes limits the total cost of CEL validation rules per CRD. To stay within these limits:
+* All `status` blocks have CEL validations automatically stripped during CRD generation
+* Controller-managed CRDs (WorkflowTaskSet, WorkflowTaskResult, WorkflowArtifactGCTask) have all CEL validations removed from both spec and status
+* Server-side validations in `workflow/validate/validate.go` supplement CEL for fields that cannot be validated with CEL (e.g., schemaless fields)
+
+**Array and String Size Limits:** To manage CEL validation costs, the following maximum sizes are enforced:
+* Templates per workflow: 200
+* DAG tasks per DAG template: 200
+* Parameters: 500
+* Prometheus metrics per template: 100
+* Gauge metric value string: 256 characters
+
+#### Mutual Exclusivity Rules:
+* only one template type per template
+* only one of sequence count/end
+* only one of manifest/manifestFrom
+* cannot use both depends and dependencies in DAG tasks.
+
+#### DAG Task Constraints:
+* task names cannot start with digit when using depends/dependencies
+* cannot use continueOn with depends.
+
+#### Timeout on Non-Leaf Templates:
+* Timeout cannot be set on steps or dag templates (only on leaf templates).
+
+#### Cron Schedule Format:
+* CronWorkflow schedules must be valid 5-field cron expressions, specialdescriptors (@yearly, @hourly, etc.), or interval format (@every).
+
+#### Metric Validation:
+* metric and label names validation
+* help and value fields required
+* real-time gauges cannot use resourcesDuration metrics
+
+#### Artifact:
+* At most one artifact location may be specified
+* Artifact.Mode must be between 0 and 511 (0777 octal) for file permissions.
+
+#### Enum Validations:
+* PodGC strategy
+* ConcurrencyPolicy
+* RetryPolicy
+* GaugeOperation
+* Resource action
+* MergeStrategy
+ all have restricted allowed values.
+
+#### Name Pattern Constraints:
+* Template/Step/Task names: max 128 chars, pattern ^[a-zA-Z0-9][-a-zA-Z0-9]*$;
+* Parameter/Artifact names: pattern ^[a-zA-Z0-9_][-a-zA-Z0-9_]*$.
+
+#### Minimum Array Sizes:
+* Template.Steps requires at least one step group
+* Parameter.Enum requires at least one value
+* CronWorkflow.Schedules requires at least one schedule
+* DAG.Tasks requires at least one task.
+
+#### Numeric Constraints:
+* Parallelism minimum 1
+* StartingDeadlineSeconds minimum 0.
diff --git a/api/jsonschema/schema.json b/api/jsonschema/schema.json
index 8e2e04d7dc13..c08a83de3cff 100644
--- a/api/jsonschema/schema.json
+++ b/api/jsonschema/schema.json
@@ -5046,7 +5046,8 @@
}
},
"required": [
- "workflowSpec"
+ "workflowSpec",
+ "schedules"
],
"type": "object"
},
@@ -5098,7 +5099,7 @@
"type": "object"
},
"io.argoproj.workflow.v1alpha1.DAGTask": {
- "description": "DAGTask represents a node in the graph during DAG execution",
+ "description": "DAGTask represents a node in the graph during DAG execution Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.",
"properties": {
"arguments": {
"$ref": "#/definitions/io.argoproj.workflow.v1alpha1.Arguments",
@@ -5183,7 +5184,7 @@
"type": "string"
},
"tasks": {
- "description": "Tasks are a list of DAG tasks",
+ "description": "Tasks are a list of DAG tasks MaxItems is an artificial limit to limit CEL validation costs - see note at top of file",
"items": {
"$ref": "#/definitions/io.argoproj.workflow.v1alpha1.DAGTask"
},
@@ -5304,7 +5305,7 @@
"type": "boolean"
},
"value": {
- "description": "Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric",
+ "description": "Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric MaxLength is an artificial limit to limit CEL validation costs - see note at top of file",
"type": "string"
}
},
@@ -5713,7 +5714,7 @@
"x-kubernetes-patch-strategy": "merge"
},
"parameters": {
- "description": "Parameters are a list of parameters passed as inputs",
+ "description": "Parameters are a list of parameters passed as inputs MaxItems is an artificial limit to limit CEL validation costs - see note at top of file",
"items": {
"$ref": "#/definitions/io.argoproj.workflow.v1alpha1.Parameter"
},
@@ -5931,7 +5932,7 @@
"description": "Metrics are a list of metrics emitted from a Workflow/Template",
"properties": {
"prometheus": {
- "description": "Prometheus is a list of prometheus metrics to be emitted",
+ "description": "Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file",
"items": {
"$ref": "#/definitions/io.argoproj.workflow.v1alpha1.Prometheus"
},
@@ -8128,7 +8129,7 @@
"description": "TemplateDefaults holds default template values that will apply to all templates in the Workflow, unless overridden on the template-level"
},
"templates": {
- "description": "Templates is a list of workflow templates used in a workflow",
+ "description": "Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file",
"items": {
"$ref": "#/definitions/io.argoproj.workflow.v1alpha1.Template"
},
@@ -8282,7 +8283,7 @@
"type": "object"
},
"io.argoproj.workflow.v1alpha1.WorkflowStep": {
- "description": "WorkflowStep is a reference to a template to execute in a series of step",
+ "description": "WorkflowStep is a reference to a template to execute in a series of step Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.",
"properties": {
"arguments": {
"$ref": "#/definitions/io.argoproj.workflow.v1alpha1.Arguments",
diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json
index 5b524f3178fe..46d2d38d1054 100644
--- a/api/openapi-spec/swagger.json
+++ b/api/openapi-spec/swagger.json
@@ -9278,7 +9278,8 @@
"description": "CronWorkflowSpec is the specification of a CronWorkflow",
"type": "object",
"required": [
- "workflowSpec"
+ "workflowSpec",
+ "schedules"
],
"properties": {
"concurrencyPolicy": {
@@ -9378,7 +9379,7 @@
}
},
"io.argoproj.workflow.v1alpha1.DAGTask": {
- "description": "DAGTask represents a node in the graph during DAG execution",
+ "description": "DAGTask represents a node in the graph during DAG execution Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.",
"type": "object",
"required": [
"name"
@@ -9467,7 +9468,7 @@
"type": "string"
},
"tasks": {
- "description": "Tasks are a list of DAG tasks",
+ "description": "Tasks are a list of DAG tasks MaxItems is an artificial limit to limit CEL validation costs - see note at top of file",
"type": "array",
"items": {
"$ref": "#/definitions/io.argoproj.workflow.v1alpha1.DAGTask"
@@ -9589,7 +9590,7 @@
"type": "boolean"
},
"value": {
- "description": "Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric",
+ "description": "Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric MaxLength is an artificial limit to limit CEL validation costs - see note at top of file",
"type": "string"
}
}
@@ -9994,7 +9995,7 @@
"x-kubernetes-patch-strategy": "merge"
},
"parameters": {
- "description": "Parameters are a list of parameters passed as inputs",
+ "description": "Parameters are a list of parameters passed as inputs MaxItems is an artificial limit to limit CEL validation costs - see note at top of file",
"type": "array",
"items": {
"$ref": "#/definitions/io.argoproj.workflow.v1alpha1.Parameter"
@@ -10215,7 +10216,7 @@
],
"properties": {
"prometheus": {
- "description": "Prometheus is a list of prometheus metrics to be emitted",
+ "description": "Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file",
"type": "array",
"items": {
"$ref": "#/definitions/io.argoproj.workflow.v1alpha1.Prometheus"
@@ -12391,7 +12392,7 @@
"$ref": "#/definitions/io.argoproj.workflow.v1alpha1.Template"
},
"templates": {
- "description": "Templates is a list of workflow templates used in a workflow",
+ "description": "Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file",
"type": "array",
"items": {
"$ref": "#/definitions/io.argoproj.workflow.v1alpha1.Template"
@@ -12544,7 +12545,7 @@
}
},
"io.argoproj.workflow.v1alpha1.WorkflowStep": {
- "description": "WorkflowStep is a reference to a template to execute in a series of step",
+ "description": "WorkflowStep is a reference to a template to execute in a series of step Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.",
"type": "object",
"properties": {
"arguments": {
diff --git a/docs/executor_swagger.md b/docs/executor_swagger.md
index da9fbf6307e3..2f9d1c8008f7 100644
--- a/docs/executor_swagger.md
+++ b/docs/executor_swagger.md
@@ -229,8 +229,8 @@ It will marshall back to string - marshalling is not symmetric.
| globalName | string| `string` | | | GlobalName exports an output artifact to the global scope, making it available as'{{workflow.outputs.artifacts.XXXX}} and in workflow.status.outputs.artifacts | |
| hdfs | [HDFSArtifact](#h-d-f-s-artifact)| `HDFSArtifact` | | | | |
| http | [HTTPArtifact](#http-artifact)| `HTTPArtifact` | | | | |
-| mode | int32 (formatted integer)| `int32` | | | mode bits to use on this file, must be a value between 0 and 0777.Set when loading input artifacts. It is recommended to set the mode valueto ensure the artifact has the expected permissions in your container. | |
-| name | string| `string` | | | name of the artifact. must be unique within a template's inputs/outputs. | |
+| mode | int32 (formatted integer)| `int32` | | | mode bits to use on this file, must be a value between 0 and 0777.Set when loading input artifacts. It is recommended to set the mode valueto ensure the artifact has the expected permissions in your container.+kubebuilder:validation:Minimum=0+kubebuilder:validation:Maximum=511 | |
+| name | string| `string` | | | name of the artifact. must be unique within a template's inputs/outputs.+kubebuilder:validation:Pattern=`^[-a-zA-Z0-9_]+$` | |
| optional | boolean| `bool` | | | Make Artifacts optional, if Artifacts doesn't generate or exist | |
| oss | [OSSArtifact](#o-s-s-artifact)| `OSSArtifact` | | | | |
| path | string| `string` | | | Path is the container path to the artifact | |
@@ -279,6 +279,7 @@ It will marshall back to string - marshalling is not symmetric.
> It is used as single artifact in the context of inputs/outputs (e.g. outputs.artifacts.artname).
It is also used to describe the location of multiple artifacts such as the archive location
of a single workflow step, which the executor will use as a default location to store its files.
++kubebuilder:validation:XValidation:rule="(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory) ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw) ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin) ? 1 : 0) <= 1",message="at most one artifact location can be specified"
@@ -330,8 +331,8 @@ of a single workflow step, which the executor will use as a default location to
| globalName | string| `string` | | | GlobalName exports an output artifact to the global scope, making it available as'{{workflow.outputs.artifacts.XXXX}} and in workflow.status.outputs.artifacts | |
| hdfs | [HDFSArtifact](#h-d-f-s-artifact)| `HDFSArtifact` | | | | |
| http | [HTTPArtifact](#http-artifact)| `HTTPArtifact` | | | | |
-| mode | int32 (formatted integer)| `int32` | | | mode bits to use on this file, must be a value between 0 and 0777.Set when loading input artifacts. It is recommended to set the mode valueto ensure the artifact has the expected permissions in your container. | |
-| name | string| `string` | | | name of the artifact. must be unique within a template's inputs/outputs. | |
+| mode | int32 (formatted integer)| `int32` | | | mode bits to use on this file, must be a value between 0 and 0777.Set when loading input artifacts. It is recommended to set the mode valueto ensure the artifact has the expected permissions in your container.+kubebuilder:validation:Minimum=0+kubebuilder:validation:Maximum=511 | |
+| name | string| `string` | | | name of the artifact. must be unique within a template's inputs/outputs.+kubebuilder:validation:Pattern=`^[-a-zA-Z0-9_]+$` | |
| optional | boolean| `bool` | | | Make Artifacts optional, if Artifacts doesn't generate or exist | |
| oss | [OSSArtifact](#o-s-s-artifact)| `OSSArtifact` | | | | |
| path | string| `string` | | | Path is the container path to the artifact | |
@@ -954,7 +955,7 @@ ConfigMap volumes support ownership management and SELinux relabeling.
| Name | Type | Go type | Required | Default | Description | Example |
|------|------|---------|:--------:| ------- |-------------|---------|
-| value | string| `string` | | | Value is the value of the metric | |
+| value | string| `string` | | | Value is the value of the metric+kubebuilder:validation:MinLength=1 | |
@@ -980,6 +981,10 @@ ConfigMap volumes support ownership management and SELinux relabeling.
> DAGTask represents a node in the graph during DAG execution
+Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
++kubebuilder:validation:XValidation:rule="!has(self.depends) || !has(self.dependencies)",message="cannot use both 'depends' and 'dependencies'"
++kubebuilder:validation:XValidation:rule="!has(self.depends) || !has(self.continueOn)",message="cannot use 'continueOn' when using 'depends'"
++kubebuilder:validation:XValidation:rule="!(has(self.depends) || has(self.dependencies)) || !self.name.matches('^[0-9]')",message="task name cannot begin with a digit when using 'depends' or 'dependencies'"
@@ -996,7 +1001,7 @@ ConfigMap volumes support ownership management and SELinux relabeling.
| depends | string| `string` | | | Depends are name of other targets which this depends on | |
| hooks | [LifecycleHooks](#lifecycle-hooks)| `LifecycleHooks` | | | | |
| inline | [Template](#template)| `Template` | | | | |
-| name | string| `string` | | | Name is the name of the target | |
+| name | string| `string` | | | Name is the name of the target+kubebuilder:validation:MaxLength=128+kubebuilder:validation:Pattern=`^[a-zA-Z0-9][-a-zA-Z0-9]*$` | |
| onExit | string| `string` | | | OnExit is a template reference which is invoked at the end of thetemplate, irrespective of the success, failure, or error of theprimary template.DEPRECATED: Use Hooks[exit].Template instead. | |
| template | string| `string` | | | Name of template to execute | |
| templateRef | [TemplateRef](#template-ref)| `TemplateRef` | | | | |
@@ -1023,7 +1028,7 @@ ConfigMap volumes support ownership management and SELinux relabeling.
|------|------|---------|:--------:| ------- |-------------|---------|
| failFast | boolean| `bool` | | | This flag is for DAG logic. The DAG logic has a built-in "fail fast" feature to stop scheduling new steps,as soon as it detects that one of the DAG nodes is failed. Then it waits until all DAG nodes are completedbefore failing the DAG itself.The FailFast flag default is true, if set to false, it will allow a DAG to run all branches of the DAG tocompletion (either success or failure), regardless of the failed outcomes of branches in the DAG.More info and example about this feature at https://github.com/argoproj/argo-workflows/issues/1442 | |
| target | string| `string` | | | Target are one or more names of targets to execute in a DAG | |
-| tasks | [][DAGTask](#d-a-g-task)| `[]*DAGTask` | | | Tasks are a list of DAG tasks+patchStrategy=merge+patchMergeKey=name | |
+| tasks | [][DAGTask](#d-a-g-task)| `[]*DAGTask` | | | Tasks are a list of DAG tasksMaxItems is an artificial limit to limit CEL validation costs - see note at top of file+patchStrategy=merge+patchMergeKey=name+kubebuilder:validation:MinItems=1+kubebuilder:validation:MaxItems=200 | |
@@ -1435,6 +1440,7 @@ PDs support ownership management and SELinux relabeling.
> Gauge is a Gauge prometheus metric
++kubebuilder:validation:XValidation:rule="!has(self.realtime) || !self.realtime || !self.value.contains('resourcesDuration.')",message="'resourcesDuration.*' metrics cannot be used in real-time gauges"
@@ -1447,18 +1453,21 @@ PDs support ownership management and SELinux relabeling.
|------|------|---------|:--------:| ------- |-------------|---------|
| operation | [GaugeOperation](#gauge-operation)| `GaugeOperation` | | | | |
| realtime | boolean| `bool` | | | Realtime emits this metric in real time if applicable | |
-| value | string| `string` | | | Value is the value to be used in the operation with the metric's current value. If no operation is set,value is the value of the metric | |
+| value | string| `string` | | | Value is the value to be used in the operation with the metric's current value. If no operation is set,value is the value of the metricMaxLength is an artificial limit to limit CEL validation costs - see note at top of file+kubebuilder:validation:MinLength=1+kubebuilder:validation:MaxLength=256 | |
### GaugeOperation
+> +kubebuilder:validation:Enum=Set;Add;Sub
+
+
| Name | Type | Go type | Default | Description | Example |
|------|------|---------| ------- |-------------|---------|
-| GaugeOperation | string| string | | | |
+| GaugeOperation | string| string | | +kubebuilder:validation:Enum=Set;Add;Sub | |
@@ -1727,7 +1736,7 @@ into the Pod's container.
| Name | Type | Go type | Required | Default | Description | Example |
|------|------|---------|:--------:| ------- |-------------|---------|
| buckets | [][Amount](#amount)| `[]Amount` | | | Buckets is a list of bucket divisors for the histogram | |
-| value | string| `string` | | | Value is the value of the metric | |
+| value | string| `string` | | | Value is the value of the metric+kubebuilder:validation:MinLength=1 | |
@@ -1844,7 +1853,7 @@ ISCSI volumes support ownership management and SELinux relabeling.
| Name | Type | Go type | Required | Default | Description | Example |
|------|------|---------|:--------:| ------- |-------------|---------|
| artifacts | [Artifacts](#artifacts)| `Artifacts` | | | | |
-| parameters | [][Parameter](#parameter)| `[]*Parameter` | | | Parameters are a list of parameters passed as inputs+patchStrategy=merge+patchMergeKey=name | |
+| parameters | [][Parameter](#parameter)| `[]*Parameter` | | | Parameters are a list of parameters passed as inputsMaxItems is an artificial limit to limit CEL validation costs - see note at top of file+patchStrategy=merge+patchMergeKey=name+kubebuilder:validation:MaxItems=500 | |
@@ -2152,7 +2161,7 @@ that the fieldset applies to.
| Name | Type | Go type | Required | Default | Description | Example |
|------|------|---------|:--------:| ------- |-------------|---------|
-| key | string| `string` | | | | |
+| key | string| `string` | | | +kubebuilder:validation:Pattern=`^[a-zA-Z_][a-zA-Z0-9_]*$` | |
| value | string| `string` | | | | |
@@ -2171,7 +2180,7 @@ that the fieldset applies to.
| Name | Type | Go type | Required | Default | Description | Example |
|------|------|---------|:--------:| ------- |-------------|---------|
-| prometheus | [][Prometheus](#prometheus)| `[]*Prometheus` | | | Prometheus is a list of prometheus metrics to be emitted | |
+| prometheus | [][Prometheus](#prometheus)| `[]*Prometheus` | | | Prometheus is a list of prometheus metrics to be emittedMaxItems is an artificial limit to limit CEL validation costs - see note at top of file+kubebuilder:validation:MaxItems=100 | |
@@ -2558,9 +2567,9 @@ be cluster-scoped, so there is no namespace field.
|------|------|---------|:--------:| ------- |-------------|---------|
| default | [AnyString](#any-string)| `AnyString` | | | | |
| description | [AnyString](#any-string)| `AnyString` | | | | |
-| enum | [][AnyString](#any-string)| `[]AnyString` | | | Enum holds a list of string values to choose from, for the actual value of the parameter | |
+| enum | [][AnyString](#any-string)| `[]AnyString` | | | Enum holds a list of string values to choose from, for the actual value of the parameter+kubebuilder:validation:MinItems=1 | |
| globalName | string| `string` | | | GlobalName exports an output parameter to the global scope, making it available as'{{workflow.outputs.parameters.XXXX}} and in workflow.status.outputs.parameters | |
-| name | string| `string` | | | Name is the parameter name | |
+| name | string| `string` | | | Name is the parameter name+kubebuilder:validation:Pattern=`^[-a-zA-Z0-9_]+$` | |
| value | [AnyString](#any-string)| `AnyString` | | | | |
| valueFrom | [ValueFrom](#value-from)| `ValueFrom` | | | | |
@@ -2966,10 +2975,10 @@ alive or ready to receive traffic.
|------|------|---------|:--------:| ------- |-------------|---------|
| counter | [Counter](#counter)| `Counter` | | | | |
| gauge | [Gauge](#gauge)| `Gauge` | | | | |
-| help | string| `string` | | | Help is a string that describes the metric | |
+| help | string| `string` | | | Help is a string that describes the metric+kubebuilder:validation:MinLength=1 | |
| histogram | [Histogram](#histogram)| `Histogram` | | | | |
| labels | [][MetricLabel](#metric-label)| `[]*MetricLabel` | | | Labels is a list of metric labels | |
-| name | string| `string` | | | Name is the name of the metric | |
+| name | string| `string` | | | Name is the name of the metric+kubebuilder:validation:Pattern=`^[a-zA-Z_][a-zA-Z0-9_]*$` | |
| when | string| `string` | | | When is a conditional statement that decides when to emit the metric | |
@@ -3241,6 +3250,7 @@ cause implementors to also use a fixed point implementation.
> ResourceTemplate is a template subtype to manipulate kubernetes resources
++kubebuilder:validation:XValidation:rule="(has(self.manifest) && !has(self.manifestFrom)) || (!has(self.manifest) && has(self.manifestFrom)) || (!has(self.manifest) && !has(self.manifestFrom))",message="only one of manifest or manifestFrom can be specified"
@@ -3251,12 +3261,12 @@ cause implementors to also use a fixed point implementation.
| Name | Type | Go type | Required | Default | Description | Example |
|------|------|---------|:--------:| ------- |-------------|---------|
-| action | string| `string` | | | Action is the action to perform to the resource.Must be one of: get, create, apply, delete, replace, patch | |
+| action | string| `string` | | | Action is the action to perform to the resource.Must be one of: get, create, apply, delete, replace, patch+kubebuilder:validation:Enum=get;create;apply;delete;replace;patch | |
| failureCondition | string| `string` | | | FailureCondition is a label selector expression which describes the conditionsof the k8s resource in which the step was considered failed | |
| flags | []string| `[]string` | | | Flags is a set of additional options passed to kubectl before submitting a resourceI.e. to disable resource validation:flags: ["--validate=false" # disable resource validation] | |
| manifest | string| `string` | | | Manifest contains the kubernetes manifest | |
| manifestFrom | [ManifestFrom](#manifest-from)| `ManifestFrom` | | | | |
-| mergeStrategy | string| `string` | | | MergeStrategy is the strategy used to merge a patch. It defaults to "strategic"Must be one of: strategic, merge, json | |
+| mergeStrategy | string| `string` | | | MergeStrategy is the strategy used to merge a patch. It defaults to "strategic"Must be one of: strategic, merge, json+kubebuilder:validation:Enum=strategic;merge;json | |
| setOwnerReference | boolean| `bool` | | | SetOwnerReference sets the reference to the workflow on the OwnerReference of generated resource. | |
| successCondition | string| `string` | | | SuccessCondition is a label selector expression which describes the conditionsof the k8s resource in which it is acceptable to proceed to the following step | |
@@ -3290,11 +3300,14 @@ cause implementors to also use a fixed point implementation.
### RetryPolicy
+> +kubebuilder:validation:Enum=Always;OnFailure;OnError;OnTransientError
+
+
| Name | Type | Go type | Default | Description | Example |
|------|------|---------| ------- |-------------|---------|
-| RetryPolicy | string| string | | | |
+| RetryPolicy | string| string | | +kubebuilder:validation:Enum=Always;OnFailure;OnError;OnTransientError | |
@@ -3635,6 +3648,7 @@ are set, the values in SecurityContext take precedence.
> Sequence expands a workflow step into numeric range
++kubebuilder:validation:XValidation:rule="!(has(self.count) && has(self.end))",message="only one of count or end can be defined"
@@ -3913,10 +3927,10 @@ of the first container processes are calculated.
| memoize | [Memoize](#memoize)| `Memoize` | | | | |
| metadata | [Metadata](#metadata)| `Metadata` | | | | |
| metrics | [Metrics](#metrics)| `Metrics` | | | | |
-| name | string| `string` | | | Name is the name of the template | |
+| name | string| `string` | | | Name is the name of the template+kubebuilder:validation:MaxLength=128+kubebuilder:validation:Pattern=`^[a-zA-Z0-9][-a-zA-Z0-9]*$` | |
| nodeSelector | map of string| `map[string]string` | | | NodeSelector is a selector to schedule this step of the workflow to berun on the selected node(s). Overrides the selector set at the workflow level. | |
| outputs | [Outputs](#outputs)| `Outputs` | | | | |
-| parallelism | int64 (formatted integer)| `int64` | | | Parallelism limits the max total parallel pods that can execute at the same time within theboundaries of this template invocation. If additional steps/dag templates are invoked, thepods created by those templates will not be counted towards this total. | |
+| parallelism | int64 (formatted integer)| `int64` | | | Parallelism limits the max total parallel pods that can execute at the same time within theboundaries of this template invocation. If additional steps/dag templates are invoked, thepods created by those templates will not be counted towards this total.+kubebuilder:validation:Minimum=1 | |
| plugin | [Plugin](#plugin)| `Plugin` | | | | |
| podSpecPatch | string| `string` | | | PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization ofcontainer fields which are not strings (e.g. resource limits). | |
| priorityClassName | string| `string` | | | PriorityClassName to apply to workflow pods. | |
@@ -3927,7 +3941,7 @@ of the first container processes are calculated.
| securityContext | [PodSecurityContext](#pod-security-context)| `PodSecurityContext` | | | | |
| serviceAccountName | string| `string` | | | ServiceAccountName to apply to workflow pods | |
| sidecars | [][UserContainer](#user-container)| `[]*UserContainer` | | | Sidecars is a list of containers which run alongside the main containerSidecars are automatically killed when the main container completes+patchStrategy=merge+patchMergeKey=name | |
-| steps | [][ParallelSteps](#parallel-steps)| `[]ParallelSteps` | | | Steps define a series of sequential/parallel workflow steps | |
+| steps | [][ParallelSteps](#parallel-steps)| `[]ParallelSteps` | | | Steps define a series of sequential/parallel workflow steps+kubebuilder:validation:MinItems=1 | |
| suspend | [SuspendTemplate](#suspend-template)| `SuspendTemplate` | | | | |
| synchronization | [Synchronization](#synchronization)| `Synchronization` | | | | |
| timeout | string| `string` | | | Timeout allows to set the total node execution timeout duration counting from the node's start time.This duration also includes time in which the node spends in Pending state. This duration may not be applied to Step or DAG templates. | |
diff --git a/docs/fields.md b/docs/fields.md
index ada31e69a1e2..cb0000718924 100644
--- a/docs/fields.md
+++ b/docs/fields.md
@@ -911,7 +911,7 @@ WorkflowSpec is the specification of a Workflow.
|`suspend`|`boolean`|Suspend will suspend the workflow and prevent execution of any future steps in the workflow|
|`synchronization`|[`Synchronization`](#synchronization)|Synchronization holds synchronization lock configuration for this Workflow|
|`templateDefaults`|[`Template`](#template)|TemplateDefaults holds default template values that will apply to all templates in the Workflow, unless overridden on the template-level|
-|`templates`|`Array<`[`Template`](#template)`>`|Templates is a list of workflow templates used in a workflow|
+|`templates`|`Array<`[`Template`](#template)`>`|Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file|
|`tolerations`|`Array<`[`Toleration`](#toleration)`>`|Tolerations to apply to workflow pods.|
|`ttlStrategy`|[`TTLStrategy`](#ttlstrategy)|TTLStrategy limits the lifetime of a Workflow that has finished execution depending on if it Succeeded or Failed. If this struct is set, once the Workflow finishes, it will be deleted after the time to live expires. If this field is unset, the controller config map will hold the default values.|
|`volumeClaimGC`|[`VolumeClaimGC`](#volumeclaimgc)|VolumeClaimGC describes the strategy to use when deleting volumes from completed workflows|
@@ -1700,7 +1700,7 @@ Metrics are a list of metrics emitted from a Workflow/Template
### Fields
| Field Name | Field Type | Description |
|:----------:|:----------:|---------------|
-|`prometheus`|`Array<`[`Prometheus`](#prometheus)`>`|Prometheus is a list of prometheus metrics to be emitted|
+|`prometheus`|`Array<`[`Prometheus`](#prometheus)`>`|Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file|
## PodGC
@@ -2772,7 +2772,7 @@ DAGTemplate is a template subtype for directed acyclic graph templates
|:----------:|:----------:|---------------|
|`failFast`|`boolean`|This flag is for DAG logic. The DAG logic has a built-in "fail fast" feature to stop scheduling new steps, as soon as it detects that one of the DAG nodes is failed. Then it waits until all DAG nodes are completed before failing the DAG itself. The FailFast flag default is true, if set to false, it will allow a DAG to run all branches of the DAG to completion (either success or failure), regardless of the failed outcomes of branches in the DAG. More info and example about this feature at https://github.com/argoproj/argo-workflows/issues/1442|
|`target`|`string`|Target are one or more names of targets to execute in a DAG|
-|`tasks`|`Array<`[`DAGTask`](#dagtask)`>`|Tasks are a list of DAG tasks|
+|`tasks`|`Array<`[`DAGTask`](#dagtask)`>`|Tasks are a list of DAG tasks MaxItems is an artificial limit to limit CEL validation costs - see note at top of file|
## Data
@@ -3085,7 +3085,7 @@ Inputs are the mechanism for passing parameters, artifacts, volumes from one tem
| Field Name | Field Type | Description |
|:----------:|:----------:|---------------|
|`artifacts`|`Array<`[`Artifact`](#artifact)`>`|Artifact are a list of artifacts passed as inputs|
-|`parameters`|`Array<`[`Parameter`](#parameter)`>`|Parameters are a list of parameters passed as inputs|
+|`parameters`|`Array<`[`Parameter`](#parameter)`>`|Parameters are a list of parameters passed as inputs MaxItems is an artificial limit to limit CEL validation costs - see note at top of file|
## Memoize
@@ -3247,7 +3247,7 @@ ScriptTemplate is a template subtype to enable scripting through code steps
## WorkflowStep
-WorkflowStep is a reference to a template to execute in a series of step
+WorkflowStep is a reference to a template to execute in a series of step Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
Examples with this field (click to open)
@@ -3954,7 +3954,7 @@ Gauge is a Gauge prometheus metric
|:----------:|:----------:|---------------|
|`operation`|`string`|Operation defines the operation to apply with value and the metrics' current value|
|`realtime`|`boolean`|Realtime emits this metric in real time if applicable|
-|`value`|`string`|Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric|
+|`value`|`string`|Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric MaxLength is an artificial limit to limit CEL validation costs - see note at top of file|
## Histogram
@@ -4162,7 +4162,7 @@ ContainerSetRetryStrategy provides controls on how to retry a container set
## DAGTask
-DAGTask represents a node in the graph during DAG execution
+DAGTask represents a node in the graph during DAG execution Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
Examples with this field (click to open)
diff --git a/hack/manifests/crds.go b/hack/manifests/crds.go
index 2381beaaceb8..3459c5438374 100644
--- a/hack/manifests/crds.go
+++ b/hack/manifests/crds.go
@@ -43,7 +43,18 @@ func cleanCRD(filename string) {
patchMetadata(&schema, "spec", "properties", "submit", "properties", "metadata", "properties")
case "workflowtasksets.argoproj.io":
patchVolumeFields(&schema, "spec", "properties", "tasks", "additionalProperties", "properties")
+ // Controller-managed CRD: strip all CEL validations from spec to reduce budget cost
+ schema.RecursiveRemoveValidations("spec")
+ case "workflowtaskresults.argoproj.io":
+ // Controller-managed CRD: strip all CEL validations from spec to reduce budget cost
+ schema.RecursiveRemoveValidations("spec")
+ case "workflowartifactgctasks.argoproj.io":
+ // Controller-managed CRD: strip all CEL validations from spec to reduce budget cost
+ schema.RecursiveRemoveValidations("spec")
}
+ // Remove x-kubernetes-validations from all status blocks to reduce CEL budget cost
+ // (status is controller-managed and doesn't need user-facing validation)
+ schema.RecursiveRemoveValidations("status")
crd.WriteYaml(filename)
}
diff --git a/hack/manifests/helpers.go b/hack/manifests/helpers.go
index 9727c74c7310..2e8dfd2e072f 100644
--- a/hack/manifests/helpers.go
+++ b/hack/manifests/helpers.go
@@ -9,35 +9,57 @@ import (
"sigs.k8s.io/yaml"
)
-type obj map[string]interface{}
+type obj map[string]any
func (o *obj) RemoveNestedField(fields ...string) {
unstructured.RemoveNestedField(*o, fields...)
}
func (o *obj) RecursiveRemoveDescriptions(fields ...string) {
- startField := nestedFieldNoCopy[map[string]interface{}](o, fields...)
+ startField := nestedFieldNoCopy[map[string]any](o, fields...)
description := startField["description"].(string)
startField["description"] = description + ".\nAll nested field descriptions have been dropped due to Kubernetes size limitations."
- var rec func(field *map[string]interface{})
- rec = func(field *map[string]interface{}) {
+ var rec func(field *map[string]any)
+ rec = func(field *map[string]any) {
if _, ok := (*field)["description"].(string); ok {
delete(*field, "description")
}
for _, value := range *field {
- if nested, ok := value.(map[string]interface{}); ok {
+ if nested, ok := value.(map[string]any); ok {
rec(&nested)
}
}
}
- properties := startField["properties"].(map[string]interface{})
+ properties := startField["properties"].(map[string]any)
rec(&properties)
}
-func (o *obj) SetNestedField(value interface{}, fields ...string) {
- parentField := nestedFieldNoCopy[map[string]interface{}](o, fields[:len(fields)-1]...)
+// Status block validation is expensive and less needed
+func (o *obj) RecursiveRemoveValidations(fields ...string) {
+ if _, found, _ := unstructured.NestedFieldNoCopy(*o, fields...); !found {
+ return
+ }
+ startField := nestedFieldNoCopy[map[string]any](o, fields...)
+
+ var rec func(field *map[string]any)
+ rec = func(field *map[string]any) {
+ // Remove x-kubernetes-validations if present
+ delete(*field, "x-kubernetes-validations")
+ // Recurse into nested maps
+ for _, value := range *field {
+ if nested, ok := value.(map[string]any); ok {
+ rec(&nested)
+ }
+ }
+ }
+
+ rec(&startField)
+}
+
+func (o *obj) SetNestedField(value any, fields ...string) {
+ parentField := nestedFieldNoCopy[map[string]any](o, fields[:len(fields)-1]...)
parentField[fields[len(fields)-1]] = value
}
@@ -51,9 +73,9 @@ func (o *obj) Name() string {
}
func (o *obj) OpenAPIV3Schema() obj {
- versions := nestedFieldNoCopy[[]interface{}](o, "spec", "versions")
- version := obj(versions[0].(map[string]interface{}))
- return nestedFieldNoCopy[map[string]interface{}](&version, "schema", "openAPIV3Schema", "properties")
+ versions := nestedFieldNoCopy[[]any](o, "spec", "versions")
+ version := obj(versions[0].(map[string]any))
+ return nestedFieldNoCopy[map[string]any](&version, "schema", "openAPIV3Schema", "properties")
}
func nestedFieldNoCopy[T any](o *obj, fields ...string) T {
diff --git a/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml b/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml
index 882d161b29a3..e7c9b404bc2a 100644
--- a/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml
+++ b/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml
@@ -1694,10 +1694,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
@@ -2033,6 +2036,13 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) +
+ (has(self.http) ? 1 : 0) + (has(self.artifactory) ? 1 :
+ 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw) ? 1 : 0)
+ + (has(self.oss) ? 1 : 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters to pass to the
@@ -2057,6 +2067,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -2065,6 +2076,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -3007,10 +3019,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -3357,6 +3372,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 :
+ 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters to pass
@@ -3381,6 +3404,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -3389,6 +3413,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -3545,8 +3570,9 @@ spec:
description: Metrics are a list of metrics emitted from this Workflow
properties:
prometheus:
- description: Prometheus is a list of prometheus metrics to be
- emitted
+ description: |-
+ Prometheus is a list of prometheus metrics to be emitted
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Prometheus is a prometheus metric to be emitted
properties:
@@ -3555,6 +3581,7 @@ spec:
properties:
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- value
@@ -3565,6 +3592,10 @@ spec:
operation:
description: Operation defines the operation to apply
with value and the metrics' current value
+ enum:
+ - Set
+ - Add
+ - Sub
type: string
realtime:
description: Realtime emits this metric in real time
@@ -3574,13 +3605,21 @@ spec:
description: |-
Value is the value to be used in the operation with the metric's current value. If no operation is set,
value is the value of the metric
+ MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
+ maxLength: 256
+ minLength: 1
type: string
required:
- realtime
- value
type: object
+ x-kubernetes-validations:
+ - message: '''resourcesDuration.*'' metrics cannot be used
+ in real-time gauges'
+ rule: '!has(self.realtime) || !self.realtime || !self.value.contains(''resourcesDuration.'')'
help:
description: Help is a string that describes the metric
+ minLength: 1
type: string
histogram:
description: Histogram is a histogram metric
@@ -3593,6 +3632,7 @@ spec:
type: array
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- buckets
@@ -3605,6 +3645,7 @@ spec:
metric
properties:
key:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
value:
type: string
@@ -3615,6 +3656,7 @@ spec:
type: array
name:
description: Name is the name of the metric
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
when:
description: When is a conditional statement that decides
@@ -3624,6 +3666,7 @@ spec:
- help
- name
type: object
+ maxItems: 100
type: array
required:
- prometheus
@@ -3646,6 +3689,7 @@ spec:
description: Parallelism limits the max total parallel pods that can
execute at the same time in a workflow
format: int64
+ minimum: 1
type: integer
podDisruptionBudget:
description: |-
@@ -3808,6 +3852,12 @@ spec:
description: Strategy is the strategy to use. One of "OnPodCompletion",
"OnPodSuccess", "OnWorkflowCompletion", "OnWorkflowSuccess".
If unset, does not delete Pods
+ enum:
+ - ""
+ - OnPodCompletion
+ - OnPodSuccess
+ - OnWorkflowCompletion
+ - OnWorkflowSuccess
type: string
type: object
podMetadata:
@@ -3894,6 +3944,11 @@ spec:
retryPolicy:
description: RetryPolicy is a policy of NodePhase statuses that
will be retried
+ enum:
+ - Always
+ - OnFailure
+ - OnError
+ - OnTransientError
type: string
type: object
schedulerName:
@@ -6114,6 +6169,13 @@ spec:
type: boolean
type: object
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) + (has(self.http)
+ ? 1 : 0) + (has(self.artifactory) ? 1 : 0) + (has(self.hdfs)
+ ? 1 : 0) + (has(self.raw) ? 1 : 0) + (has(self.oss) ? 1 :
+ 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure) ? 1 : 0) +
+ (has(self.plugin) ? 1 : 0) <= 1'
automountServiceAccountToken:
description: |-
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods.
@@ -9108,10 +9170,13 @@ spec:
in a DAG
type: string
tasks:
- description: Tasks are a list of DAG tasks
+ description: |-
+ Tasks are a list of DAG tasks
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
- description: DAGTask represents a node in the graph during
- DAG execution
+ description: |-
+ DAGTask represents a node in the graph during DAG execution
+ Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
properties:
arguments:
description: Arguments are the parameter and artifact
@@ -9893,10 +9958,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be
unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -10268,6 +10336,15 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be
+ specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -10296,6 +10373,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -10304,6 +10382,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -11229,10 +11308,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must
be unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -11624,6 +11706,17 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location
+ can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0)
+ + (has(self.artifactory) ? 1 : 0) +
+ (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) +
+ (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0)
+ <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -11652,6 +11745,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -11660,6 +11754,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -11783,6 +11878,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
name:
description: Name is the name of the target
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
description: |-
@@ -11855,9 +11952,23 @@ spec:
(default: 0)'
x-kubernetes-int-or-string: true
type: object
+ x-kubernetes-validations:
+ - message: only one of count or end can be defined
+ rule: '!(has(self.count) && has(self.end))'
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: cannot use both 'depends' and 'dependencies'
+ rule: '!has(self.depends) || !has(self.dependencies)'
+ - message: cannot use 'continueOn' when using 'depends'
+ rule: '!has(self.depends) || !has(self.continueOn)'
+ - message: task name cannot begin with a digit when using
+ 'depends' or 'dependencies'
+ rule: '!(has(self.depends) || has(self.dependencies))
+ || !self.name.matches(''^[0-9]'')'
+ maxItems: 200
+ minItems: 1
type: array
required:
- tasks
@@ -12602,10 +12713,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -12952,6 +13066,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 :
+ 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: object
transformation:
description: Transformation applies a set of transformations
@@ -15261,10 +15383,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
@@ -15607,10 +15732,19 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0)
+ + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
- description: Parameters are a list of parameters passed as
- inputs
+ description: |-
+ Parameters are a list of parameters passed as inputs
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Parameter indicate a passed string parameter
to a service template with an optional default value
@@ -15631,6 +15765,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -15639,6 +15774,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -15712,6 +15848,7 @@ spec:
required:
- name
type: object
+ maxItems: 500
type: array
type: object
memoize:
@@ -15768,8 +15905,9 @@ spec:
description: Metrics are a list of metrics emitted from this template
properties:
prometheus:
- description: Prometheus is a list of prometheus metrics to
- be emitted
+ description: |-
+ Prometheus is a list of prometheus metrics to be emitted
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Prometheus is a prometheus metric to be emitted
properties:
@@ -15778,6 +15916,7 @@ spec:
properties:
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- value
@@ -15788,6 +15927,10 @@ spec:
operation:
description: Operation defines the operation to
apply with value and the metrics' current value
+ enum:
+ - Set
+ - Add
+ - Sub
type: string
realtime:
description: Realtime emits this metric in real
@@ -15797,13 +15940,21 @@ spec:
description: |-
Value is the value to be used in the operation with the metric's current value. If no operation is set,
value is the value of the metric
+ MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
+ maxLength: 256
+ minLength: 1
type: string
required:
- realtime
- value
type: object
+ x-kubernetes-validations:
+ - message: '''resourcesDuration.*'' metrics cannot be
+ used in real-time gauges'
+ rule: '!has(self.realtime) || !self.realtime || !self.value.contains(''resourcesDuration.'')'
help:
description: Help is a string that describes the metric
+ minLength: 1
type: string
histogram:
description: Histogram is a histogram metric
@@ -15816,6 +15967,7 @@ spec:
type: array
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- buckets
@@ -15828,6 +15980,7 @@ spec:
metric
properties:
key:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
value:
type: string
@@ -15838,6 +15991,7 @@ spec:
type: array
name:
description: Name is the name of the metric
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
when:
description: When is a conditional statement that decides
@@ -15847,12 +16001,15 @@ spec:
- help
- name
type: object
+ maxItems: 100
type: array
required:
- prometheus
type: object
name:
description: Name is the name of the template
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
nodeSelector:
additionalProperties:
@@ -16599,10 +16756,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
@@ -16945,6 +17105,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0)
+ + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
exitCode:
description: ExitCode holds the exit code of a script template
@@ -16972,6 +17140,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -16980,6 +17149,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -17065,6 +17235,7 @@ spec:
boundaries of this template invocation. If additional steps/dag templates are invoked, the
pods created by those templates will not be counted towards this total.
format: int64
+ minimum: 1
type: integer
plugin:
description: |-
@@ -17088,6 +17259,13 @@ spec:
description: |-
Action is the action to perform to the resource.
Must be one of: get, create, apply, delete, replace, patch
+ enum:
+ - get
+ - create
+ - apply
+ - delete
+ - replace
+ - patch
type: string
failureCondition:
description: |-
@@ -17842,10 +18020,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -18192,6 +18373,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 :
+ 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
required:
- artifact
type: object
@@ -18199,6 +18388,10 @@ spec:
description: |-
MergeStrategy is the strategy used to merge a patch. It defaults to "strategic"
Must be one of: strategic, merge, json
+ enum:
+ - strategic
+ - merge
+ - json
type: string
setOwnerReference:
description: SetOwnerReference sets the reference to the workflow
@@ -18212,6 +18405,10 @@ spec:
required:
- action
type: object
+ x-kubernetes-validations:
+ - message: only one of manifest or manifestFrom can be specified
+ rule: (has(self.manifest) && !has(self.manifestFrom)) || (!has(self.manifest)
+ && has(self.manifestFrom)) || (!has(self.manifest) && !has(self.manifestFrom))
retryStrategy:
description: RetryStrategy describes how to retry a template when
it fails
@@ -18271,6 +18468,11 @@ spec:
retryPolicy:
description: RetryPolicy is a policy of NodePhase statuses
that will be retried
+ enum:
+ - Always
+ - OnFailure
+ - OnError
+ - OnTransientError
type: string
type: object
schedulerName:
@@ -21406,8 +21608,9 @@ spec:
There isn't actually a "steps" key in the JSON serialization; this is an anonymous list.
See the custom Unmarshaller below and ./hack/manifests/crd.go
items:
- description: WorkflowStep is a reference to a template to
- execute in a series of step
+ description: |-
+ WorkflowStep is a reference to a template to execute in a series of step
+ Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
properties:
arguments:
description: Arguments hold arguments to the template
@@ -22185,10 +22388,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -22554,6 +22760,15 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be
+ specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -22581,6 +22796,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -22589,6 +22805,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -23480,10 +23697,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must
be unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -23865,6 +24085,16 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can
+ be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) +
+ (has(self.artifactory) ? 1 : 0) + (has(self.hdfs)
+ ? 1 : 0) + (has(self.raw) ? 1 : 0) + (has(self.oss)
+ ? 1 : 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0)
+ <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -23893,6 +24123,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -23901,6 +24132,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -24023,6 +24255,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
name:
description: Name of the step
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
description: |-
@@ -24096,8 +24330,12 @@ spec:
(default: 0)'
x-kubernetes-int-or-string: true
type: object
+ x-kubernetes-validations:
+ - message: only one of count or end can be defined
+ rule: '!(has(self.count) && has(self.end))'
type: object
type: array
+ minItems: 1
type: array
suspend:
description: Suspend template subtype which can suspend a workflow
@@ -26035,7 +26273,9 @@ spec:
type: array
type: object
templates:
- description: Templates is a list of workflow templates used in a workflow
+ description: |-
+ Templates is a list of workflow templates used in a workflow
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Template is a reusable and composable unit of execution
in a workflow
@@ -27937,6 +28177,13 @@ spec:
type: boolean
type: object
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) +
+ (has(self.http) ? 1 : 0) + (has(self.artifactory) ? 1 :
+ 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw) ? 1 : 0)
+ + (has(self.oss) ? 1 : 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0) <= 1'
automountServiceAccountToken:
description: |-
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods.
@@ -30934,10 +31181,13 @@ spec:
execute in a DAG
type: string
tasks:
- description: Tasks are a list of DAG tasks
+ description: |-
+ Tasks are a list of DAG tasks
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
- description: DAGTask represents a node in the graph during
- DAG execution
+ description: |-
+ DAGTask represents a node in the graph during DAG execution
+ Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
properties:
arguments:
description: Arguments are the parameter and artifact
@@ -31722,10 +31972,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must
be unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if
@@ -32104,6 +32357,15 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can
+ be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -32132,6 +32394,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -32140,6 +32403,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -33081,11 +33345,14 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact.
must be unique within a template's
inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -33484,6 +33751,17 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location
+ can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0)
+ + (has(self.artifactory) ? 1 : 0)
+ + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0)
+ + (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 :
+ 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -33512,6 +33790,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -33521,6 +33800,7 @@ spec:
name:
description: Name is the parameter
name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -33645,6 +33925,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
name:
description: Name is the name of the target
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
description: |-
@@ -33718,9 +34000,23 @@ spec:
(default: 0)'
x-kubernetes-int-or-string: true
type: object
+ x-kubernetes-validations:
+ - message: only one of count or end can be defined
+ rule: '!(has(self.count) && has(self.end))'
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: cannot use both 'depends' and 'dependencies'
+ rule: '!has(self.depends) || !has(self.dependencies)'
+ - message: cannot use 'continueOn' when using 'depends'
+ rule: '!has(self.depends) || !has(self.continueOn)'
+ - message: task name cannot begin with a digit when using
+ 'depends' or 'dependencies'
+ rule: '!(has(self.depends) || has(self.dependencies))
+ || !self.name.matches(''^[0-9]'')'
+ maxItems: 200
+ minItems: 1
type: array
required:
- tasks
@@ -34471,10 +34767,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -34825,6 +35124,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1
+ : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: object
transformation:
description: Transformation applies a set of transformations
@@ -37140,10 +37447,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -37490,10 +37800,19 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 :
+ 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
- description: Parameters are a list of parameters passed
- as inputs
+ description: |-
+ Parameters are a list of parameters passed as inputs
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Parameter indicate a passed string parameter
to a service template with an optional default value
@@ -37514,6 +37833,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -37522,6 +37842,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -37596,6 +37917,7 @@ spec:
required:
- name
type: object
+ maxItems: 500
type: array
type: object
memoize:
@@ -37653,8 +37975,9 @@ spec:
template
properties:
prometheus:
- description: Prometheus is a list of prometheus metrics
- to be emitted
+ description: |-
+ Prometheus is a list of prometheus metrics to be emitted
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Prometheus is a prometheus metric to be emitted
properties:
@@ -37663,6 +37986,7 @@ spec:
properties:
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- value
@@ -37673,6 +37997,10 @@ spec:
operation:
description: Operation defines the operation to
apply with value and the metrics' current value
+ enum:
+ - Set
+ - Add
+ - Sub
type: string
realtime:
description: Realtime emits this metric in real
@@ -37682,13 +38010,22 @@ spec:
description: |-
Value is the value to be used in the operation with the metric's current value. If no operation is set,
value is the value of the metric
+ MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
+ maxLength: 256
+ minLength: 1
type: string
required:
- realtime
- value
type: object
+ x-kubernetes-validations:
+ - message: '''resourcesDuration.*'' metrics cannot
+ be used in real-time gauges'
+ rule: '!has(self.realtime) || !self.realtime ||
+ !self.value.contains(''resourcesDuration.'')'
help:
description: Help is a string that describes the metric
+ minLength: 1
type: string
histogram:
description: Histogram is a histogram metric
@@ -37701,6 +38038,7 @@ spec:
type: array
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- buckets
@@ -37713,6 +38051,7 @@ spec:
prometheus metric
properties:
key:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
value:
type: string
@@ -37723,6 +38062,7 @@ spec:
type: array
name:
description: Name is the name of the metric
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
when:
description: When is a conditional statement that
@@ -37732,12 +38072,15 @@ spec:
- help
- name
type: object
+ maxItems: 100
type: array
required:
- prometheus
type: object
name:
description: Name is the name of the template
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
nodeSelector:
additionalProperties:
@@ -38487,10 +38830,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -38837,6 +39183,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 :
+ 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
exitCode:
description: ExitCode holds the exit code of a script template
@@ -38864,6 +39218,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -38872,6 +39227,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -38959,6 +39315,7 @@ spec:
boundaries of this template invocation. If additional steps/dag templates are invoked, the
pods created by those templates will not be counted towards this total.
format: int64
+ minimum: 1
type: integer
plugin:
description: |-
@@ -38982,6 +39339,13 @@ spec:
description: |-
Action is the action to perform to the resource.
Must be one of: get, create, apply, delete, replace, patch
+ enum:
+ - get
+ - create
+ - apply
+ - delete
+ - replace
+ - patch
type: string
failureCondition:
description: |-
@@ -39742,10 +40106,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -40096,6 +40463,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1
+ : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
required:
- artifact
type: object
@@ -40103,6 +40478,10 @@ spec:
description: |-
MergeStrategy is the strategy used to merge a patch. It defaults to "strategic"
Must be one of: strategic, merge, json
+ enum:
+ - strategic
+ - merge
+ - json
type: string
setOwnerReference:
description: SetOwnerReference sets the reference to the
@@ -40116,6 +40495,10 @@ spec:
required:
- action
type: object
+ x-kubernetes-validations:
+ - message: only one of manifest or manifestFrom can be specified
+ rule: (has(self.manifest) && !has(self.manifestFrom)) || (!has(self.manifest)
+ && has(self.manifestFrom)) || (!has(self.manifest) && !has(self.manifestFrom))
retryStrategy:
description: RetryStrategy describes how to retry a template
when it fails
@@ -40175,6 +40558,11 @@ spec:
retryPolicy:
description: RetryPolicy is a policy of NodePhase statuses
that will be retried
+ enum:
+ - Always
+ - OnFailure
+ - OnError
+ - OnTransientError
type: string
type: object
schedulerName:
@@ -43312,8 +43700,9 @@ spec:
There isn't actually a "steps" key in the JSON serialization; this is an anonymous list.
See the custom Unmarshaller below and ./hack/manifests/crd.go
items:
- description: WorkflowStep is a reference to a template to
- execute in a series of step
+ description: |-
+ WorkflowStep is a reference to a template to execute in a series of step
+ Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
properties:
arguments:
description: Arguments hold arguments to the template
@@ -44094,10 +44483,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be
unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -44469,6 +44861,15 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be
+ specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -44497,6 +44898,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -44505,6 +44907,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -45420,10 +45823,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must
be unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -45815,6 +46221,17 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location
+ can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0)
+ + (has(self.artifactory) ? 1 : 0) +
+ (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) +
+ (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0)
+ <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -45843,6 +46260,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -45851,6 +46269,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -45975,6 +46394,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
name:
description: Name of the step
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
description: |-
@@ -46048,8 +46469,12 @@ spec:
(default: 0)'
x-kubernetes-int-or-string: true
type: object
+ x-kubernetes-validations:
+ - message: only one of count or end can be defined
+ rule: '!(has(self.count) && has(self.end))'
type: object
type: array
+ minItems: 1
type: array
suspend:
description: Suspend template subtype which can suspend a workflow
@@ -47993,7 +48418,21 @@ spec:
type: object
type: array
type: object
+ maxItems: 200
type: array
+ x-kubernetes-validations:
+ - message: template must have at most one template type
+ rule: 'self.all(t, (has(t.container) ? 1 : 0) + (has(t.script) ?
+ 1 : 0) + (has(t.dag) ? 1 : 0) + (has(t.steps) ? 1 : 0) + (has(t.resource)
+ ? 1 : 0) + (has(t.suspend) ? 1 : 0) + (has(t.containerSet) ? 1
+ : 0) + (has(t.data) ? 1 : 0) + (has(t.http) ? 1 : 0) + (has(t.plugin)
+ ? 1 : 0) <= 1)'
+ - message: timeout cannot be applied to steps or dag templates
+ rule: self.all(t, !(has(t.timeout) && t.timeout != "" && (has(t.steps)
+ || has(t.dag))))
+ - message: activeDeadlineSeconds is only valid for leaf templates
+ rule: self.all(t, !(has(t.activeDeadlineSeconds) && (has(t.steps)
+ || has(t.dag))))
tolerations:
description: Tolerations to apply to workflow pods.
items:
diff --git a/manifests/base/crds/full/argoproj.io_cronworkflows.yaml b/manifests/base/crds/full/argoproj.io_cronworkflows.yaml
index 6b8360a0271c..2d7cd6527979 100644
--- a/manifests/base/crds/full/argoproj.io_cronworkflows.yaml
+++ b/manifests/base/crds/full/argoproj.io_cronworkflows.yaml
@@ -43,6 +43,10 @@ spec:
concurrencyPolicy:
description: ConcurrencyPolicy is the K8s-style concurrency policy
that will be used
+ enum:
+ - Allow
+ - Forbid
+ - Replace
type: string
failedJobsHistoryLimit:
description: FailedJobsHistoryLimit is the number of failed jobs to
@@ -53,13 +57,16 @@ spec:
description: 'v3.6 and after: Schedules is a list of schedules to
run the Workflow in Cron format'
items:
+ pattern: ^(@(yearly|annually|monthly|weekly|daily|midnight|hourly)|@every\s+([0-9]+(ns|us|µs|ms|s|m|h))+|([0-9*,/-?]+\s+){4}[0-9*,/-?]+)$
type: string
+ minItems: 1
type: array
startingDeadlineSeconds:
description: |-
StartingDeadlineSeconds is the K8s-style deadline that will limit the time a CronWorkflow will be run after its
original scheduled time if it is missed.
format: int64
+ minimum: 0
type: integer
stopStrategy:
description: 'v3.6 and after: StopStrategy defines if the CronWorkflow
@@ -1789,10 +1796,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
@@ -2135,6 +2145,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0)
+ + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters to pass
@@ -2159,6 +2177,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -2167,6 +2186,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -3133,10 +3153,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -3498,6 +3521,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ?
+ 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters to
@@ -3523,6 +3554,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -3531,6 +3563,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -3688,8 +3721,9 @@ spec:
description: Metrics are a list of metrics emitted from this Workflow
properties:
prometheus:
- description: Prometheus is a list of prometheus metrics to
- be emitted
+ description: |-
+ Prometheus is a list of prometheus metrics to be emitted
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Prometheus is a prometheus metric to be emitted
properties:
@@ -3698,6 +3732,7 @@ spec:
properties:
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- value
@@ -3708,6 +3743,10 @@ spec:
operation:
description: Operation defines the operation to
apply with value and the metrics' current value
+ enum:
+ - Set
+ - Add
+ - Sub
type: string
realtime:
description: Realtime emits this metric in real
@@ -3717,13 +3756,21 @@ spec:
description: |-
Value is the value to be used in the operation with the metric's current value. If no operation is set,
value is the value of the metric
+ MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
+ maxLength: 256
+ minLength: 1
type: string
required:
- realtime
- value
type: object
+ x-kubernetes-validations:
+ - message: '''resourcesDuration.*'' metrics cannot be
+ used in real-time gauges'
+ rule: '!has(self.realtime) || !self.realtime || !self.value.contains(''resourcesDuration.'')'
help:
description: Help is a string that describes the metric
+ minLength: 1
type: string
histogram:
description: Histogram is a histogram metric
@@ -3736,6 +3783,7 @@ spec:
type: array
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- buckets
@@ -3748,6 +3796,7 @@ spec:
metric
properties:
key:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
value:
type: string
@@ -3758,6 +3807,7 @@ spec:
type: array
name:
description: Name is the name of the metric
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
when:
description: When is a conditional statement that decides
@@ -3767,6 +3817,7 @@ spec:
- help
- name
type: object
+ maxItems: 100
type: array
required:
- prometheus
@@ -3789,6 +3840,7 @@ spec:
description: Parallelism limits the max total parallel pods that
can execute at the same time in a workflow
format: int64
+ minimum: 1
type: integer
podDisruptionBudget:
description: |-
@@ -3952,6 +4004,12 @@ spec:
description: Strategy is the strategy to use. One of "OnPodCompletion",
"OnPodSuccess", "OnWorkflowCompletion", "OnWorkflowSuccess".
If unset, does not delete Pods
+ enum:
+ - ""
+ - OnPodCompletion
+ - OnPodSuccess
+ - OnWorkflowCompletion
+ - OnWorkflowSuccess
type: string
type: object
podMetadata:
@@ -4039,6 +4097,11 @@ spec:
retryPolicy:
description: RetryPolicy is a policy of NodePhase statuses
that will be retried
+ enum:
+ - Always
+ - OnFailure
+ - OnError
+ - OnTransientError
type: string
type: object
schedulerName:
@@ -6280,6 +6343,14 @@ spec:
type: boolean
type: object
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0)
+ + (has(self.http) ? 1 : 0) + (has(self.artifactory) ?
+ 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw) ? 1
+ : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs) ? 1 :
+ 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin) ? 1
+ : 0) <= 1'
automountServiceAccountToken:
description: |-
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods.
@@ -9288,10 +9359,13 @@ spec:
execute in a DAG
type: string
tasks:
- description: Tasks are a list of DAG tasks
+ description: |-
+ Tasks are a list of DAG tasks
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
- description: DAGTask represents a node in the graph
- during DAG execution
+ description: |-
+ DAGTask represents a node in the graph during DAG execution
+ Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
properties:
arguments:
description: Arguments are the parameter and artifact
@@ -10093,10 +10167,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must
be unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -10478,6 +10555,16 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can
+ be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) +
+ (has(self.artifactory) ? 1 : 0) + (has(self.hdfs)
+ ? 1 : 0) + (has(self.raw) ? 1 : 0) + (has(self.oss)
+ ? 1 : 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0)
+ <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -10506,6 +10593,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -10514,6 +10602,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -11473,11 +11562,14 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact.
must be unique within a template's
inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -11879,6 +11971,17 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location
+ can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 :
+ 0) + (has(self.artifactory) ? 1
+ : 0) + (has(self.hdfs) ? 1 : 0)
+ + (has(self.raw) ? 1 : 0) + (has(self.oss)
+ ? 1 : 0) + (has(self.gcs) ? 1 :
+ 0) + (has(self.azure) ? 1 : 0) +
+ (has(self.plugin) ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of
@@ -11908,6 +12011,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -11917,6 +12021,7 @@ spec:
name:
description: Name is the parameter
name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -12044,6 +12149,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
name:
description: Name is the name of the target
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
description: |-
@@ -12118,9 +12225,23 @@ spec:
(default: 0)'
x-kubernetes-int-or-string: true
type: object
+ x-kubernetes-validations:
+ - message: only one of count or end can be defined
+ rule: '!(has(self.count) && has(self.end))'
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: cannot use both 'depends' and 'dependencies'
+ rule: '!has(self.depends) || !has(self.dependencies)'
+ - message: cannot use 'continueOn' when using 'depends'
+ rule: '!has(self.depends) || !has(self.continueOn)'
+ - message: task name cannot begin with a digit when
+ using 'depends' or 'dependencies'
+ rule: '!(has(self.depends) || has(self.dependencies))
+ || !self.name.matches(''^[0-9]'')'
+ maxItems: 200
+ minItems: 1
type: array
required:
- tasks
@@ -12888,10 +13009,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -13253,6 +13377,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ?
+ 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: object
transformation:
description: Transformation applies a set of transformations
@@ -15581,10 +15713,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -15935,10 +16070,19 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1
+ : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
- description: Parameters are a list of parameters passed
- as inputs
+ description: |-
+ Parameters are a list of parameters passed as inputs
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Parameter indicate a passed string parameter
to a service template with an optional default value
@@ -15959,6 +16103,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -15967,6 +16112,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -16042,6 +16188,7 @@ spec:
required:
- name
type: object
+ maxItems: 500
type: array
type: object
memoize:
@@ -16099,8 +16246,9 @@ spec:
template
properties:
prometheus:
- description: Prometheus is a list of prometheus metrics
- to be emitted
+ description: |-
+ Prometheus is a list of prometheus metrics to be emitted
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Prometheus is a prometheus metric to be
emitted
@@ -16110,6 +16258,7 @@ spec:
properties:
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- value
@@ -16121,6 +16270,10 @@ spec:
description: Operation defines the operation
to apply with value and the metrics' current
value
+ enum:
+ - Set
+ - Add
+ - Sub
type: string
realtime:
description: Realtime emits this metric in real
@@ -16130,14 +16283,23 @@ spec:
description: |-
Value is the value to be used in the operation with the metric's current value. If no operation is set,
value is the value of the metric
+ MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
+ maxLength: 256
+ minLength: 1
type: string
required:
- realtime
- value
type: object
+ x-kubernetes-validations:
+ - message: '''resourcesDuration.*'' metrics cannot
+ be used in real-time gauges'
+ rule: '!has(self.realtime) || !self.realtime ||
+ !self.value.contains(''resourcesDuration.'')'
help:
description: Help is a string that describes the
metric
+ minLength: 1
type: string
histogram:
description: Histogram is a histogram metric
@@ -16150,6 +16312,7 @@ spec:
type: array
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- buckets
@@ -16162,6 +16325,7 @@ spec:
a prometheus metric
properties:
key:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
value:
type: string
@@ -16172,6 +16336,7 @@ spec:
type: array
name:
description: Name is the name of the metric
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
when:
description: When is a conditional statement that
@@ -16181,12 +16346,15 @@ spec:
- help
- name
type: object
+ maxItems: 100
type: array
required:
- prometheus
type: object
name:
description: Name is the name of the template
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
nodeSelector:
additionalProperties:
@@ -16942,10 +17110,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -17296,6 +17467,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1
+ : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
exitCode:
description: ExitCode holds the exit code of a script
@@ -17324,6 +17503,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -17332,6 +17512,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -17420,6 +17601,7 @@ spec:
boundaries of this template invocation. If additional steps/dag templates are invoked, the
pods created by those templates will not be counted towards this total.
format: int64
+ minimum: 1
type: integer
plugin:
description: |-
@@ -17443,6 +17625,13 @@ spec:
description: |-
Action is the action to perform to the resource.
Must be one of: get, create, apply, delete, replace, patch
+ enum:
+ - get
+ - create
+ - apply
+ - delete
+ - replace
+ - patch
type: string
failureCondition:
description: |-
@@ -18219,10 +18408,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -18584,6 +18776,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ?
+ 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
required:
- artifact
type: object
@@ -18591,6 +18791,10 @@ spec:
description: |-
MergeStrategy is the strategy used to merge a patch. It defaults to "strategic"
Must be one of: strategic, merge, json
+ enum:
+ - strategic
+ - merge
+ - json
type: string
setOwnerReference:
description: SetOwnerReference sets the reference to the
@@ -18604,6 +18808,11 @@ spec:
required:
- action
type: object
+ x-kubernetes-validations:
+ - message: only one of manifest or manifestFrom can be specified
+ rule: (has(self.manifest) && !has(self.manifestFrom)) ||
+ (!has(self.manifest) && has(self.manifestFrom)) || (!has(self.manifest)
+ && !has(self.manifestFrom))
retryStrategy:
description: RetryStrategy describes how to retry a template
when it fails
@@ -18663,6 +18872,11 @@ spec:
retryPolicy:
description: RetryPolicy is a policy of NodePhase statuses
that will be retried
+ enum:
+ - Always
+ - OnFailure
+ - OnError
+ - OnTransientError
type: string
type: object
schedulerName:
@@ -21808,8 +22022,9 @@ spec:
There isn't actually a "steps" key in the JSON serialization; this is an anonymous list.
See the custom Unmarshaller below and ./hack/manifests/crd.go
items:
- description: WorkflowStep is a reference to a template
- to execute in a series of step
+ description: |-
+ WorkflowStep is a reference to a template to execute in a series of step
+ Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
properties:
arguments:
description: Arguments hold arguments to the template
@@ -22593,10 +22808,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must
be unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if
@@ -22975,6 +23193,15 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can
+ be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -23003,6 +23230,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -23011,6 +23239,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -23942,11 +24171,14 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact.
must be unique within a template's
inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -24345,6 +24577,17 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location
+ can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0)
+ + (has(self.artifactory) ? 1 : 0)
+ + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0)
+ + (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 :
+ 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -24373,6 +24616,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -24382,6 +24626,7 @@ spec:
name:
description: Name is the parameter
name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -24507,6 +24752,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
name:
description: Name of the step
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
description: |-
@@ -24581,8 +24828,12 @@ spec:
(default: 0)'
x-kubernetes-int-or-string: true
type: object
+ x-kubernetes-validations:
+ - message: only one of count or end can be defined
+ rule: '!(has(self.count) && has(self.end))'
type: object
type: array
+ minItems: 1
type: array
suspend:
description: Suspend template subtype which can suspend a
@@ -26530,8 +26781,9 @@ spec:
type: array
type: object
templates:
- description: Templates is a list of workflow templates used in
- a workflow
+ description: |-
+ Templates is a list of workflow templates used in a workflow
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Template is a reusable and composable unit of execution
in a workflow
@@ -28454,6 +28706,14 @@ spec:
type: boolean
type: object
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0)
+ + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
automountServiceAccountToken:
description: |-
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods.
@@ -31472,10 +31732,13 @@ spec:
to execute in a DAG
type: string
tasks:
- description: Tasks are a list of DAG tasks
+ description: |-
+ Tasks are a list of DAG tasks
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
- description: DAGTask represents a node in the graph
- during DAG execution
+ description: |-
+ DAGTask represents a node in the graph during DAG execution
+ Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
properties:
arguments:
description: Arguments are the parameter and artifact
@@ -32300,10 +32563,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must
be unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -32695,6 +32961,17 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location
+ can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0)
+ + (has(self.artifactory) ? 1 : 0) +
+ (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) +
+ (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0)
+ <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -32723,6 +33000,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -32731,6 +33009,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -33716,11 +33995,14 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact.
must be unique within a template's
inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -34137,6 +34419,18 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location
+ can be specified
+ rule: '(has(self.s3) ? 1 : 0) +
+ (has(self.git) ? 1 : 0) + (has(self.http)
+ ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1
+ : 0) + (has(self.raw) ? 1 : 0)
+ + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ?
+ 1 : 0) + (has(self.plugin) ? 1
+ : 0) <= 1'
type: array
parameters:
description: Parameters is the list
@@ -34168,6 +34462,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -34177,6 +34472,7 @@ spec:
name:
description: Name is the parameter
name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -34308,6 +34604,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
name:
description: Name is the name of the target
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
description: |-
@@ -34382,9 +34680,23 @@ spec:
sequence (default: 0)'
x-kubernetes-int-or-string: true
type: object
+ x-kubernetes-validations:
+ - message: only one of count or end can be defined
+ rule: '!(has(self.count) && has(self.end))'
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: cannot use both 'depends' and 'dependencies'
+ rule: '!has(self.depends) || !has(self.dependencies)'
+ - message: cannot use 'continueOn' when using 'depends'
+ rule: '!has(self.depends) || !has(self.continueOn)'
+ - message: task name cannot begin with a digit when
+ using 'depends' or 'dependencies'
+ rule: '!(has(self.depends) || has(self.dependencies))
+ || !self.name.matches(''^[0-9]'')'
+ maxItems: 200
+ minItems: 1
type: array
required:
- tasks
@@ -35166,10 +35478,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -35535,6 +35850,15 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be
+ specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: object
transformation:
description: Transformation applies a set of transformations
@@ -37882,10 +38206,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -38247,10 +38574,19 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ?
+ 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
- description: Parameters are a list of parameters passed
- as inputs
+ description: |-
+ Parameters are a list of parameters passed as inputs
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Parameter indicate a passed string parameter
to a service template with an optional default value
@@ -38272,6 +38608,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -38280,6 +38617,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -38355,6 +38693,7 @@ spec:
required:
- name
type: object
+ maxItems: 500
type: array
type: object
memoize:
@@ -38412,8 +38751,9 @@ spec:
this template
properties:
prometheus:
- description: Prometheus is a list of prometheus metrics
- to be emitted
+ description: |-
+ Prometheus is a list of prometheus metrics to be emitted
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Prometheus is a prometheus metric to
be emitted
@@ -38423,6 +38763,7 @@ spec:
properties:
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- value
@@ -38434,6 +38775,10 @@ spec:
description: Operation defines the operation
to apply with value and the metrics' current
value
+ enum:
+ - Set
+ - Add
+ - Sub
type: string
realtime:
description: Realtime emits this metric in
@@ -38443,14 +38788,23 @@ spec:
description: |-
Value is the value to be used in the operation with the metric's current value. If no operation is set,
value is the value of the metric
+ MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
+ maxLength: 256
+ minLength: 1
type: string
required:
- realtime
- value
type: object
+ x-kubernetes-validations:
+ - message: '''resourcesDuration.*'' metrics cannot
+ be used in real-time gauges'
+ rule: '!has(self.realtime) || !self.realtime
+ || !self.value.contains(''resourcesDuration.'')'
help:
description: Help is a string that describes the
metric
+ minLength: 1
type: string
histogram:
description: Histogram is a histogram metric
@@ -38463,6 +38817,7 @@ spec:
type: array
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- buckets
@@ -38475,6 +38830,7 @@ spec:
a prometheus metric
properties:
key:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
value:
type: string
@@ -38485,6 +38841,7 @@ spec:
type: array
name:
description: Name is the name of the metric
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
when:
description: When is a conditional statement that
@@ -38494,12 +38851,15 @@ spec:
- help
- name
type: object
+ maxItems: 100
type: array
required:
- prometheus
type: object
name:
description: Name is the name of the template
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
nodeSelector:
additionalProperties:
@@ -39271,10 +39631,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -39636,6 +39999,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ?
+ 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
exitCode:
description: ExitCode holds the exit code of a script
@@ -39665,6 +40036,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -39673,6 +40045,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -39761,6 +40134,7 @@ spec:
boundaries of this template invocation. If additional steps/dag templates are invoked, the
pods created by those templates will not be counted towards this total.
format: int64
+ minimum: 1
type: integer
plugin:
description: |-
@@ -39785,6 +40159,13 @@ spec:
description: |-
Action is the action to perform to the resource.
Must be one of: get, create, apply, delete, replace, patch
+ enum:
+ - get
+ - create
+ - apply
+ - delete
+ - replace
+ - patch
type: string
failureCondition:
description: |-
@@ -40575,10 +40956,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -40944,6 +41328,15 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be
+ specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
required:
- artifact
type: object
@@ -40951,6 +41344,10 @@ spec:
description: |-
MergeStrategy is the strategy used to merge a patch. It defaults to "strategic"
Must be one of: strategic, merge, json
+ enum:
+ - strategic
+ - merge
+ - json
type: string
setOwnerReference:
description: SetOwnerReference sets the reference to
@@ -40964,6 +41361,11 @@ spec:
required:
- action
type: object
+ x-kubernetes-validations:
+ - message: only one of manifest or manifestFrom can be specified
+ rule: (has(self.manifest) && !has(self.manifestFrom))
+ || (!has(self.manifest) && has(self.manifestFrom)) ||
+ (!has(self.manifest) && !has(self.manifestFrom))
retryStrategy:
description: RetryStrategy describes how to retry a template
when it fails
@@ -41023,6 +41425,11 @@ spec:
retryPolicy:
description: RetryPolicy is a policy of NodePhase statuses
that will be retried
+ enum:
+ - Always
+ - OnFailure
+ - OnError
+ - OnTransientError
type: string
type: object
schedulerName:
@@ -44175,8 +44582,9 @@ spec:
There isn't actually a "steps" key in the JSON serialization; this is an anonymous list.
See the custom Unmarshaller below and ./hack/manifests/crd.go
items:
- description: WorkflowStep is a reference to a template
- to execute in a series of step
+ description: |-
+ WorkflowStep is a reference to a template to execute in a series of step
+ Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
properties:
arguments:
description: Arguments hold arguments to the template
@@ -44977,10 +45385,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must
be unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -45362,6 +45773,16 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can
+ be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) +
+ (has(self.artifactory) ? 1 : 0) + (has(self.hdfs)
+ ? 1 : 0) + (has(self.raw) ? 1 : 0) + (has(self.oss)
+ ? 1 : 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0)
+ <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -45390,6 +45811,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -45398,6 +45820,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -46347,11 +46770,14 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact.
must be unique within a template's
inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -46753,6 +47179,17 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location
+ can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 :
+ 0) + (has(self.artifactory) ? 1
+ : 0) + (has(self.hdfs) ? 1 : 0)
+ + (has(self.raw) ? 1 : 0) + (has(self.oss)
+ ? 1 : 0) + (has(self.gcs) ? 1 :
+ 0) + (has(self.azure) ? 1 : 0) +
+ (has(self.plugin) ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of
@@ -46782,6 +47219,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -46791,6 +47229,7 @@ spec:
name:
description: Name is the parameter
name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -46919,6 +47358,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
name:
description: Name of the step
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
description: |-
@@ -46994,8 +47435,12 @@ spec:
(default: 0)'
x-kubernetes-int-or-string: true
type: object
+ x-kubernetes-validations:
+ - message: only one of count or end can be defined
+ rule: '!(has(self.count) && has(self.end))'
type: object
type: array
+ minItems: 1
type: array
suspend:
description: Suspend template subtype which can suspend
@@ -48954,7 +49399,21 @@ spec:
type: object
type: array
type: object
+ maxItems: 200
type: array
+ x-kubernetes-validations:
+ - message: template must have at most one template type
+ rule: 'self.all(t, (has(t.container) ? 1 : 0) + (has(t.script)
+ ? 1 : 0) + (has(t.dag) ? 1 : 0) + (has(t.steps) ? 1 : 0) +
+ (has(t.resource) ? 1 : 0) + (has(t.suspend) ? 1 : 0) + (has(t.containerSet)
+ ? 1 : 0) + (has(t.data) ? 1 : 0) + (has(t.http) ? 1 : 0) +
+ (has(t.plugin) ? 1 : 0) <= 1)'
+ - message: timeout cannot be applied to steps or dag templates
+ rule: self.all(t, !(has(t.timeout) && t.timeout != "" && (has(t.steps)
+ || has(t.dag))))
+ - message: activeDeadlineSeconds is only valid for leaf templates
+ rule: self.all(t, !(has(t.activeDeadlineSeconds) && (has(t.steps)
+ || has(t.dag))))
tolerations:
description: Tolerations to apply to workflow pods.
items:
@@ -51317,6 +51776,7 @@ spec:
type: object
type: object
required:
+ - schedules
- workflowSpec
type: object
status:
diff --git a/manifests/base/crds/full/argoproj.io_workflowartifactgctasks.yaml b/manifests/base/crds/full/argoproj.io_workflowartifactgctasks.yaml
index 8e75c2b1d486..e07feeb039a1 100644
--- a/manifests/base/crds/full/argoproj.io_workflowartifactgctasks.yaml
+++ b/manifests/base/crds/full/argoproj.io_workflowartifactgctasks.yaml
@@ -1732,10 +1732,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
diff --git a/manifests/base/crds/full/argoproj.io_workfloweventbindings.yaml b/manifests/base/crds/full/argoproj.io_workfloweventbindings.yaml
index bd63a83bee81..526f2c835388 100644
--- a/manifests/base/crds/full/argoproj.io_workfloweventbindings.yaml
+++ b/manifests/base/crds/full/argoproj.io_workfloweventbindings.yaml
@@ -789,10 +789,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
@@ -1135,6 +1138,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0)
+ + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters to pass
@@ -1159,6 +1170,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -1167,6 +1179,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
diff --git a/manifests/base/crds/full/argoproj.io_workflows.yaml b/manifests/base/crds/full/argoproj.io_workflows.yaml
index 57187f8ba9a1..f4ee0eb21fb5 100644
--- a/manifests/base/crds/full/argoproj.io_workflows.yaml
+++ b/manifests/base/crds/full/argoproj.io_workflows.yaml
@@ -1707,10 +1707,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
@@ -2046,6 +2049,13 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) +
+ (has(self.http) ? 1 : 0) + (has(self.artifactory) ? 1 :
+ 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw) ? 1 : 0)
+ + (has(self.oss) ? 1 : 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters to pass to the
@@ -2070,6 +2080,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -2078,6 +2089,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -3020,10 +3032,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -3370,6 +3385,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 :
+ 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters to pass
@@ -3394,6 +3417,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -3402,6 +3426,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -3558,8 +3583,9 @@ spec:
description: Metrics are a list of metrics emitted from this Workflow
properties:
prometheus:
- description: Prometheus is a list of prometheus metrics to be
- emitted
+ description: |-
+ Prometheus is a list of prometheus metrics to be emitted
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Prometheus is a prometheus metric to be emitted
properties:
@@ -3568,6 +3594,7 @@ spec:
properties:
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- value
@@ -3578,6 +3605,10 @@ spec:
operation:
description: Operation defines the operation to apply
with value and the metrics' current value
+ enum:
+ - Set
+ - Add
+ - Sub
type: string
realtime:
description: Realtime emits this metric in real time
@@ -3587,13 +3618,21 @@ spec:
description: |-
Value is the value to be used in the operation with the metric's current value. If no operation is set,
value is the value of the metric
+ MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
+ maxLength: 256
+ minLength: 1
type: string
required:
- realtime
- value
type: object
+ x-kubernetes-validations:
+ - message: '''resourcesDuration.*'' metrics cannot be used
+ in real-time gauges'
+ rule: '!has(self.realtime) || !self.realtime || !self.value.contains(''resourcesDuration.'')'
help:
description: Help is a string that describes the metric
+ minLength: 1
type: string
histogram:
description: Histogram is a histogram metric
@@ -3606,6 +3645,7 @@ spec:
type: array
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- buckets
@@ -3618,6 +3658,7 @@ spec:
metric
properties:
key:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
value:
type: string
@@ -3628,6 +3669,7 @@ spec:
type: array
name:
description: Name is the name of the metric
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
when:
description: When is a conditional statement that decides
@@ -3637,6 +3679,7 @@ spec:
- help
- name
type: object
+ maxItems: 100
type: array
required:
- prometheus
@@ -3659,6 +3702,7 @@ spec:
description: Parallelism limits the max total parallel pods that can
execute at the same time in a workflow
format: int64
+ minimum: 1
type: integer
podDisruptionBudget:
description: |-
@@ -3821,6 +3865,12 @@ spec:
description: Strategy is the strategy to use. One of "OnPodCompletion",
"OnPodSuccess", "OnWorkflowCompletion", "OnWorkflowSuccess".
If unset, does not delete Pods
+ enum:
+ - ""
+ - OnPodCompletion
+ - OnPodSuccess
+ - OnWorkflowCompletion
+ - OnWorkflowSuccess
type: string
type: object
podMetadata:
@@ -3907,6 +3957,11 @@ spec:
retryPolicy:
description: RetryPolicy is a policy of NodePhase statuses that
will be retried
+ enum:
+ - Always
+ - OnFailure
+ - OnError
+ - OnTransientError
type: string
type: object
schedulerName:
@@ -5204,6 +5259,13 @@ spec:
type: boolean
type: object
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) + (has(self.http)
+ ? 1 : 0) + (has(self.artifactory) ? 1 : 0) + (has(self.hdfs)
+ ? 1 : 0) + (has(self.raw) ? 1 : 0) + (has(self.oss) ? 1 :
+ 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure) ? 1 : 0) +
+ (has(self.plugin) ? 1 : 0) <= 1'
automountServiceAccountToken:
type: boolean
container:
@@ -7020,8 +7082,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -7203,6 +7268,15 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be
+ specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
items:
@@ -7214,10 +7288,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -7674,8 +7750,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -7857,6 +7936,17 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location
+ can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0)
+ + (has(self.artifactory) ? 1 : 0) +
+ (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) +
+ (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0)
+ <= 1'
type: array
parameters:
items:
@@ -7868,10 +7958,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -7930,6 +8022,8 @@ spec:
inline:
x-kubernetes-preserve-unknown-fields: true
name:
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
type: string
@@ -7970,9 +8064,23 @@ spec:
- type: string
x-kubernetes-int-or-string: true
type: object
+ x-kubernetes-validations:
+ - message: only one of count or end can be defined
+ rule: '!(has(self.count) && has(self.end))'
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: cannot use both 'depends' and 'dependencies'
+ rule: '!has(self.depends) || !has(self.dependencies)'
+ - message: cannot use 'continueOn' when using 'depends'
+ rule: '!has(self.depends) || !has(self.continueOn)'
+ - message: task name cannot begin with a digit when using
+ 'depends' or 'dependencies'
+ rule: '!(has(self.depends) || has(self.dependencies))
+ || !self.name.matches(''^[0-9]'')'
+ maxItems: 200
+ minItems: 1
type: array
required:
- tasks
@@ -8378,8 +8486,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -8561,6 +8672,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 :
+ 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: object
transformation:
items:
@@ -9731,8 +9850,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -9914,6 +10036,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0)
+ + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
items:
@@ -9925,10 +10055,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -9967,6 +10099,7 @@ spec:
required:
- name
type: object
+ maxItems: 500
type: array
type: object
memoize:
@@ -10011,6 +10144,7 @@ spec:
counter:
properties:
value:
+ minLength: 1
type: string
required:
- value
@@ -10018,16 +10152,27 @@ spec:
gauge:
properties:
operation:
+ enum:
+ - Set
+ - Add
+ - Sub
type: string
realtime:
type: boolean
value:
+ maxLength: 256
+ minLength: 1
type: string
required:
- realtime
- value
type: object
+ x-kubernetes-validations:
+ - message: '''resourcesDuration.*'' metrics cannot be
+ used in real-time gauges'
+ rule: '!has(self.realtime) || !self.realtime || !self.value.contains(''resourcesDuration.'')'
help:
+ minLength: 1
type: string
histogram:
properties:
@@ -10036,6 +10181,7 @@ spec:
type: number
type: array
value:
+ minLength: 1
type: string
required:
- buckets
@@ -10045,6 +10191,7 @@ spec:
items:
properties:
key:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
value:
type: string
@@ -10054,6 +10201,7 @@ spec:
type: object
type: array
name:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
when:
type: string
@@ -10061,11 +10209,14 @@ spec:
- help
- name
type: object
+ maxItems: 100
type: array
required:
- prometheus
type: object
name:
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
nodeSelector:
additionalProperties:
@@ -10471,8 +10622,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -10654,6 +10808,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0)
+ + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
exitCode:
type: string
@@ -10667,10 +10829,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -10715,6 +10879,7 @@ spec:
type: object
parallelism:
format: int64
+ minimum: 1
type: integer
plugin:
type: object
@@ -10726,6 +10891,13 @@ spec:
resource:
properties:
action:
+ enum:
+ - get
+ - create
+ - apply
+ - delete
+ - replace
+ - patch
type: string
failureCondition:
type: string
@@ -11134,8 +11306,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -11317,10 +11492,22 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 :
+ 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
required:
- artifact
type: object
mergeStrategy:
+ enum:
+ - strategic
+ - merge
+ - json
type: string
setOwnerReference:
type: boolean
@@ -11329,6 +11516,10 @@ spec:
required:
- action
type: object
+ x-kubernetes-validations:
+ - message: only one of manifest or manifestFrom can be specified
+ rule: (has(self.manifest) && !has(self.manifestFrom)) || (!has(self.manifest)
+ && has(self.manifestFrom)) || (!has(self.manifest) && !has(self.manifestFrom))
retryStrategy:
properties:
affinity:
@@ -11358,6 +11549,11 @@ spec:
- type: string
x-kubernetes-int-or-string: true
retryPolicy:
+ enum:
+ - Always
+ - OnFailure
+ - OnError
+ - OnTransientError
type: string
type: object
schedulerName:
@@ -13211,8 +13407,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -13394,6 +13593,15 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be
+ specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
items:
@@ -13405,10 +13613,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -13859,8 +14069,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -14042,6 +14255,16 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can
+ be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) +
+ (has(self.artifactory) ? 1 : 0) + (has(self.hdfs)
+ ? 1 : 0) + (has(self.raw) ? 1 : 0) + (has(self.oss)
+ ? 1 : 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0)
+ <= 1'
type: array
parameters:
items:
@@ -14053,10 +14276,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -14115,6 +14340,8 @@ spec:
inline:
x-kubernetes-preserve-unknown-fields: true
name:
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
type: string
@@ -14155,8 +14382,12 @@ spec:
- type: string
x-kubernetes-int-or-string: true
type: object
+ x-kubernetes-validations:
+ - message: only one of count or end can be defined
+ rule: '!(has(self.count) && has(self.end))'
type: object
type: array
+ minItems: 1
type: array
suspend:
properties:
@@ -15024,7 +15255,9 @@ spec:
type: array
type: object
templates:
- description: Templates is a list of workflow templates used in a workflow
+ description: |-
+ Templates is a list of workflow templates used in a workflow
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Template is a reusable and composable unit of execution
in a workflow
@@ -16926,6 +17159,13 @@ spec:
type: boolean
type: object
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) +
+ (has(self.http) ? 1 : 0) + (has(self.artifactory) ? 1 :
+ 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw) ? 1 : 0)
+ + (has(self.oss) ? 1 : 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0) <= 1'
automountServiceAccountToken:
description: |-
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods.
@@ -19923,10 +20163,13 @@ spec:
execute in a DAG
type: string
tasks:
- description: Tasks are a list of DAG tasks
+ description: |-
+ Tasks are a list of DAG tasks
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
- description: DAGTask represents a node in the graph during
- DAG execution
+ description: |-
+ DAGTask represents a node in the graph during DAG execution
+ Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
properties:
arguments:
description: Arguments are the parameter and artifact
@@ -20711,10 +20954,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must
be unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if
@@ -21093,6 +21339,15 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can
+ be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -21121,6 +21376,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -21129,6 +21385,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -22070,11 +22327,14 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact.
must be unique within a template's
inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -22473,6 +22733,17 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location
+ can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0)
+ + (has(self.artifactory) ? 1 : 0)
+ + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0)
+ + (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 :
+ 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -22501,6 +22772,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -22510,6 +22782,7 @@ spec:
name:
description: Name is the parameter
name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -22634,6 +22907,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
name:
description: Name is the name of the target
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
description: |-
@@ -22707,9 +22982,23 @@ spec:
(default: 0)'
x-kubernetes-int-or-string: true
type: object
+ x-kubernetes-validations:
+ - message: only one of count or end can be defined
+ rule: '!(has(self.count) && has(self.end))'
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: cannot use both 'depends' and 'dependencies'
+ rule: '!has(self.depends) || !has(self.dependencies)'
+ - message: cannot use 'continueOn' when using 'depends'
+ rule: '!has(self.depends) || !has(self.continueOn)'
+ - message: task name cannot begin with a digit when using
+ 'depends' or 'dependencies'
+ rule: '!(has(self.depends) || has(self.dependencies))
+ || !self.name.matches(''^[0-9]'')'
+ maxItems: 200
+ minItems: 1
type: array
required:
- tasks
@@ -23460,10 +23749,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -23814,6 +24106,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1
+ : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: object
transformation:
description: Transformation applies a set of transformations
@@ -26129,10 +26429,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -26479,10 +26782,19 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 :
+ 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
- description: Parameters are a list of parameters passed
- as inputs
+ description: |-
+ Parameters are a list of parameters passed as inputs
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Parameter indicate a passed string parameter
to a service template with an optional default value
@@ -26503,6 +26815,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -26511,6 +26824,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -26585,6 +26899,7 @@ spec:
required:
- name
type: object
+ maxItems: 500
type: array
type: object
memoize:
@@ -26642,8 +26957,9 @@ spec:
template
properties:
prometheus:
- description: Prometheus is a list of prometheus metrics
- to be emitted
+ description: |-
+ Prometheus is a list of prometheus metrics to be emitted
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Prometheus is a prometheus metric to be emitted
properties:
@@ -26652,6 +26968,7 @@ spec:
properties:
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- value
@@ -26662,6 +26979,10 @@ spec:
operation:
description: Operation defines the operation to
apply with value and the metrics' current value
+ enum:
+ - Set
+ - Add
+ - Sub
type: string
realtime:
description: Realtime emits this metric in real
@@ -26671,13 +26992,22 @@ spec:
description: |-
Value is the value to be used in the operation with the metric's current value. If no operation is set,
value is the value of the metric
+ MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
+ maxLength: 256
+ minLength: 1
type: string
required:
- realtime
- value
type: object
+ x-kubernetes-validations:
+ - message: '''resourcesDuration.*'' metrics cannot
+ be used in real-time gauges'
+ rule: '!has(self.realtime) || !self.realtime ||
+ !self.value.contains(''resourcesDuration.'')'
help:
description: Help is a string that describes the metric
+ minLength: 1
type: string
histogram:
description: Histogram is a histogram metric
@@ -26690,6 +27020,7 @@ spec:
type: array
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- buckets
@@ -26702,6 +27033,7 @@ spec:
prometheus metric
properties:
key:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
value:
type: string
@@ -26712,6 +27044,7 @@ spec:
type: array
name:
description: Name is the name of the metric
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
when:
description: When is a conditional statement that
@@ -26721,12 +27054,15 @@ spec:
- help
- name
type: object
+ maxItems: 100
type: array
required:
- prometheus
type: object
name:
description: Name is the name of the template
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
nodeSelector:
additionalProperties:
@@ -27476,10 +27812,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -27826,6 +28165,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 :
+ 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
exitCode:
description: ExitCode holds the exit code of a script template
@@ -27853,6 +28200,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -27861,6 +28209,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -27948,6 +28297,7 @@ spec:
boundaries of this template invocation. If additional steps/dag templates are invoked, the
pods created by those templates will not be counted towards this total.
format: int64
+ minimum: 1
type: integer
plugin:
description: |-
@@ -27971,6 +28321,13 @@ spec:
description: |-
Action is the action to perform to the resource.
Must be one of: get, create, apply, delete, replace, patch
+ enum:
+ - get
+ - create
+ - apply
+ - delete
+ - replace
+ - patch
type: string
failureCondition:
description: |-
@@ -28731,10 +29088,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -29085,6 +29445,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1
+ : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
required:
- artifact
type: object
@@ -29092,6 +29460,10 @@ spec:
description: |-
MergeStrategy is the strategy used to merge a patch. It defaults to "strategic"
Must be one of: strategic, merge, json
+ enum:
+ - strategic
+ - merge
+ - json
type: string
setOwnerReference:
description: SetOwnerReference sets the reference to the
@@ -29105,6 +29477,10 @@ spec:
required:
- action
type: object
+ x-kubernetes-validations:
+ - message: only one of manifest or manifestFrom can be specified
+ rule: (has(self.manifest) && !has(self.manifestFrom)) || (!has(self.manifest)
+ && has(self.manifestFrom)) || (!has(self.manifest) && !has(self.manifestFrom))
retryStrategy:
description: RetryStrategy describes how to retry a template
when it fails
@@ -29164,6 +29540,11 @@ spec:
retryPolicy:
description: RetryPolicy is a policy of NodePhase statuses
that will be retried
+ enum:
+ - Always
+ - OnFailure
+ - OnError
+ - OnTransientError
type: string
type: object
schedulerName:
@@ -32301,8 +32682,9 @@ spec:
There isn't actually a "steps" key in the JSON serialization; this is an anonymous list.
See the custom Unmarshaller below and ./hack/manifests/crd.go
items:
- description: WorkflowStep is a reference to a template to
- execute in a series of step
+ description: |-
+ WorkflowStep is a reference to a template to execute in a series of step
+ Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
properties:
arguments:
description: Arguments hold arguments to the template
@@ -33083,10 +33465,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be
unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -33458,6 +33843,15 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be
+ specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -33486,6 +33880,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -33494,6 +33889,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -34409,10 +34805,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must
be unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -34804,6 +35203,17 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location
+ can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0)
+ + (has(self.artifactory) ? 1 : 0) +
+ (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) +
+ (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0)
+ <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -34832,6 +35242,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -34840,6 +35251,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -34964,6 +35376,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
name:
description: Name of the step
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
description: |-
@@ -35037,8 +35451,12 @@ spec:
(default: 0)'
x-kubernetes-int-or-string: true
type: object
+ x-kubernetes-validations:
+ - message: only one of count or end can be defined
+ rule: '!(has(self.count) && has(self.end))'
type: object
type: array
+ minItems: 1
type: array
suspend:
description: Suspend template subtype which can suspend a workflow
@@ -36982,7 +37400,21 @@ spec:
type: object
type: array
type: object
+ maxItems: 200
type: array
+ x-kubernetes-validations:
+ - message: template must have at most one template type
+ rule: 'self.all(t, (has(t.container) ? 1 : 0) + (has(t.script) ?
+ 1 : 0) + (has(t.dag) ? 1 : 0) + (has(t.steps) ? 1 : 0) + (has(t.resource)
+ ? 1 : 0) + (has(t.suspend) ? 1 : 0) + (has(t.containerSet) ? 1
+ : 0) + (has(t.data) ? 1 : 0) + (has(t.http) ? 1 : 0) + (has(t.plugin)
+ ? 1 : 0) <= 1)'
+ - message: timeout cannot be applied to steps or dag templates
+ rule: self.all(t, !(has(t.timeout) && t.timeout != "" && (has(t.steps)
+ || has(t.dag))))
+ - message: activeDeadlineSeconds is only valid for leaf templates
+ rule: self.all(t, !(has(t.activeDeadlineSeconds) && (has(t.steps)
+ || has(t.dag))))
tolerations:
description: Tolerations to apply to workflow pods.
items:
@@ -40103,8 +40535,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -40297,10 +40732,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -40339,6 +40776,7 @@ spec:
required:
- name
type: object
+ maxItems: 500
type: array
type: object
memoizationStatus:
@@ -40769,8 +41207,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -40965,10 +41406,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -41455,8 +41898,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -41651,10 +42097,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -45297,8 +45745,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -45491,10 +45942,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -45951,8 +46404,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -46145,10 +46601,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -46207,6 +46665,8 @@ spec:
inline:
x-kubernetes-preserve-unknown-fields: true
name:
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
type: string
@@ -46250,6 +46710,8 @@ spec:
required:
- name
type: object
+ maxItems: 200
+ minItems: 1
type: array
required:
- tasks
@@ -46655,8 +47117,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -48008,8 +48473,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -48202,10 +48670,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -48244,6 +48714,7 @@ spec:
required:
- name
type: object
+ maxItems: 500
type: array
type: object
memoize:
@@ -48288,6 +48759,7 @@ spec:
counter:
properties:
value:
+ minLength: 1
type: string
required:
- value
@@ -48295,16 +48767,23 @@ spec:
gauge:
properties:
operation:
+ enum:
+ - Set
+ - Add
+ - Sub
type: string
realtime:
type: boolean
value:
+ maxLength: 256
+ minLength: 1
type: string
required:
- realtime
- value
type: object
help:
+ minLength: 1
type: string
histogram:
properties:
@@ -48313,6 +48792,7 @@ spec:
type: number
type: array
value:
+ minLength: 1
type: string
required:
- buckets
@@ -48322,6 +48802,7 @@ spec:
items:
properties:
key:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
value:
type: string
@@ -48331,6 +48812,7 @@ spec:
type: object
type: array
name:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
when:
type: string
@@ -48338,11 +48820,14 @@ spec:
- help
- name
type: object
+ maxItems: 100
type: array
required:
- prometheus
type: object
name:
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
nodeSelector:
additionalProperties:
@@ -48748,8 +49233,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -48944,10 +49432,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -48992,6 +49482,7 @@ spec:
type: object
parallelism:
format: int64
+ minimum: 1
type: integer
plugin:
type: object
@@ -49003,6 +49494,13 @@ spec:
resource:
properties:
action:
+ enum:
+ - get
+ - create
+ - apply
+ - delete
+ - replace
+ - patch
type: string
failureCondition:
type: string
@@ -49411,8 +49909,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -49598,6 +50099,10 @@ spec:
- artifact
type: object
mergeStrategy:
+ enum:
+ - strategic
+ - merge
+ - json
type: string
setOwnerReference:
type: boolean
@@ -49635,6 +50140,11 @@ spec:
- type: string
x-kubernetes-int-or-string: true
retryPolicy:
+ enum:
+ - Always
+ - OnFailure
+ - OnError
+ - OnTransientError
type: string
type: object
schedulerName:
@@ -51488,8 +51998,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -51682,10 +52195,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -52136,8 +52651,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -52330,10 +52848,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -52392,6 +52912,8 @@ spec:
inline:
x-kubernetes-preserve-unknown-fields: true
name:
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
type: string
@@ -52434,6 +52956,7 @@ spec:
type: object
type: object
type: array
+ minItems: 1
type: array
suspend:
properties:
@@ -54147,8 +54670,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -54341,10 +54867,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -54856,8 +55384,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -55050,10 +55581,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -55142,6 +55675,7 @@ spec:
counter:
properties:
value:
+ minLength: 1
type: string
required:
- value
@@ -55149,16 +55683,23 @@ spec:
gauge:
properties:
operation:
+ enum:
+ - Set
+ - Add
+ - Sub
type: string
realtime:
type: boolean
value:
+ maxLength: 256
+ minLength: 1
type: string
required:
- realtime
- value
type: object
help:
+ minLength: 1
type: string
histogram:
properties:
@@ -55167,6 +55708,7 @@ spec:
type: number
type: array
value:
+ minLength: 1
type: string
required:
- buckets
@@ -55176,6 +55718,7 @@ spec:
items:
properties:
key:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
value:
type: string
@@ -55185,6 +55728,7 @@ spec:
type: object
type: array
name:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
when:
type: string
@@ -55192,6 +55736,7 @@ spec:
- help
- name
type: object
+ maxItems: 100
type: array
required:
- prometheus
@@ -55204,6 +55749,7 @@ spec:
type: string
parallelism:
format: int64
+ minimum: 1
type: integer
podDisruptionBudget:
properties:
@@ -55277,6 +55823,12 @@ spec:
type: object
x-kubernetes-map-type: atomic
strategy:
+ enum:
+ - ""
+ - OnPodCompletion
+ - OnPodSuccess
+ - OnWorkflowCompletion
+ - OnWorkflowSuccess
type: string
type: object
podMetadata:
@@ -55326,6 +55878,11 @@ spec:
- type: string
x-kubernetes-int-or-string: true
retryPolicy:
+ enum:
+ - Always
+ - OnFailure
+ - OnError
+ - OnTransientError
type: string
type: object
schedulerName:
@@ -58243,8 +58800,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -58437,10 +58997,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -58897,8 +59459,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -59091,10 +59656,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -59153,6 +59720,8 @@ spec:
inline:
x-kubernetes-preserve-unknown-fields: true
name:
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
type: string
@@ -59196,6 +59765,8 @@ spec:
required:
- name
type: object
+ maxItems: 200
+ minItems: 1
type: array
required:
- tasks
@@ -59601,8 +60172,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -60954,8 +61528,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -61148,10 +61725,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -61190,6 +61769,7 @@ spec:
required:
- name
type: object
+ maxItems: 500
type: array
type: object
memoize:
@@ -61234,6 +61814,7 @@ spec:
counter:
properties:
value:
+ minLength: 1
type: string
required:
- value
@@ -61241,16 +61822,23 @@ spec:
gauge:
properties:
operation:
+ enum:
+ - Set
+ - Add
+ - Sub
type: string
realtime:
type: boolean
value:
+ maxLength: 256
+ minLength: 1
type: string
required:
- realtime
- value
type: object
help:
+ minLength: 1
type: string
histogram:
properties:
@@ -61259,6 +61847,7 @@ spec:
type: number
type: array
value:
+ minLength: 1
type: string
required:
- buckets
@@ -61268,6 +61857,7 @@ spec:
items:
properties:
key:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
value:
type: string
@@ -61277,6 +61867,7 @@ spec:
type: object
type: array
name:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
when:
type: string
@@ -61284,11 +61875,14 @@ spec:
- help
- name
type: object
+ maxItems: 100
type: array
required:
- prometheus
type: object
name:
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
nodeSelector:
additionalProperties:
@@ -61694,8 +62288,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -61890,10 +62487,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -61938,6 +62537,7 @@ spec:
type: object
parallelism:
format: int64
+ minimum: 1
type: integer
plugin:
type: object
@@ -61949,6 +62549,13 @@ spec:
resource:
properties:
action:
+ enum:
+ - get
+ - create
+ - apply
+ - delete
+ - replace
+ - patch
type: string
failureCondition:
type: string
@@ -62357,8 +62964,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -62544,6 +63154,10 @@ spec:
- artifact
type: object
mergeStrategy:
+ enum:
+ - strategic
+ - merge
+ - json
type: string
setOwnerReference:
type: boolean
@@ -62581,6 +63195,11 @@ spec:
- type: string
x-kubernetes-int-or-string: true
retryPolicy:
+ enum:
+ - Always
+ - OnFailure
+ - OnError
+ - OnTransientError
type: string
type: object
schedulerName:
@@ -64434,8 +65053,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -64628,10 +65250,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -65082,8 +65706,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -65276,10 +65903,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -65338,6 +65967,8 @@ spec:
inline:
x-kubernetes-preserve-unknown-fields: true
name:
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
type: string
@@ -65380,6 +66011,7 @@ spec:
type: object
type: object
type: array
+ minItems: 1
type: array
suspend:
properties:
@@ -69034,8 +69666,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -69228,10 +69863,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -69688,8 +70325,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -69882,10 +70522,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -69944,6 +70586,8 @@ spec:
inline:
x-kubernetes-preserve-unknown-fields: true
name:
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
type: string
@@ -69987,6 +70631,8 @@ spec:
required:
- name
type: object
+ maxItems: 200
+ minItems: 1
type: array
required:
- tasks
@@ -70392,8 +71038,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -71745,8 +72394,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -71939,10 +72591,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -71981,6 +72635,7 @@ spec:
required:
- name
type: object
+ maxItems: 500
type: array
type: object
memoize:
@@ -72025,6 +72680,7 @@ spec:
counter:
properties:
value:
+ minLength: 1
type: string
required:
- value
@@ -72032,16 +72688,23 @@ spec:
gauge:
properties:
operation:
+ enum:
+ - Set
+ - Add
+ - Sub
type: string
realtime:
type: boolean
value:
+ maxLength: 256
+ minLength: 1
type: string
required:
- realtime
- value
type: object
help:
+ minLength: 1
type: string
histogram:
properties:
@@ -72050,6 +72713,7 @@ spec:
type: number
type: array
value:
+ minLength: 1
type: string
required:
- buckets
@@ -72059,6 +72723,7 @@ spec:
items:
properties:
key:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
value:
type: string
@@ -72068,6 +72733,7 @@ spec:
type: object
type: array
name:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
when:
type: string
@@ -72075,11 +72741,14 @@ spec:
- help
- name
type: object
+ maxItems: 100
type: array
required:
- prometheus
type: object
name:
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
nodeSelector:
additionalProperties:
@@ -72485,8 +73154,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -72681,10 +73353,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -72729,6 +73403,7 @@ spec:
type: object
parallelism:
format: int64
+ minimum: 1
type: integer
plugin:
type: object
@@ -72740,6 +73415,13 @@ spec:
resource:
properties:
action:
+ enum:
+ - get
+ - create
+ - apply
+ - delete
+ - replace
+ - patch
type: string
failureCondition:
type: string
@@ -73148,8 +73830,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -73335,6 +74020,10 @@ spec:
- artifact
type: object
mergeStrategy:
+ enum:
+ - strategic
+ - merge
+ - json
type: string
setOwnerReference:
type: boolean
@@ -73372,6 +74061,11 @@ spec:
- type: string
x-kubernetes-int-or-string: true
retryPolicy:
+ enum:
+ - Always
+ - OnFailure
+ - OnError
+ - OnTransientError
type: string
type: object
schedulerName:
@@ -75225,8 +75919,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -75419,10 +76116,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -75873,8 +76572,11 @@ spec:
type: object
mode:
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
type: boolean
@@ -76067,10 +76769,12 @@ spec:
enum:
items:
type: string
+ minItems: 1
type: array
globalName:
type: string
name:
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
type: string
@@ -76129,6 +76833,8 @@ spec:
inline:
x-kubernetes-preserve-unknown-fields: true
name:
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
type: string
@@ -76171,6 +76877,7 @@ spec:
type: object
type: object
type: array
+ minItems: 1
type: array
suspend:
properties:
@@ -77037,6 +77744,7 @@ spec:
type: object
type: array
type: object
+ maxItems: 200
type: array
tolerations:
items:
diff --git a/manifests/base/crds/full/argoproj.io_workflowtaskresults.yaml b/manifests/base/crds/full/argoproj.io_workflowtaskresults.yaml
index f079f7ed7cef..fc2e12e37a21 100644
--- a/manifests/base/crds/full/argoproj.io_workflowtaskresults.yaml
+++ b/manifests/base/crds/full/argoproj.io_workflowtaskresults.yaml
@@ -762,10 +762,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within a template's
inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't generate
@@ -1096,6 +1099,13 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) + (has(self.http)
+ ? 1 : 0) + (has(self.artifactory) ? 1 : 0) + (has(self.hdfs)
+ ? 1 : 0) + (has(self.raw) ? 1 : 0) + (has(self.oss) ? 1 : 0)
+ + (has(self.gcs) ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
exitCode:
description: ExitCode holds the exit code of a script template
@@ -1123,6 +1133,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -1131,6 +1142,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
diff --git a/manifests/base/crds/full/argoproj.io_workflowtasksets.yaml b/manifests/base/crds/full/argoproj.io_workflowtasksets.yaml
index 29ff3cc052ce..11912cc48913 100644
--- a/manifests/base/crds/full/argoproj.io_workflowtasksets.yaml
+++ b/manifests/base/crds/full/argoproj.io_workflowtasksets.yaml
@@ -4938,10 +4938,13 @@ spec:
execute in a DAG
type: string
tasks:
- description: Tasks are a list of DAG tasks
+ description: |-
+ Tasks are a list of DAG tasks
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
- description: DAGTask represents a node in the graph during
- DAG execution
+ description: |-
+ DAGTask represents a node in the graph during DAG execution
+ Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
properties:
arguments:
description: Arguments are the parameter and artifact
@@ -5726,10 +5729,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must
be unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if
@@ -6136,6 +6142,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -6144,6 +6151,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -7085,11 +7093,14 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact.
must be unique within a template's
inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -7516,6 +7527,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -7525,6 +7537,7 @@ spec:
name:
description: Name is the parameter
name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -7649,6 +7662,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
name:
description: Name is the name of the target
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
description: |-
@@ -7725,6 +7740,8 @@ spec:
required:
- name
type: object
+ maxItems: 200
+ minItems: 1
type: array
required:
- tasks
@@ -8475,10 +8492,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -11144,10 +11164,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -11496,8 +11519,9 @@ spec:
type: object
type: array
parameters:
- description: Parameters are a list of parameters passed
- as inputs
+ description: |-
+ Parameters are a list of parameters passed as inputs
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Parameter indicate a passed string parameter
to a service template with an optional default value
@@ -11518,6 +11542,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -11526,6 +11551,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -11600,6 +11626,7 @@ spec:
required:
- name
type: object
+ maxItems: 500
type: array
type: object
memoize:
@@ -11657,8 +11684,9 @@ spec:
template
properties:
prometheus:
- description: Prometheus is a list of prometheus metrics
- to be emitted
+ description: |-
+ Prometheus is a list of prometheus metrics to be emitted
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Prometheus is a prometheus metric to be emitted
properties:
@@ -11667,6 +11695,7 @@ spec:
properties:
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- value
@@ -11677,6 +11706,10 @@ spec:
operation:
description: Operation defines the operation to
apply with value and the metrics' current value
+ enum:
+ - Set
+ - Add
+ - Sub
type: string
realtime:
description: Realtime emits this metric in real
@@ -11686,6 +11719,9 @@ spec:
description: |-
Value is the value to be used in the operation with the metric's current value. If no operation is set,
value is the value of the metric
+ MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
+ maxLength: 256
+ minLength: 1
type: string
required:
- realtime
@@ -11693,6 +11729,7 @@ spec:
type: object
help:
description: Help is a string that describes the metric
+ minLength: 1
type: string
histogram:
description: Histogram is a histogram metric
@@ -11705,6 +11742,7 @@ spec:
type: array
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- buckets
@@ -11717,6 +11755,7 @@ spec:
prometheus metric
properties:
key:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
value:
type: string
@@ -11727,6 +11766,7 @@ spec:
type: array
name:
description: Name is the name of the metric
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
when:
description: When is a conditional statement that
@@ -11736,12 +11776,15 @@ spec:
- help
- name
type: object
+ maxItems: 100
type: array
required:
- prometheus
type: object
name:
description: Name is the name of the template
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
nodeSelector:
additionalProperties:
@@ -12491,10 +12534,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -12868,6 +12914,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -12876,6 +12923,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -12963,6 +13011,7 @@ spec:
boundaries of this template invocation. If additional steps/dag templates are invoked, the
pods created by those templates will not be counted towards this total.
format: int64
+ minimum: 1
type: integer
plugin:
description: |-
@@ -12986,6 +13035,13 @@ spec:
description: |-
Action is the action to perform to the resource.
Must be one of: get, create, apply, delete, replace, patch
+ enum:
+ - get
+ - create
+ - apply
+ - delete
+ - replace
+ - patch
type: string
failureCondition:
description: |-
@@ -13746,10 +13802,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -14107,6 +14166,10 @@ spec:
description: |-
MergeStrategy is the strategy used to merge a patch. It defaults to "strategic"
Must be one of: strategic, merge, json
+ enum:
+ - strategic
+ - merge
+ - json
type: string
setOwnerReference:
description: SetOwnerReference sets the reference to the
@@ -14179,6 +14242,11 @@ spec:
retryPolicy:
description: RetryPolicy is a policy of NodePhase statuses
that will be retried
+ enum:
+ - Always
+ - OnFailure
+ - OnError
+ - OnTransientError
type: string
type: object
schedulerName:
@@ -17321,8 +17389,9 @@ spec:
There isn't actually a "steps" key in the JSON serialization; this is an anonymous list.
See the custom Unmarshaller below and ./hack/manifests/crd.go
items:
- description: WorkflowStep is a reference to a template
- to execute in a series of step
+ description: |-
+ WorkflowStep is a reference to a template to execute in a series of step
+ Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
properties:
arguments:
description: Arguments hold arguments to the template
@@ -18123,10 +18192,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must
be unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -18536,6 +18608,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -18544,6 +18617,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -19493,11 +19567,14 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact.
must be unique within a template's
inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -19928,6 +20005,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -19937,6 +20015,7 @@ spec:
name:
description: Name is the parameter
name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -20065,6 +20144,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
name:
description: Name of the step
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
description: |-
@@ -20145,6 +20226,7 @@ spec:
required:
- steps
type: object
+ minItems: 1
type: array
suspend:
description: Suspend template subtype which can suspend a workflow
@@ -22838,10 +22920,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -23215,6 +23300,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -23223,6 +23309,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
diff --git a/manifests/base/crds/full/argoproj.io_workflowtemplates.yaml b/manifests/base/crds/full/argoproj.io_workflowtemplates.yaml
index fb8cbd18c298..74c35c448a32 100644
--- a/manifests/base/crds/full/argoproj.io_workflowtemplates.yaml
+++ b/manifests/base/crds/full/argoproj.io_workflowtemplates.yaml
@@ -1692,10 +1692,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
@@ -2031,6 +2034,13 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) +
+ (has(self.http) ? 1 : 0) + (has(self.artifactory) ? 1 :
+ 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw) ? 1 : 0)
+ + (has(self.oss) ? 1 : 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters to pass to the
@@ -2055,6 +2065,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -2063,6 +2074,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -3005,10 +3017,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -3355,6 +3370,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 :
+ 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters to pass
@@ -3379,6 +3402,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -3387,6 +3411,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -3543,8 +3568,9 @@ spec:
description: Metrics are a list of metrics emitted from this Workflow
properties:
prometheus:
- description: Prometheus is a list of prometheus metrics to be
- emitted
+ description: |-
+ Prometheus is a list of prometheus metrics to be emitted
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Prometheus is a prometheus metric to be emitted
properties:
@@ -3553,6 +3579,7 @@ spec:
properties:
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- value
@@ -3563,6 +3590,10 @@ spec:
operation:
description: Operation defines the operation to apply
with value and the metrics' current value
+ enum:
+ - Set
+ - Add
+ - Sub
type: string
realtime:
description: Realtime emits this metric in real time
@@ -3572,13 +3603,21 @@ spec:
description: |-
Value is the value to be used in the operation with the metric's current value. If no operation is set,
value is the value of the metric
+ MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
+ maxLength: 256
+ minLength: 1
type: string
required:
- realtime
- value
type: object
+ x-kubernetes-validations:
+ - message: '''resourcesDuration.*'' metrics cannot be used
+ in real-time gauges'
+ rule: '!has(self.realtime) || !self.realtime || !self.value.contains(''resourcesDuration.'')'
help:
description: Help is a string that describes the metric
+ minLength: 1
type: string
histogram:
description: Histogram is a histogram metric
@@ -3591,6 +3630,7 @@ spec:
type: array
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- buckets
@@ -3603,6 +3643,7 @@ spec:
metric
properties:
key:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
value:
type: string
@@ -3613,6 +3654,7 @@ spec:
type: array
name:
description: Name is the name of the metric
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
when:
description: When is a conditional statement that decides
@@ -3622,6 +3664,7 @@ spec:
- help
- name
type: object
+ maxItems: 100
type: array
required:
- prometheus
@@ -3644,6 +3687,7 @@ spec:
description: Parallelism limits the max total parallel pods that can
execute at the same time in a workflow
format: int64
+ minimum: 1
type: integer
podDisruptionBudget:
description: |-
@@ -3806,6 +3850,12 @@ spec:
description: Strategy is the strategy to use. One of "OnPodCompletion",
"OnPodSuccess", "OnWorkflowCompletion", "OnWorkflowSuccess".
If unset, does not delete Pods
+ enum:
+ - ""
+ - OnPodCompletion
+ - OnPodSuccess
+ - OnWorkflowCompletion
+ - OnWorkflowSuccess
type: string
type: object
podMetadata:
@@ -3892,6 +3942,11 @@ spec:
retryPolicy:
description: RetryPolicy is a policy of NodePhase statuses that
will be retried
+ enum:
+ - Always
+ - OnFailure
+ - OnError
+ - OnTransientError
type: string
type: object
schedulerName:
@@ -6112,6 +6167,13 @@ spec:
type: boolean
type: object
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) + (has(self.http)
+ ? 1 : 0) + (has(self.artifactory) ? 1 : 0) + (has(self.hdfs)
+ ? 1 : 0) + (has(self.raw) ? 1 : 0) + (has(self.oss) ? 1 :
+ 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure) ? 1 : 0) +
+ (has(self.plugin) ? 1 : 0) <= 1'
automountServiceAccountToken:
description: |-
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods.
@@ -9106,10 +9168,13 @@ spec:
in a DAG
type: string
tasks:
- description: Tasks are a list of DAG tasks
+ description: |-
+ Tasks are a list of DAG tasks
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
- description: DAGTask represents a node in the graph during
- DAG execution
+ description: |-
+ DAGTask represents a node in the graph during DAG execution
+ Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
properties:
arguments:
description: Arguments are the parameter and artifact
@@ -9891,10 +9956,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be
unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -10266,6 +10334,15 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be
+ specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -10294,6 +10371,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -10302,6 +10380,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -11227,10 +11306,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must
be unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -11622,6 +11704,17 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location
+ can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0)
+ + (has(self.artifactory) ? 1 : 0) +
+ (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) +
+ (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0)
+ <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -11650,6 +11743,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -11658,6 +11752,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -11781,6 +11876,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
name:
description: Name is the name of the target
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
description: |-
@@ -11853,9 +11950,23 @@ spec:
(default: 0)'
x-kubernetes-int-or-string: true
type: object
+ x-kubernetes-validations:
+ - message: only one of count or end can be defined
+ rule: '!(has(self.count) && has(self.end))'
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: cannot use both 'depends' and 'dependencies'
+ rule: '!has(self.depends) || !has(self.dependencies)'
+ - message: cannot use 'continueOn' when using 'depends'
+ rule: '!has(self.depends) || !has(self.continueOn)'
+ - message: task name cannot begin with a digit when using
+ 'depends' or 'dependencies'
+ rule: '!(has(self.depends) || has(self.dependencies))
+ || !self.name.matches(''^[0-9]'')'
+ maxItems: 200
+ minItems: 1
type: array
required:
- tasks
@@ -12600,10 +12711,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -12950,6 +13064,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 :
+ 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: object
transformation:
description: Transformation applies a set of transformations
@@ -15259,10 +15381,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
@@ -15605,10 +15730,19 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0)
+ + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
- description: Parameters are a list of parameters passed as
- inputs
+ description: |-
+ Parameters are a list of parameters passed as inputs
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Parameter indicate a passed string parameter
to a service template with an optional default value
@@ -15629,6 +15763,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -15637,6 +15772,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -15710,6 +15846,7 @@ spec:
required:
- name
type: object
+ maxItems: 500
type: array
type: object
memoize:
@@ -15766,8 +15903,9 @@ spec:
description: Metrics are a list of metrics emitted from this template
properties:
prometheus:
- description: Prometheus is a list of prometheus metrics to
- be emitted
+ description: |-
+ Prometheus is a list of prometheus metrics to be emitted
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Prometheus is a prometheus metric to be emitted
properties:
@@ -15776,6 +15914,7 @@ spec:
properties:
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- value
@@ -15786,6 +15925,10 @@ spec:
operation:
description: Operation defines the operation to
apply with value and the metrics' current value
+ enum:
+ - Set
+ - Add
+ - Sub
type: string
realtime:
description: Realtime emits this metric in real
@@ -15795,13 +15938,21 @@ spec:
description: |-
Value is the value to be used in the operation with the metric's current value. If no operation is set,
value is the value of the metric
+ MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
+ maxLength: 256
+ minLength: 1
type: string
required:
- realtime
- value
type: object
+ x-kubernetes-validations:
+ - message: '''resourcesDuration.*'' metrics cannot be
+ used in real-time gauges'
+ rule: '!has(self.realtime) || !self.realtime || !self.value.contains(''resourcesDuration.'')'
help:
description: Help is a string that describes the metric
+ minLength: 1
type: string
histogram:
description: Histogram is a histogram metric
@@ -15814,6 +15965,7 @@ spec:
type: array
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- buckets
@@ -15826,6 +15978,7 @@ spec:
metric
properties:
key:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
value:
type: string
@@ -15836,6 +15989,7 @@ spec:
type: array
name:
description: Name is the name of the metric
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
when:
description: When is a conditional statement that decides
@@ -15845,12 +15999,15 @@ spec:
- help
- name
type: object
+ maxItems: 100
type: array
required:
- prometheus
type: object
name:
description: Name is the name of the template
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
nodeSelector:
additionalProperties:
@@ -16597,10 +16754,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
@@ -16943,6 +17103,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0)
+ + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
exitCode:
description: ExitCode holds the exit code of a script template
@@ -16970,6 +17138,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -16978,6 +17147,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -17063,6 +17233,7 @@ spec:
boundaries of this template invocation. If additional steps/dag templates are invoked, the
pods created by those templates will not be counted towards this total.
format: int64
+ minimum: 1
type: integer
plugin:
description: |-
@@ -17086,6 +17257,13 @@ spec:
description: |-
Action is the action to perform to the resource.
Must be one of: get, create, apply, delete, replace, patch
+ enum:
+ - get
+ - create
+ - apply
+ - delete
+ - replace
+ - patch
type: string
failureCondition:
description: |-
@@ -17840,10 +18018,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -18190,6 +18371,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 :
+ 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
required:
- artifact
type: object
@@ -18197,6 +18386,10 @@ spec:
description: |-
MergeStrategy is the strategy used to merge a patch. It defaults to "strategic"
Must be one of: strategic, merge, json
+ enum:
+ - strategic
+ - merge
+ - json
type: string
setOwnerReference:
description: SetOwnerReference sets the reference to the workflow
@@ -18210,6 +18403,10 @@ spec:
required:
- action
type: object
+ x-kubernetes-validations:
+ - message: only one of manifest or manifestFrom can be specified
+ rule: (has(self.manifest) && !has(self.manifestFrom)) || (!has(self.manifest)
+ && has(self.manifestFrom)) || (!has(self.manifest) && !has(self.manifestFrom))
retryStrategy:
description: RetryStrategy describes how to retry a template when
it fails
@@ -18269,6 +18466,11 @@ spec:
retryPolicy:
description: RetryPolicy is a policy of NodePhase statuses
that will be retried
+ enum:
+ - Always
+ - OnFailure
+ - OnError
+ - OnTransientError
type: string
type: object
schedulerName:
@@ -21404,8 +21606,9 @@ spec:
There isn't actually a "steps" key in the JSON serialization; this is an anonymous list.
See the custom Unmarshaller below and ./hack/manifests/crd.go
items:
- description: WorkflowStep is a reference to a template to
- execute in a series of step
+ description: |-
+ WorkflowStep is a reference to a template to execute in a series of step
+ Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
properties:
arguments:
description: Arguments hold arguments to the template
@@ -22183,10 +22386,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -22552,6 +22758,15 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be
+ specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -22579,6 +22794,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -22587,6 +22803,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -23478,10 +23695,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must
be unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -23863,6 +24083,16 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can
+ be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) +
+ (has(self.artifactory) ? 1 : 0) + (has(self.hdfs)
+ ? 1 : 0) + (has(self.raw) ? 1 : 0) + (has(self.oss)
+ ? 1 : 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0)
+ <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -23891,6 +24121,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -23899,6 +24130,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -24021,6 +24253,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
name:
description: Name of the step
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
description: |-
@@ -24094,8 +24328,12 @@ spec:
(default: 0)'
x-kubernetes-int-or-string: true
type: object
+ x-kubernetes-validations:
+ - message: only one of count or end can be defined
+ rule: '!(has(self.count) && has(self.end))'
type: object
type: array
+ minItems: 1
type: array
suspend:
description: Suspend template subtype which can suspend a workflow
@@ -26033,7 +26271,9 @@ spec:
type: array
type: object
templates:
- description: Templates is a list of workflow templates used in a workflow
+ description: |-
+ Templates is a list of workflow templates used in a workflow
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Template is a reusable and composable unit of execution
in a workflow
@@ -27935,6 +28175,13 @@ spec:
type: boolean
type: object
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) +
+ (has(self.http) ? 1 : 0) + (has(self.artifactory) ? 1 :
+ 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw) ? 1 : 0)
+ + (has(self.oss) ? 1 : 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0) <= 1'
automountServiceAccountToken:
description: |-
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods.
@@ -30932,10 +31179,13 @@ spec:
execute in a DAG
type: string
tasks:
- description: Tasks are a list of DAG tasks
+ description: |-
+ Tasks are a list of DAG tasks
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
- description: DAGTask represents a node in the graph during
- DAG execution
+ description: |-
+ DAGTask represents a node in the graph during DAG execution
+ Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
properties:
arguments:
description: Arguments are the parameter and artifact
@@ -31720,10 +31970,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must
be unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if
@@ -32102,6 +32355,15 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can
+ be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -32130,6 +32392,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -32138,6 +32401,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -33079,11 +33343,14 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact.
must be unique within a template's
inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -33482,6 +33749,17 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location
+ can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0)
+ + (has(self.artifactory) ? 1 : 0)
+ + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0)
+ + (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 :
+ 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -33510,6 +33788,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -33519,6 +33798,7 @@ spec:
name:
description: Name is the parameter
name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -33643,6 +33923,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
name:
description: Name is the name of the target
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
description: |-
@@ -33716,9 +33998,23 @@ spec:
(default: 0)'
x-kubernetes-int-or-string: true
type: object
+ x-kubernetes-validations:
+ - message: only one of count or end can be defined
+ rule: '!(has(self.count) && has(self.end))'
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: cannot use both 'depends' and 'dependencies'
+ rule: '!has(self.depends) || !has(self.dependencies)'
+ - message: cannot use 'continueOn' when using 'depends'
+ rule: '!has(self.depends) || !has(self.continueOn)'
+ - message: task name cannot begin with a digit when using
+ 'depends' or 'dependencies'
+ rule: '!(has(self.depends) || has(self.dependencies))
+ || !self.name.matches(''^[0-9]'')'
+ maxItems: 200
+ minItems: 1
type: array
required:
- tasks
@@ -34469,10 +34765,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -34823,6 +35122,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1
+ : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: object
transformation:
description: Transformation applies a set of transformations
@@ -37138,10 +37445,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -37488,10 +37798,19 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 :
+ 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
- description: Parameters are a list of parameters passed
- as inputs
+ description: |-
+ Parameters are a list of parameters passed as inputs
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Parameter indicate a passed string parameter
to a service template with an optional default value
@@ -37512,6 +37831,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -37520,6 +37840,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -37594,6 +37915,7 @@ spec:
required:
- name
type: object
+ maxItems: 500
type: array
type: object
memoize:
@@ -37651,8 +37973,9 @@ spec:
template
properties:
prometheus:
- description: Prometheus is a list of prometheus metrics
- to be emitted
+ description: |-
+ Prometheus is a list of prometheus metrics to be emitted
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
items:
description: Prometheus is a prometheus metric to be emitted
properties:
@@ -37661,6 +37984,7 @@ spec:
properties:
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- value
@@ -37671,6 +37995,10 @@ spec:
operation:
description: Operation defines the operation to
apply with value and the metrics' current value
+ enum:
+ - Set
+ - Add
+ - Sub
type: string
realtime:
description: Realtime emits this metric in real
@@ -37680,13 +38008,22 @@ spec:
description: |-
Value is the value to be used in the operation with the metric's current value. If no operation is set,
value is the value of the metric
+ MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
+ maxLength: 256
+ minLength: 1
type: string
required:
- realtime
- value
type: object
+ x-kubernetes-validations:
+ - message: '''resourcesDuration.*'' metrics cannot
+ be used in real-time gauges'
+ rule: '!has(self.realtime) || !self.realtime ||
+ !self.value.contains(''resourcesDuration.'')'
help:
description: Help is a string that describes the metric
+ minLength: 1
type: string
histogram:
description: Histogram is a histogram metric
@@ -37699,6 +38036,7 @@ spec:
type: array
value:
description: Value is the value of the metric
+ minLength: 1
type: string
required:
- buckets
@@ -37711,6 +38049,7 @@ spec:
prometheus metric
properties:
key:
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
value:
type: string
@@ -37721,6 +38060,7 @@ spec:
type: array
name:
description: Name is the name of the metric
+ pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
type: string
when:
description: When is a conditional statement that
@@ -37730,12 +38070,15 @@ spec:
- help
- name
type: object
+ maxItems: 100
type: array
required:
- prometheus
type: object
name:
description: Name is the name of the template
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
nodeSelector:
additionalProperties:
@@ -38485,10 +38828,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -38835,6 +39181,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 :
+ 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
exitCode:
description: ExitCode holds the exit code of a script template
@@ -38862,6 +39216,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -38870,6 +39225,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -38957,6 +39313,7 @@ spec:
boundaries of this template invocation. If additional steps/dag templates are invoked, the
pods created by those templates will not be counted towards this total.
format: int64
+ minimum: 1
type: integer
plugin:
description: |-
@@ -38980,6 +39337,13 @@ spec:
description: |-
Action is the action to perform to the resource.
Must be one of: get, create, apply, delete, replace, patch
+ enum:
+ - get
+ - create
+ - apply
+ - delete
+ - replace
+ - patch
type: string
failureCondition:
description: |-
@@ -39740,10 +40104,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique
within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -40094,6 +40461,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1
+ : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
required:
- artifact
type: object
@@ -40101,6 +40476,10 @@ spec:
description: |-
MergeStrategy is the strategy used to merge a patch. It defaults to "strategic"
Must be one of: strategic, merge, json
+ enum:
+ - strategic
+ - merge
+ - json
type: string
setOwnerReference:
description: SetOwnerReference sets the reference to the
@@ -40114,6 +40493,10 @@ spec:
required:
- action
type: object
+ x-kubernetes-validations:
+ - message: only one of manifest or manifestFrom can be specified
+ rule: (has(self.manifest) && !has(self.manifestFrom)) || (!has(self.manifest)
+ && has(self.manifestFrom)) || (!has(self.manifest) && !has(self.manifestFrom))
retryStrategy:
description: RetryStrategy describes how to retry a template
when it fails
@@ -40173,6 +40556,11 @@ spec:
retryPolicy:
description: RetryPolicy is a policy of NodePhase statuses
that will be retried
+ enum:
+ - Always
+ - OnFailure
+ - OnError
+ - OnTransientError
type: string
type: object
schedulerName:
@@ -43310,8 +43698,9 @@ spec:
There isn't actually a "steps" key in the JSON serialization; this is an anonymous list.
See the custom Unmarshaller below and ./hack/manifests/crd.go
items:
- description: WorkflowStep is a reference to a template to
- execute in a series of step
+ description: |-
+ WorkflowStep is a reference to a template to execute in a series of step
+ Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
properties:
arguments:
description: Arguments hold arguments to the template
@@ -44092,10 +44481,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be
unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts
@@ -44467,6 +44859,15 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be
+ specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -44495,6 +44896,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -44503,6 +44905,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -45418,10 +45821,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must
be unique within a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional,
@@ -45813,6 +46219,17 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location
+ can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git)
+ ? 1 : 0) + (has(self.http) ? 1 : 0)
+ + (has(self.artifactory) ? 1 : 0) +
+ (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) +
+ (has(self.gcs) ? 1 : 0) + (has(self.azure)
+ ? 1 : 0) + (has(self.plugin) ? 1 : 0)
+ <= 1'
type: array
parameters:
description: Parameters is the list of parameters
@@ -45841,6 +46258,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -45849,6 +46267,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -45973,6 +46392,8 @@ spec:
x-kubernetes-preserve-unknown-fields: true
name:
description: Name of the step
+ maxLength: 128
+ pattern: ^[a-zA-Z0-9][-a-zA-Z0-9]*$
type: string
onExit:
description: |-
@@ -46046,8 +46467,12 @@ spec:
(default: 0)'
x-kubernetes-int-or-string: true
type: object
+ x-kubernetes-validations:
+ - message: only one of count or end can be defined
+ rule: '!(has(self.count) && has(self.end))'
type: object
type: array
+ minItems: 1
type: array
suspend:
description: Suspend template subtype which can suspend a workflow
@@ -47991,7 +48416,21 @@ spec:
type: object
type: array
type: object
+ maxItems: 200
type: array
+ x-kubernetes-validations:
+ - message: template must have at most one template type
+ rule: 'self.all(t, (has(t.container) ? 1 : 0) + (has(t.script) ?
+ 1 : 0) + (has(t.dag) ? 1 : 0) + (has(t.steps) ? 1 : 0) + (has(t.resource)
+ ? 1 : 0) + (has(t.suspend) ? 1 : 0) + (has(t.containerSet) ? 1
+ : 0) + (has(t.data) ? 1 : 0) + (has(t.http) ? 1 : 0) + (has(t.plugin)
+ ? 1 : 0) <= 1)'
+ - message: timeout cannot be applied to steps or dag templates
+ rule: self.all(t, !(has(t.timeout) && t.timeout != "" && (has(t.steps)
+ || has(t.dag))))
+ - message: activeDeadlineSeconds is only valid for leaf templates
+ rule: self.all(t, !(has(t.activeDeadlineSeconds) && (has(t.steps)
+ || has(t.dag))))
tolerations:
description: Tolerations to apply to workflow pods.
items:
diff --git a/manifests/base/crds/minimal/argoproj.io_workflowartifactgctasks.yaml b/manifests/base/crds/minimal/argoproj.io_workflowartifactgctasks.yaml
index 8e75c2b1d486..e07feeb039a1 100644
--- a/manifests/base/crds/minimal/argoproj.io_workflowartifactgctasks.yaml
+++ b/manifests/base/crds/minimal/argoproj.io_workflowartifactgctasks.yaml
@@ -1732,10 +1732,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
diff --git a/manifests/base/crds/minimal/argoproj.io_workfloweventbindings.yaml b/manifests/base/crds/minimal/argoproj.io_workfloweventbindings.yaml
index bd63a83bee81..526f2c835388 100644
--- a/manifests/base/crds/minimal/argoproj.io_workfloweventbindings.yaml
+++ b/manifests/base/crds/minimal/argoproj.io_workfloweventbindings.yaml
@@ -789,10 +789,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
@@ -1135,6 +1138,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0)
+ + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters to pass
@@ -1159,6 +1170,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -1167,6 +1179,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
diff --git a/manifests/base/crds/minimal/argoproj.io_workflowtaskresults.yaml b/manifests/base/crds/minimal/argoproj.io_workflowtaskresults.yaml
index f079f7ed7cef..fc2e12e37a21 100644
--- a/manifests/base/crds/minimal/argoproj.io_workflowtaskresults.yaml
+++ b/manifests/base/crds/minimal/argoproj.io_workflowtaskresults.yaml
@@ -762,10 +762,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within a template's
inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't generate
@@ -1096,6 +1099,13 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) + (has(self.http)
+ ? 1 : 0) + (has(self.artifactory) ? 1 : 0) + (has(self.hdfs)
+ ? 1 : 0) + (has(self.raw) ? 1 : 0) + (has(self.oss) ? 1 : 0)
+ + (has(self.gcs) ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
exitCode:
description: ExitCode holds the exit code of a script template
@@ -1123,6 +1133,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -1131,6 +1142,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
diff --git a/manifests/quick-start-minimal.yaml b/manifests/quick-start-minimal.yaml
index 9446d294625d..9505154d9ab9 100644
--- a/manifests/quick-start-minimal.yaml
+++ b/manifests/quick-start-minimal.yaml
@@ -1835,10 +1835,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
@@ -3016,10 +3019,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
@@ -3362,6 +3368,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0)
+ + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters to pass
@@ -3386,6 +3400,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -3394,6 +3409,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -4347,10 +4363,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within a template's
inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't generate
@@ -4681,6 +4700,13 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) + (has(self.http)
+ ? 1 : 0) + (has(self.artifactory) ? 1 : 0) + (has(self.hdfs)
+ ? 1 : 0) + (has(self.raw) ? 1 : 0) + (has(self.oss) ? 1 : 0)
+ + (has(self.gcs) ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
exitCode:
description: ExitCode holds the exit code of a script template
@@ -4708,6 +4734,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -4716,6 +4743,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
diff --git a/manifests/quick-start-mysql.yaml b/manifests/quick-start-mysql.yaml
index 72b95854728c..95e47d886883 100644
--- a/manifests/quick-start-mysql.yaml
+++ b/manifests/quick-start-mysql.yaml
@@ -1835,10 +1835,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
@@ -3016,10 +3019,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
@@ -3362,6 +3368,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0)
+ + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters to pass
@@ -3386,6 +3400,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -3394,6 +3409,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -4347,10 +4363,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within a template's
inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't generate
@@ -4681,6 +4700,13 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) + (has(self.http)
+ ? 1 : 0) + (has(self.artifactory) ? 1 : 0) + (has(self.hdfs)
+ ? 1 : 0) + (has(self.raw) ? 1 : 0) + (has(self.oss) ? 1 : 0)
+ + (has(self.gcs) ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
exitCode:
description: ExitCode holds the exit code of a script template
@@ -4708,6 +4734,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -4716,6 +4743,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
diff --git a/manifests/quick-start-postgres.yaml b/manifests/quick-start-postgres.yaml
index c1f212c16036..9b97ed1f49ab 100644
--- a/manifests/quick-start-postgres.yaml
+++ b/manifests/quick-start-postgres.yaml
@@ -1835,10 +1835,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
@@ -3016,10 +3019,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within
a template's inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't
@@ -3362,6 +3368,14 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0)
+ + (has(self.http) ? 1 : 0) + (has(self.artifactory)
+ ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw)
+ ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs)
+ ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
parameters:
description: Parameters is the list of parameters to pass
@@ -3386,6 +3400,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -3394,6 +3409,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
@@ -4347,10 +4363,13 @@ spec:
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
format: int32
+ maximum: 511
+ minimum: 0
type: integer
name:
description: name of the artifact. must be unique within a template's
inputs/outputs.
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't generate
@@ -4681,6 +4700,13 @@ spec:
required:
- name
type: object
+ x-kubernetes-validations:
+ - message: at most one artifact location can be specified
+ rule: '(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) + (has(self.http)
+ ? 1 : 0) + (has(self.artifactory) ? 1 : 0) + (has(self.hdfs)
+ ? 1 : 0) + (has(self.raw) ? 1 : 0) + (has(self.oss) ? 1 : 0)
+ + (has(self.gcs) ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin)
+ ? 1 : 0) <= 1'
type: array
exitCode:
description: ExitCode holds the exit code of a script template
@@ -4708,6 +4734,7 @@ spec:
* It will unmarshall int64, int32, float64, float32, boolean, a plain string and represents it as string.
* It will marshall back to string - marshalling is not symmetric.
type: string
+ minItems: 1
type: array
globalName:
description: |-
@@ -4716,6 +4743,7 @@ spec:
type: string
name:
description: Name is the parameter name
+ pattern: ^[-a-zA-Z0-9_]+$
type: string
value:
description: |-
diff --git a/pkg/apis/workflow/v1alpha1/cron_workflow_types.go b/pkg/apis/workflow/v1alpha1/cron_workflow_types.go
index a193a62d7f63..3c5991ec7405 100644
--- a/pkg/apis/workflow/v1alpha1/cron_workflow_types.go
+++ b/pkg/apis/workflow/v1alpha1/cron_workflow_types.go
@@ -30,6 +30,7 @@ type CronWorkflowList struct {
Items []CronWorkflow `json:"items" protobuf:"bytes,2,rep,name=items"`
}
+// +kubebuilder:validation:Enum=Allow;Forbid;Replace
type ConcurrencyPolicy string
const (
@@ -50,6 +51,7 @@ type CronWorkflowSpec struct {
Suspend bool `json:"suspend,omitempty" protobuf:"varint,4,opt,name=suspend"`
// StartingDeadlineSeconds is the K8s-style deadline that will limit the time a CronWorkflow will be run after its
// original scheduled time if it is missed.
+ // +kubebuilder:validation:Minimum=0
StartingDeadlineSeconds *int64 `json:"startingDeadlineSeconds,omitempty" protobuf:"varint,5,opt,name=startingDeadlineSeconds"`
// SuccessfulJobsHistoryLimit is the number of successful jobs to be kept at a time
SuccessfulJobsHistoryLimit *int32 `json:"successfulJobsHistoryLimit,omitempty" protobuf:"varint,6,opt,name=successfulJobsHistoryLimit"`
@@ -62,7 +64,9 @@ type CronWorkflowSpec struct {
// v3.6 and after: StopStrategy defines if the CronWorkflow should stop scheduling based on a condition
StopStrategy *StopStrategy `json:"stopStrategy,omitempty" protobuf:"bytes,10,opt,name=stopStrategy"`
// v3.6 and after: Schedules is a list of schedules to run the Workflow in Cron format
- Schedules []string `json:"schedules,omitempty" protobuf:"bytes,11,opt,name=schedules"`
+ // +kubebuilder:validation:MinItems=1
+ // +kubebuilder:validation:items:Pattern=`^(@(yearly|annually|monthly|weekly|daily|midnight|hourly)|@every\s+([0-9]+(ns|us|µs|ms|s|m|h))+|([0-9*,/-?]+\s+){4}[0-9*,/-?]+)$`
+ Schedules []string `json:"schedules" protobuf:"bytes,11,opt,name=schedules"`
// v3.6 and after: When is an expression that determines if a run should be scheduled.
When string `json:"when,omitempty" protobuf:"bytes,12,opt,name=when"`
}
diff --git a/pkg/apis/workflow/v1alpha1/generated.proto b/pkg/apis/workflow/v1alpha1/generated.proto
index e6143c7c63d4..6eb6ebff78a5 100644
--- a/pkg/apis/workflow/v1alpha1/generated.proto
+++ b/pkg/apis/workflow/v1alpha1/generated.proto
@@ -59,6 +59,7 @@ message ArtGCStatus {
// Artifact indicates an artifact to place at a specified path
message Artifact {
// name of the artifact. must be unique within a template's inputs/outputs.
+ // +kubebuilder:validation:Pattern=`^[-a-zA-Z0-9_]+$`
optional string name = 1;
// Path is the container path to the artifact
@@ -67,6 +68,8 @@ message Artifact {
// mode bits to use on this file, must be a value between 0 and 0777.
// Set when loading input artifacts. It is recommended to set the mode value
// to ensure the artifact has the expected permissions in your container.
+ // +kubebuilder:validation:Minimum=0
+ // +kubebuilder:validation:Maximum=511
optional int32 mode = 3;
// From allows an artifact to reference an artifact from a previous step
@@ -130,6 +133,7 @@ message ArtifactGCStatus {
// It is used as single artifact in the context of inputs/outputs (e.g. outputs.artifacts.artname).
// It is also used to describe the location of multiple artifacts such as the archive location
// of a single workflow step, which the executor will use as a default location to store its files.
+// +kubebuilder:validation:XValidation:rule="(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory) ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw) ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin) ? 1 : 0) <= 1",message="at most one artifact location can be specified"
message ArtifactLocation {
// ArchiveLogs indicates if the container logs should be archived
optional bool archiveLogs = 1;
@@ -454,6 +458,7 @@ message ContinueOn {
// Counter is a Counter prometheus metric
message Counter {
// Value is the value of the metric
+ // +kubebuilder:validation:MinLength=1
optional string value = 1;
}
@@ -497,6 +502,7 @@ message CronWorkflowSpec {
// StartingDeadlineSeconds is the K8s-style deadline that will limit the time a CronWorkflow will be run after its
// original scheduled time if it is missed.
+ // +kubebuilder:validation:Minimum=0
optional int64 startingDeadlineSeconds = 5;
// SuccessfulJobsHistoryLimit is the number of successful jobs to be kept at a time
@@ -515,6 +521,8 @@ message CronWorkflowSpec {
optional StopStrategy stopStrategy = 10;
// v3.6 and after: Schedules is a list of schedules to run the Workflow in Cron format
+ // +kubebuilder:validation:MinItems=1
+ // +kubebuilder:validation:items:Pattern=`^(@(yearly|annually|monthly|weekly|daily|midnight|hourly)|@every\s+([0-9]+(ns|us|µs|ms|s|m|h))+|([0-9*,/-?]+\s+){4}[0-9*,/-?]+)$`
repeated string schedules = 11;
// v3.6 and after: When is an expression that determines if a run should be scheduled.
@@ -549,8 +557,14 @@ message CronWorkflowStatus {
}
// DAGTask represents a node in the graph during DAG execution
+// Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
+// +kubebuilder:validation:XValidation:rule="!has(self.depends) || !has(self.dependencies)",message="cannot use both 'depends' and 'dependencies'"
+// +kubebuilder:validation:XValidation:rule="!has(self.depends) || !has(self.continueOn)",message="cannot use 'continueOn' when using 'depends'"
+// +kubebuilder:validation:XValidation:rule="!(has(self.depends) || has(self.dependencies)) || !self.name.matches('^[0-9]')",message="task name cannot begin with a digit when using 'depends' or 'dependencies'"
message DAGTask {
// Name is the name of the target
+ // +kubebuilder:validation:MaxLength=128
+ // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9][-a-zA-Z0-9]*$`
optional string name = 1;
// Name of template to execute
@@ -612,8 +626,11 @@ message DAGTemplate {
optional string target = 1;
// Tasks are a list of DAG tasks
+ // MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
// +patchStrategy=merge
// +patchMergeKey=name
+ // +kubebuilder:validation:MinItems=1
+ // +kubebuilder:validation:MaxItems=200
repeated DAGTask tasks = 2;
// This flag is for DAG logic. The DAG logic has a built-in "fail fast" feature to stop scheduling new steps,
@@ -677,9 +694,13 @@ message GCSBucket {
}
// Gauge is a Gauge prometheus metric
+// +kubebuilder:validation:XValidation:rule="!has(self.realtime) || !self.realtime || !self.value.contains('resourcesDuration.')",message="'resourcesDuration.*' metrics cannot be used in real-time gauges"
message Gauge {
// Value is the value to be used in the operation with the metric's current value. If no operation is set,
// value is the value of the metric
+ // MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=256
optional string value = 1;
// Realtime emits this metric in real time if applicable
@@ -870,6 +891,7 @@ message Header {
// Histogram is a Histogram prometheus metric
message Histogram {
// Value is the value of the metric
+ // +kubebuilder:validation:MinLength=1
optional string value = 3;
// Buckets is a list of bucket divisors for the histogram
@@ -879,8 +901,10 @@ message Histogram {
// Inputs are the mechanism for passing parameters, artifacts, volumes from one template to another
message Inputs {
// Parameters are a list of parameters passed as inputs
+ // MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
// +patchStrategy=merge
// +patchMergeKey=name
+ // +kubebuilder:validation:MaxItems=500
repeated Parameter parameters = 1;
// Artifact are a list of artifacts passed as inputs
@@ -982,6 +1006,7 @@ message Metadata {
// MetricLabel is a single label for a prometheus metric
message MetricLabel {
+ // +kubebuilder:validation:Pattern=`^[a-zA-Z_][a-zA-Z0-9_]*$`
optional string key = 1;
optional string value = 2;
@@ -990,6 +1015,8 @@ message MetricLabel {
// Metrics are a list of metrics emitted from a Workflow/Template
message Metrics {
// Prometheus is a list of prometheus metrics to be emitted
+ // MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
+ // +kubebuilder:validation:MaxItems=100
repeated Prometheus prometheus = 1;
}
@@ -1269,6 +1296,7 @@ message ParallelSteps {
// Parameter indicate a passed string parameter to a service template with an optional default value
message Parameter {
// Name is the parameter name
+ // +kubebuilder:validation:Pattern=`^[-a-zA-Z0-9_]+$`
optional string name = 1;
// Default is the default value to use for an input parameter if a value was not supplied
@@ -1286,6 +1314,7 @@ message Parameter {
optional string globalName = 5;
// Enum holds a list of string values to choose from, for the actual value of the parameter
+ // +kubebuilder:validation:MinItems=1
repeated string enum = 6;
// Description is the parameter description
@@ -1337,12 +1366,14 @@ message PodGC {
// Prometheus is a prometheus metric to be emitted
message Prometheus {
// Name is the name of the metric
+ // +kubebuilder:validation:Pattern=`^[a-zA-Z_][a-zA-Z0-9_]*$`
optional string name = 1;
// Labels is a list of metric labels
repeated MetricLabel labels = 2;
// Help is a string that describes the metric
+ // +kubebuilder:validation:MinLength=1
optional string help = 3;
// When is a conditional statement that decides when to emit the metric
@@ -1365,13 +1396,16 @@ message RawArtifact {
}
// ResourceTemplate is a template subtype to manipulate kubernetes resources
+// +kubebuilder:validation:XValidation:rule="(has(self.manifest) && !has(self.manifestFrom)) || (!has(self.manifest) && has(self.manifestFrom)) || (!has(self.manifest) && !has(self.manifestFrom))",message="only one of manifest or manifestFrom can be specified"
message ResourceTemplate {
// Action is the action to perform to the resource.
// Must be one of: get, create, apply, delete, replace, patch
+ // +kubebuilder:validation:Enum=get;create;apply;delete;replace;patch
optional string action = 1;
// MergeStrategy is the strategy used to merge a patch. It defaults to "strategic"
// Must be one of: strategic, merge, json
+ // +kubebuilder:validation:Enum=strategic;merge;json
optional string mergeStrategy = 2;
// Manifest contains the kubernetes manifest
@@ -1541,6 +1575,7 @@ message SemaphoreStatus {
}
// Sequence expands a workflow step into numeric range
+// +kubebuilder:validation:XValidation:rule="!(has(self.count) && has(self.end))",message="only one of count or end can be defined"
message Sequence {
// Count is number of elements in the sequence (default: 0). Not to be used with end
optional k8s.io.apimachinery.pkg.util.intstr.IntOrString count = 1;
@@ -1668,6 +1703,8 @@ message TarStrategy {
// Template is a reusable and composable unit of execution in a workflow
message Template {
// Name is the name of the template
+ // +kubebuilder:validation:MaxLength=128
+ // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9][-a-zA-Z0-9]*$`
optional string name = 1;
// Inputs describe what inputs parameters and artifacts are supplied to this template
@@ -1691,6 +1728,7 @@ message Template {
optional bool daemon = 10;
// Steps define a series of sequential/parallel workflow steps
+ // +kubebuilder:validation:MinItems=1
repeated ParallelSteps steps = 11;
// Container is the main container image to run in the pod
@@ -1756,6 +1794,7 @@ message Template {
// Parallelism limits the max total parallel pods that can execute at the same time within the
// boundaries of this template invocation. If additional steps/dag templates are invoked, the
// pods created by those templates will not be counted towards this total.
+ // +kubebuilder:validation:Minimum=1
optional int64 parallelism = 23;
// FailFast, if specified, will fail this template if any of its child pods has failed. This is useful for when this
@@ -1996,8 +2035,13 @@ message WorkflowMetadata {
// WorkflowSpec is the specification of a Workflow.
message WorkflowSpec {
// Templates is a list of workflow templates used in a workflow
+ // MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
// +patchStrategy=merge
// +patchMergeKey=name
+ // +kubebuilder:validation:MaxItems=200
+ // +kubebuilder:validation:XValidation:rule="self.all(t, (has(t.container) ? 1 : 0) + (has(t.script) ? 1 : 0) + (has(t.dag) ? 1 : 0) + (has(t.steps) ? 1 : 0) + (has(t.resource) ? 1 : 0) + (has(t.suspend) ? 1 : 0) + (has(t.containerSet) ? 1 : 0) + (has(t.data) ? 1 : 0) + (has(t.http) ? 1 : 0) + (has(t.plugin) ? 1 : 0) <= 1)",message="template must have at most one template type"
+ // +kubebuilder:validation:XValidation:rule="self.all(t, !(has(t.timeout) && t.timeout != \"\" && (has(t.steps) || has(t.dag))))",message="timeout cannot be applied to steps or dag templates"
+ // +kubebuilder:validation:XValidation:rule="self.all(t, !(has(t.activeDeadlineSeconds) && (has(t.steps) || has(t.dag))))",message="activeDeadlineSeconds is only valid for leaf templates"
repeated Template templates = 1;
// Entrypoint is a template reference to the starting point of the workflow.
@@ -2029,6 +2073,7 @@ message WorkflowSpec {
repeated k8s.io.api.core.v1.PersistentVolumeClaim volumeClaimTemplates = 6;
// Parallelism limits the max total parallel pods that can execute at the same time in a workflow
+ // +kubebuilder:validation:Minimum=1
optional int64 parallelism = 7;
// ArtifactRepositoryRef specifies the configMap name and key containing the artifact repository config.
@@ -2228,8 +2273,11 @@ message WorkflowStatus {
}
// WorkflowStep is a reference to a template to execute in a series of step
+// Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
message WorkflowStep {
// Name of the step
+ // +kubebuilder:validation:MaxLength=128
+ // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9][-a-zA-Z0-9]*$`
optional string name = 1;
// Template is the name of the template to execute as the step
diff --git a/pkg/apis/workflow/v1alpha1/openapi_generated.go b/pkg/apis/workflow/v1alpha1/openapi_generated.go
index a7825e67f3ae..976d8775d7bd 100644
--- a/pkg/apis/workflow/v1alpha1/openapi_generated.go
+++ b/pkg/apis/workflow/v1alpha1/openapi_generated.go
@@ -2344,7 +2344,7 @@ func schema_pkg_apis_workflow_v1alpha1_CronWorkflowSpec(ref common.ReferenceCall
},
},
},
- Required: []string{"workflowSpec"},
+ Required: []string{"workflowSpec", "schedules"},
},
},
Dependencies: []string{
@@ -2429,7 +2429,7 @@ func schema_pkg_apis_workflow_v1alpha1_DAGTask(ref common.ReferenceCallback) com
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
- Description: "DAGTask represents a node in the graph during DAG execution",
+ Description: "DAGTask represents a node in the graph during DAG execution Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"name": {
@@ -2581,7 +2581,7 @@ func schema_pkg_apis_workflow_v1alpha1_DAGTemplate(ref common.ReferenceCallback)
},
},
SchemaProps: spec.SchemaProps{
- Description: "Tasks are a list of DAG tasks",
+ Description: "Tasks are a list of DAG tasks MaxItems is an artificial limit to limit CEL validation costs - see note at top of file",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
@@ -2817,7 +2817,7 @@ func schema_pkg_apis_workflow_v1alpha1_Gauge(ref common.ReferenceCallback) commo
Properties: map[string]spec.Schema{
"value": {
SchemaProps: spec.SchemaProps{
- Description: "Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric",
+ Description: "Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric MaxLength is an artificial limit to limit CEL validation costs - see note at top of file",
Default: "",
Type: []string{"string"},
Format: "",
@@ -3591,7 +3591,7 @@ func schema_pkg_apis_workflow_v1alpha1_Inputs(ref common.ReferenceCallback) comm
},
},
SchemaProps: spec.SchemaProps{
- Description: "Parameters are a list of parameters passed as inputs",
+ Description: "Parameters are a list of parameters passed as inputs MaxItems is an artificial limit to limit CEL validation costs - see note at top of file",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
@@ -3987,7 +3987,7 @@ func schema_pkg_apis_workflow_v1alpha1_Metrics(ref common.ReferenceCallback) com
Properties: map[string]spec.Schema{
"prometheus": {
SchemaProps: spec.SchemaProps{
- Description: "Prometheus is a list of prometheus metrics to be emitted",
+ Description: "Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
@@ -7764,7 +7764,7 @@ func schema_pkg_apis_workflow_v1alpha1_WorkflowSpec(ref common.ReferenceCallback
},
},
SchemaProps: spec.SchemaProps{
- Description: "Templates is a list of workflow templates used in a workflow",
+ Description: "Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
@@ -8317,7 +8317,7 @@ func schema_pkg_apis_workflow_v1alpha1_WorkflowStep(ref common.ReferenceCallback
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
- Description: "WorkflowStep is a reference to a template to execute in a series of step",
+ Description: "WorkflowStep is a reference to a template to execute in a series of step Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"name": {
diff --git a/pkg/apis/workflow/v1alpha1/workflow_types.go b/pkg/apis/workflow/v1alpha1/workflow_types.go
index 69dc0f1b2928..cd45694a690e 100644
--- a/pkg/apis/workflow/v1alpha1/workflow_types.go
+++ b/pkg/apis/workflow/v1alpha1/workflow_types.go
@@ -30,6 +30,15 @@ import (
"github.com/argoproj/argo-workflows/v3/util/logging"
)
+// Note on CEL validation costs
+// The CEL validation rules are written as comments starting +kubebuilder:validation
+// These are evaluated by kubernetes every time the object in question is changed, and there is no way around that.
+// Kubernetes has a budget when you inject a CRD and estimates the cost of evaluating these rules
+// and will reject CRDs which exceed the budget.
+// Some rules are in here just to get under budget, and are not limitations of argo itself. They may need
+// adjusting and may need you to use the minimized CRDs if they are preventing real-world workflows from
+// being used.
+
// TemplateType is the type of a template
type TemplateType string
@@ -104,6 +113,7 @@ var AnyArtifactGCStrategy = map[ArtifactGCStrategy]bool{
}
// PodGCStrategy is the strategy when to delete completed pods for GC.
+// +kubebuilder:validation:Enum="";OnPodCompletion;OnPodSuccess;OnWorkflowCompletion;OnWorkflowSuccess
type PodGCStrategy string
func (s PodGCStrategy) IsValid() bool {
@@ -269,8 +279,13 @@ type TTLStrategy struct {
// WorkflowSpec is the specification of a Workflow.
type WorkflowSpec struct {
// Templates is a list of workflow templates used in a workflow
+ // MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
// +patchStrategy=merge
// +patchMergeKey=name
+ // +kubebuilder:validation:MaxItems=200
+ // +kubebuilder:validation:XValidation:rule="self.all(t, (has(t.container) ? 1 : 0) + (has(t.script) ? 1 : 0) + (has(t.dag) ? 1 : 0) + (has(t.steps) ? 1 : 0) + (has(t.resource) ? 1 : 0) + (has(t.suspend) ? 1 : 0) + (has(t.containerSet) ? 1 : 0) + (has(t.data) ? 1 : 0) + (has(t.http) ? 1 : 0) + (has(t.plugin) ? 1 : 0) <= 1)",message="template must have at most one template type"
+ // +kubebuilder:validation:XValidation:rule="self.all(t, !(has(t.timeout) && t.timeout != \"\" && (has(t.steps) || has(t.dag))))",message="timeout cannot be applied to steps or dag templates"
+ // +kubebuilder:validation:XValidation:rule="self.all(t, !(has(t.activeDeadlineSeconds) && (has(t.steps) || has(t.dag))))",message="activeDeadlineSeconds is only valid for leaf templates"
Templates []Template `json:"templates,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,1,opt,name=templates"`
// Entrypoint is a template reference to the starting point of the workflow.
@@ -302,6 +317,7 @@ type WorkflowSpec struct {
VolumeClaimTemplates []apiv1.PersistentVolumeClaim `json:"volumeClaimTemplates,omitempty" protobuf:"bytes,6,opt,name=volumeClaimTemplates"`
// Parallelism limits the max total parallel pods that can execute at the same time in a workflow
+ // +kubebuilder:validation:Minimum=1
Parallelism *int64 `json:"parallelism,omitempty" protobuf:"bytes,7,opt,name=parallelism"`
// ArtifactRepositoryRef specifies the configMap name and key containing the artifact repository config.
@@ -613,6 +629,8 @@ func (wfs *WorkflowSpec) HasPodSpecPatch() bool {
// Template is a reusable and composable unit of execution in a workflow
type Template struct {
// Name is the name of the template
+ // +kubebuilder:validation:MaxLength=128
+ // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9][-a-zA-Z0-9]*$`
Name string `json:"name,omitempty" protobuf:"bytes,1,opt,name=name"`
// Inputs describe what inputs parameters and artifacts are supplied to this template
@@ -636,6 +654,7 @@ type Template struct {
Daemon *bool `json:"daemon,omitempty" protobuf:"bytes,10,opt,name=daemon"`
// Steps define a series of sequential/parallel workflow steps
+ // +kubebuilder:validation:MinItems=1
Steps []ParallelSteps `json:"steps,omitempty" protobuf:"bytes,11,opt,name=steps"`
// Container is the main container image to run in the pod
@@ -701,6 +720,7 @@ type Template struct {
// Parallelism limits the max total parallel pods that can execute at the same time within the
// boundaries of this template invocation. If additional steps/dag templates are invoked, the
// pods created by those templates will not be counted towards this total.
+ // +kubebuilder:validation:Minimum=1
Parallelism *int64 `json:"parallelism,omitempty" protobuf:"bytes,23,opt,name=parallelism"`
// FailFast, if specified, will fail this template if any of its child pods has failed. This is useful for when this
@@ -936,8 +956,10 @@ func needDefaultLoggingPlugin(includeLogs ArtifactPluginLogs, defaultRepo *Artif
// Inputs are the mechanism for passing parameters, artifacts, volumes from one template to another
type Inputs struct {
// Parameters are a list of parameters passed as inputs
+ // MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
// +patchStrategy=merge
// +patchMergeKey=name
+ // +kubebuilder:validation:MaxItems=500
Parameters []Parameter `json:"parameters,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,1,opt,name=parameters"`
// Artifact are a list of artifacts passed as inputs
@@ -959,6 +981,7 @@ type Metadata struct {
// Parameter indicate a passed string parameter to a service template with an optional default value
type Parameter struct {
// Name is the parameter name
+ // +kubebuilder:validation:Pattern=`^[-a-zA-Z0-9_]+$`
Name string `json:"name" protobuf:"bytes,1,opt,name=name"`
// Default is the default value to use for an input parameter if a value was not supplied
@@ -976,6 +999,7 @@ type Parameter struct {
GlobalName string `json:"globalName,omitempty" protobuf:"bytes,5,opt,name=globalName"`
// Enum holds a list of string values to choose from, for the actual value of the parameter
+ // +kubebuilder:validation:MinItems=1
Enum []AnyString `json:"enum,omitempty" protobuf:"bytes,6,rep,name=enum"`
// Description is the parameter description
@@ -1033,6 +1057,7 @@ type SuppliedValueFrom struct{}
// Artifact indicates an artifact to place at a specified path
type Artifact struct {
// name of the artifact. must be unique within a template's inputs/outputs.
+ // +kubebuilder:validation:Pattern=`^[-a-zA-Z0-9_]+$`
Name string `json:"name" protobuf:"bytes,1,opt,name=name"`
// Path is the container path to the artifact
@@ -1041,6 +1066,8 @@ type Artifact struct {
// mode bits to use on this file, must be a value between 0 and 0777.
// Set when loading input artifacts. It is recommended to set the mode value
// to ensure the artifact has the expected permissions in your container.
+ // +kubebuilder:validation:Minimum=0
+ // +kubebuilder:validation:Maximum=511
Mode *int32 `json:"mode,omitempty" protobuf:"varint,3,opt,name=mode"`
// From allows an artifact to reference an artifact from a previous step
@@ -1239,6 +1266,7 @@ type ArtifactLocationType interface {
// It is used as single artifact in the context of inputs/outputs (e.g. outputs.artifacts.artname).
// It is also used to describe the location of multiple artifacts such as the archive location
// of a single workflow step, which the executor will use as a default location to store its files.
+// +kubebuilder:validation:XValidation:rule="(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory) ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw) ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin) ? 1 : 0) <= 1",message="at most one artifact location can be specified"
type ArtifactLocation struct {
// ArchiveLogs indicates if the container logs should be archived
ArchiveLogs *bool `json:"archiveLogs,omitempty" protobuf:"varint,1,opt,name=archiveLogs"`
@@ -1600,8 +1628,11 @@ func (out *Outputs) GetArtifacts() Artifacts {
}
// WorkflowStep is a reference to a template to execute in a series of step
+// Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
type WorkflowStep struct {
// Name of the step
+ // +kubebuilder:validation:MaxLength=128
+ // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9][-a-zA-Z0-9]*$`
Name string `json:"name,omitempty" protobuf:"bytes,1,opt,name=name"`
// Template is the name of the template to execute as the step
@@ -1737,6 +1768,7 @@ func (s *WorkflowStep) ShouldExpand() bool {
}
// Sequence expands a workflow step into numeric range
+// +kubebuilder:validation:XValidation:rule="!(has(self.count) && has(self.end))",message="only one of count or end can be defined"
type Sequence struct {
// Count is number of elements in the sequence (default: 0). Not to be used with end
Count *intstr.IntOrString `json:"count,omitempty" protobuf:"bytes,1,opt,name=count"`
@@ -2181,6 +2213,7 @@ func (w *Workflow) GetOffloadNodeStatusVersion() string {
return w.Status.GetOffloadNodeStatusVersion()
}
+// +kubebuilder:validation:Enum=Always;OnFailure;OnError;OnTransientError
type RetryPolicy string
const (
@@ -3234,13 +3267,16 @@ type ScriptTemplate struct {
}
// ResourceTemplate is a template subtype to manipulate kubernetes resources
+// +kubebuilder:validation:XValidation:rule="(has(self.manifest) && !has(self.manifestFrom)) || (!has(self.manifest) && has(self.manifestFrom)) || (!has(self.manifest) && !has(self.manifestFrom))",message="only one of manifest or manifestFrom can be specified"
type ResourceTemplate struct {
// Action is the action to perform to the resource.
// Must be one of: get, create, apply, delete, replace, patch
+ // +kubebuilder:validation:Enum=get;create;apply;delete;replace;patch
Action string `json:"action" protobuf:"bytes,1,opt,name=action"`
// MergeStrategy is the strategy used to merge a patch. It defaults to "strategic"
// Must be one of: strategic, merge, json
+ // +kubebuilder:validation:Enum=strategic;merge;json
MergeStrategy string `json:"mergeStrategy,omitempty" protobuf:"bytes,2,opt,name=mergeStrategy"`
// Manifest contains the kubernetes manifest
@@ -3407,8 +3443,11 @@ type DAGTemplate struct {
Target string `json:"target,omitempty" protobuf:"bytes,1,opt,name=target"`
// Tasks are a list of DAG tasks
+ // MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
// +patchStrategy=merge
// +patchMergeKey=name
+ // +kubebuilder:validation:MinItems=1
+ // +kubebuilder:validation:MaxItems=200
Tasks []DAGTask `json:"tasks" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,2,rep,name=tasks"`
// This flag is for DAG logic. The DAG logic has a built-in "fail fast" feature to stop scheduling new steps,
@@ -3421,8 +3460,14 @@ type DAGTemplate struct {
}
// DAGTask represents a node in the graph during DAG execution
+// Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
+// +kubebuilder:validation:XValidation:rule="!has(self.depends) || !has(self.dependencies)",message="cannot use both 'depends' and 'dependencies'"
+// +kubebuilder:validation:XValidation:rule="!has(self.depends) || !has(self.continueOn)",message="cannot use 'continueOn' when using 'depends'"
+// +kubebuilder:validation:XValidation:rule="!(has(self.depends) || has(self.dependencies)) || !self.name.matches('^[0-9]')",message="task name cannot begin with a digit when using 'depends' or 'dependencies'"
type DAGTask struct {
// Name is the name of the target
+ // +kubebuilder:validation:MaxLength=128
+ // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9][-a-zA-Z0-9]*$`
Name string `json:"name" protobuf:"bytes,1,opt,name=name"`
// Name of template to execute
@@ -3812,16 +3857,20 @@ const (
// Metrics are a list of metrics emitted from a Workflow/Template
type Metrics struct {
// Prometheus is a list of prometheus metrics to be emitted
+ // MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
+ // +kubebuilder:validation:MaxItems=100
Prometheus []*Prometheus `json:"prometheus" protobuf:"bytes,1,rep,name=prometheus"`
}
// Prometheus is a prometheus metric to be emitted
type Prometheus struct {
// Name is the name of the metric
+ // +kubebuilder:validation:Pattern=`^[a-zA-Z_][a-zA-Z0-9_]*$`
Name string `json:"name" protobuf:"bytes,1,opt,name=name"`
// Labels is a list of metric labels
Labels []*MetricLabel `json:"labels,omitempty" protobuf:"bytes,2,rep,name=labels"`
// Help is a string that describes the metric
+ // +kubebuilder:validation:MinLength=1
Help string `json:"help" protobuf:"bytes,3,opt,name=help"`
// When is a conditional statement that decides when to emit the metric
When string `json:"when,omitempty" protobuf:"bytes,4,opt,name=when"`
@@ -3912,14 +3961,19 @@ func (p *Prometheus) IsRealtime() bool {
// MetricLabel is a single label for a prometheus metric
type MetricLabel struct {
+ // +kubebuilder:validation:Pattern=`^[a-zA-Z_][a-zA-Z0-9_]*$`
Key string `json:"key" protobuf:"bytes,1,opt,name=key"`
Value string `json:"value" protobuf:"bytes,2,opt,name=value"`
}
// Gauge is a Gauge prometheus metric
+// +kubebuilder:validation:XValidation:rule="!has(self.realtime) || !self.realtime || !self.value.contains('resourcesDuration.')",message="'resourcesDuration.*' metrics cannot be used in real-time gauges"
type Gauge struct {
// Value is the value to be used in the operation with the metric's current value. If no operation is set,
// value is the value of the metric
+ // MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
+ // +kubebuilder:validation:MinLength=1
+ // +kubebuilder:validation:MaxLength=256
Value string `json:"value" protobuf:"bytes,1,opt,name=value"`
// Realtime emits this metric in real time if applicable
Realtime *bool `json:"realtime" protobuf:"varint,2,opt,name=realtime"`
@@ -3929,6 +3983,7 @@ type Gauge struct {
}
// A GaugeOperation is the set of operations that can be used in a gauge metric.
+// +kubebuilder:validation:Enum=Set;Add;Sub
type GaugeOperation string
const (
@@ -3940,6 +3995,7 @@ const (
// Histogram is a Histogram prometheus metric
type Histogram struct {
// Value is the value of the metric
+ // +kubebuilder:validation:MinLength=1
Value string `json:"value" protobuf:"bytes,3,opt,name=value"`
// Buckets is a list of bucket divisors for the histogram
Buckets []Amount `json:"buckets" protobuf:"bytes,4,rep,name=buckets"`
@@ -3956,6 +4012,7 @@ func (in *Histogram) GetBuckets() []float64 {
// Counter is a Counter prometheus metric
type Counter struct {
// Value is the value of the metric
+ // +kubebuilder:validation:MinLength=1
Value string `json:"value" protobuf:"bytes,1,opt,name=value"`
}
diff --git a/pkg/plugins/executor/swagger.yml b/pkg/plugins/executor/swagger.yml
index 7d3dbfee26fd..f93289aca921 100644
--- a/pkg/plugins/executor/swagger.yml
+++ b/pkg/plugins/executor/swagger.yml
@@ -143,10 +143,14 @@ definitions:
mode bits to use on this file, must be a value between 0 and 0777.
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
+ +kubebuilder:validation:Minimum=0
+ +kubebuilder:validation:Maximum=511
format: int32
type: integer
name:
- description: name of the artifact. must be unique within a template's inputs/outputs.
+ description: |-
+ name of the artifact. must be unique within a template's inputs/outputs.
+ +kubebuilder:validation:Pattern=`^[-a-zA-Z0-9_]+$`
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't generate or exist
@@ -188,6 +192,7 @@ definitions:
It is used as single artifact in the context of inputs/outputs (e.g. outputs.artifacts.artname).
It is also used to describe the location of multiple artifacts such as the archive location
of a single workflow step, which the executor will use as a default location to store its files.
+ +kubebuilder:validation:XValidation:rule="(has(self.s3) ? 1 : 0) + (has(self.git) ? 1 : 0) + (has(self.http) ? 1 : 0) + (has(self.artifactory) ? 1 : 0) + (has(self.hdfs) ? 1 : 0) + (has(self.raw) ? 1 : 0) + (has(self.oss) ? 1 : 0) + (has(self.gcs) ? 1 : 0) + (has(self.azure) ? 1 : 0) + (has(self.plugin) ? 1 : 0) <= 1",message="at most one artifact location can be specified"
properties:
archiveLogs:
description: ArchiveLogs indicates if the container logs should be archived
@@ -255,10 +260,14 @@ definitions:
mode bits to use on this file, must be a value between 0 and 0777.
Set when loading input artifacts. It is recommended to set the mode value
to ensure the artifact has the expected permissions in your container.
+ +kubebuilder:validation:Minimum=0
+ +kubebuilder:validation:Maximum=511
format: int32
type: integer
name:
- description: name of the artifact. must be unique within a template's inputs/outputs.
+ description: |-
+ name of the artifact. must be unique within a template's inputs/outputs.
+ +kubebuilder:validation:Pattern=`^[-a-zA-Z0-9_]+$`
type: string
optional:
description: Make Artifacts optional, if Artifacts doesn't generate or exist
@@ -1170,7 +1179,9 @@ definitions:
description: Counter is a Counter prometheus metric
properties:
value:
- description: Value is the value of the metric
+ description: |-
+ Value is the value of the metric
+ +kubebuilder:validation:MinLength=1
type: string
type: object
CreateS3BucketOptions:
@@ -1181,7 +1192,12 @@ definitions:
type: boolean
type: object
DAGTask:
- description: DAGTask represents a node in the graph during DAG execution
+ description: |-
+ DAGTask represents a node in the graph during DAG execution
+ Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
+ +kubebuilder:validation:XValidation:rule="!has(self.depends) || !has(self.dependencies)",message="cannot use both 'depends' and 'dependencies'"
+ +kubebuilder:validation:XValidation:rule="!has(self.depends) || !has(self.continueOn)",message="cannot use 'continueOn' when using 'depends'"
+ +kubebuilder:validation:XValidation:rule="!(has(self.depends) || has(self.dependencies)) || !self.name.matches('^[0-9]')",message="task name cannot begin with a digit when using 'depends' or 'dependencies'"
properties:
arguments:
$ref: '#/definitions/Arguments'
@@ -1200,7 +1216,10 @@ definitions:
inline:
$ref: '#/definitions/Template'
name:
- description: Name is the name of the target
+ description: |-
+ Name is the name of the target
+ +kubebuilder:validation:MaxLength=128
+ +kubebuilder:validation:Pattern=`^[a-zA-Z0-9][-a-zA-Z0-9]*$`
type: string
onExit:
description: |-
@@ -1253,8 +1272,11 @@ definitions:
tasks:
description: |-
Tasks are a list of DAG tasks
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
+patchStrategy=merge
+patchMergeKey=name
+ +kubebuilder:validation:MinItems=1
+ +kubebuilder:validation:MaxItems=200
items:
$ref: '#/definitions/DAGTask'
type: array
@@ -1621,7 +1643,9 @@ definitions:
title: GRPCAction specifies an action involving a GRPC service.
type: object
Gauge:
- description: Gauge is a Gauge prometheus metric
+ description: |-
+ Gauge is a Gauge prometheus metric
+ +kubebuilder:validation:XValidation:rule="!has(self.realtime) || !self.realtime || !self.value.contains('resourcesDuration.')",message="'resourcesDuration.*' metrics cannot be used in real-time gauges"
properties:
operation:
$ref: '#/definitions/GaugeOperation'
@@ -1632,9 +1656,13 @@ definitions:
description: |-
Value is the value to be used in the operation with the metric's current value. If no operation is set,
value is the value of the metric
+ MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
+ +kubebuilder:validation:MinLength=1
+ +kubebuilder:validation:MaxLength=256
type: string
type: object
GaugeOperation:
+ description: +kubebuilder:validation:Enum=Set;Add;Sub
title: A GaugeOperation is the set of operations that can be used in a gauge metric.
type: string
GitArtifact:
@@ -1896,7 +1924,9 @@ definitions:
$ref: '#/definitions/Amount'
type: array
value:
- description: Value is the value of the metric
+ description: |-
+ Value is the value of the metric
+ +kubebuilder:validation:MinLength=1
type: string
type: object
HostAlias:
@@ -2026,8 +2056,10 @@ definitions:
parameters:
description: |-
Parameters are a list of parameters passed as inputs
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
+patchStrategy=merge
+patchMergeKey=name
+ +kubebuilder:validation:MaxItems=500
items:
$ref: '#/definitions/Parameter'
type: array
@@ -2291,6 +2323,7 @@ definitions:
description: MetricLabel is a single label for a prometheus metric
properties:
key:
+ description: +kubebuilder:validation:Pattern=`^[a-zA-Z_][a-zA-Z0-9_]*$`
type: string
value:
type: string
@@ -2299,7 +2332,10 @@ definitions:
description: Metrics are a list of metrics emitted from a Workflow/Template
properties:
prometheus:
- description: Prometheus is a list of prometheus metrics to be emitted
+ description: |-
+ Prometheus is a list of prometheus metrics to be emitted
+ MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
+ +kubebuilder:validation:MaxItems=100
items:
$ref: '#/definitions/Prometheus'
type: array
@@ -2612,7 +2648,9 @@ definitions:
description:
$ref: '#/definitions/AnyString'
enum:
- description: Enum holds a list of string values to choose from, for the actual value of the parameter
+ description: |-
+ Enum holds a list of string values to choose from, for the actual value of the parameter
+ +kubebuilder:validation:MinItems=1
items:
$ref: '#/definitions/AnyString'
type: array
@@ -2622,7 +2660,9 @@ definitions:
'{{workflow.outputs.parameters.XXXX}} and in workflow.status.outputs.parameters
type: string
name:
- description: Name is the parameter name
+ description: |-
+ Name is the parameter name
+ +kubebuilder:validation:Pattern=`^[-a-zA-Z0-9_]+$`
type: string
value:
$ref: '#/definitions/AnyString'
@@ -3298,7 +3338,9 @@ definitions:
gauge:
$ref: '#/definitions/Gauge'
help:
- description: Help is a string that describes the metric
+ description: |-
+ Help is a string that describes the metric
+ +kubebuilder:validation:MinLength=1
type: string
histogram:
$ref: '#/definitions/Histogram'
@@ -3308,7 +3350,9 @@ definitions:
$ref: '#/definitions/MetricLabel'
type: array
name:
- description: Name is the name of the metric
+ description: |-
+ Name is the name of the metric
+ +kubebuilder:validation:Pattern=`^[a-zA-Z_][a-zA-Z0-9_]*$`
type: string
when:
description: When is a conditional statement that decides when to emit the metric
@@ -3574,12 +3618,15 @@ definitions:
title: ResourceResizeRestartPolicy specifies how to handle container resource resize.
type: string
ResourceTemplate:
- description: ResourceTemplate is a template subtype to manipulate kubernetes resources
+ description: |-
+ ResourceTemplate is a template subtype to manipulate kubernetes resources
+ +kubebuilder:validation:XValidation:rule="(has(self.manifest) && !has(self.manifestFrom)) || (!has(self.manifest) && has(self.manifestFrom)) || (!has(self.manifest) && !has(self.manifestFrom))",message="only one of manifest or manifestFrom can be specified"
properties:
action:
description: |-
Action is the action to perform to the resource.
Must be one of: get, create, apply, delete, replace, patch
+ +kubebuilder:validation:Enum=get;create;apply;delete;replace;patch
type: string
failureCondition:
description: |-
@@ -3605,6 +3652,7 @@ definitions:
description: |-
MergeStrategy is the strategy used to merge a patch. It defaults to "strategic"
Must be one of: strategic, merge, json
+ +kubebuilder:validation:Enum=strategic;merge;json
type: string
setOwnerReference:
description: SetOwnerReference sets the reference to the workflow on the OwnerReference of generated resource.
@@ -3626,6 +3674,7 @@ definitions:
title: RetryNodeAntiAffinity is a placeholder for future expansion, only empty nodeAntiAffinity is allowed.
type: object
RetryPolicy:
+ description: +kubebuilder:validation:Enum=Always;OnFailure;OnError;OnTransientError
type: string
RetryStrategy:
description: RetryStrategy provides controls on how to retry a workflow step
@@ -4207,7 +4256,9 @@ definitions:
type: string
type: object
Sequence:
- description: Sequence expands a workflow step into numeric range
+ description: |-
+ Sequence expands a workflow step into numeric range
+ +kubebuilder:validation:XValidation:rule="!(has(self.count) && has(self.end))",message="only one of count or end can be defined"
properties:
count:
$ref: '#/definitions/IntOrString'
@@ -4436,7 +4487,10 @@ definitions:
metrics:
$ref: '#/definitions/Metrics'
name:
- description: Name is the name of the template
+ description: |-
+ Name is the name of the template
+ +kubebuilder:validation:MaxLength=128
+ +kubebuilder:validation:Pattern=`^[a-zA-Z0-9][-a-zA-Z0-9]*$`
type: string
nodeSelector:
additionalProperties:
@@ -4452,6 +4506,7 @@ definitions:
Parallelism limits the max total parallel pods that can execute at the same time within the
boundaries of this template invocation. If additional steps/dag templates are invoked, the
pods created by those templates will not be counted towards this total.
+ +kubebuilder:validation:Minimum=1
format: int64
type: integer
plugin:
@@ -4492,7 +4547,9 @@ definitions:
$ref: '#/definitions/UserContainer'
type: array
steps:
- description: Steps define a series of sequential/parallel workflow steps
+ description: |-
+ Steps define a series of sequential/parallel workflow steps
+ +kubebuilder:validation:MinItems=1
items:
$ref: '#/definitions/ParallelSteps'
type: array
diff --git a/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1CronWorkflowSpec.md b/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1CronWorkflowSpec.md
index 3ed376b57dc7..d97c80cd6223 100644
--- a/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1CronWorkflowSpec.md
+++ b/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1CronWorkflowSpec.md
@@ -10,7 +10,7 @@ Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**concurrencyPolicy** | **String** | ConcurrencyPolicy is the K8s-style concurrency policy that will be used | [optional]
**failedJobsHistoryLimit** | **Integer** | FailedJobsHistoryLimit is the number of failed jobs to be kept at a time | [optional]
-**schedules** | **List<String>** | v3.6 and after: Schedules is a list of schedules to run the Workflow in Cron format | [optional]
+**schedules** | **List<String>** | v3.6 and after: Schedules is a list of schedules to run the Workflow in Cron format |
**startingDeadlineSeconds** | **Integer** | StartingDeadlineSeconds is the K8s-style deadline that will limit the time a CronWorkflow will be run after its original scheduled time if it is missed. | [optional]
**stopStrategy** | [**IoArgoprojWorkflowV1alpha1StopStrategy**](IoArgoprojWorkflowV1alpha1StopStrategy.md) | | [optional]
**successfulJobsHistoryLimit** | **Integer** | SuccessfulJobsHistoryLimit is the number of successful jobs to be kept at a time | [optional]
diff --git a/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1DAGTask.md b/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1DAGTask.md
index bceaeecf8782..c9ac3dae36e7 100644
--- a/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1DAGTask.md
+++ b/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1DAGTask.md
@@ -2,7 +2,7 @@
# IoArgoprojWorkflowV1alpha1DAGTask
-DAGTask represents a node in the graph during DAG execution
+DAGTask represents a node in the graph during DAG execution Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
## Properties
diff --git a/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1DAGTemplate.md b/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1DAGTemplate.md
index 6a656b3209eb..bcff478a90c3 100644
--- a/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1DAGTemplate.md
+++ b/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1DAGTemplate.md
@@ -10,7 +10,7 @@ Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**failFast** | **Boolean** | This flag is for DAG logic. The DAG logic has a built-in \"fail fast\" feature to stop scheduling new steps, as soon as it detects that one of the DAG nodes is failed. Then it waits until all DAG nodes are completed before failing the DAG itself. The FailFast flag default is true, if set to false, it will allow a DAG to run all branches of the DAG to completion (either success or failure), regardless of the failed outcomes of branches in the DAG. More info and example about this feature at https://github.com/argoproj/argo-workflows/issues/1442 | [optional]
**target** | **String** | Target are one or more names of targets to execute in a DAG | [optional]
-**tasks** | [**List<IoArgoprojWorkflowV1alpha1DAGTask>**](IoArgoprojWorkflowV1alpha1DAGTask.md) | Tasks are a list of DAG tasks |
+**tasks** | [**List<IoArgoprojWorkflowV1alpha1DAGTask>**](IoArgoprojWorkflowV1alpha1DAGTask.md) | Tasks are a list of DAG tasks MaxItems is an artificial limit to limit CEL validation costs - see note at top of file |
diff --git a/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1Gauge.md b/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1Gauge.md
index e10119f4b246..47d7e0598af7 100644
--- a/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1Gauge.md
+++ b/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1Gauge.md
@@ -10,7 +10,7 @@ Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**operation** | **String** | Operation defines the operation to apply with value and the metrics' current value | [optional]
**realtime** | **Boolean** | Realtime emits this metric in real time if applicable |
-**value** | **String** | Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric |
+**value** | **String** | Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric MaxLength is an artificial limit to limit CEL validation costs - see note at top of file |
diff --git a/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1Inputs.md b/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1Inputs.md
index c231259e335b..66df6b3f3c5d 100644
--- a/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1Inputs.md
+++ b/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1Inputs.md
@@ -9,7 +9,7 @@ Inputs are the mechanism for passing parameters, artifacts, volumes from one tem
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**artifacts** | [**List<IoArgoprojWorkflowV1alpha1Artifact>**](IoArgoprojWorkflowV1alpha1Artifact.md) | Artifact are a list of artifacts passed as inputs | [optional]
-**parameters** | [**List<IoArgoprojWorkflowV1alpha1Parameter>**](IoArgoprojWorkflowV1alpha1Parameter.md) | Parameters are a list of parameters passed as inputs | [optional]
+**parameters** | [**List<IoArgoprojWorkflowV1alpha1Parameter>**](IoArgoprojWorkflowV1alpha1Parameter.md) | Parameters are a list of parameters passed as inputs MaxItems is an artificial limit to limit CEL validation costs - see note at top of file | [optional]
diff --git a/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1Metrics.md b/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1Metrics.md
index 505b6c111e0d..49f75d9a3325 100644
--- a/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1Metrics.md
+++ b/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1Metrics.md
@@ -8,7 +8,7 @@ Metrics are a list of metrics emitted from a Workflow/Template
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
-**prometheus** | [**List<IoArgoprojWorkflowV1alpha1Prometheus>**](IoArgoprojWorkflowV1alpha1Prometheus.md) | Prometheus is a list of prometheus metrics to be emitted |
+**prometheus** | [**List<IoArgoprojWorkflowV1alpha1Prometheus>**](IoArgoprojWorkflowV1alpha1Prometheus.md) | Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file |
diff --git a/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1WorkflowSpec.md b/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1WorkflowSpec.md
index b822a0ffb1c4..02abdd01d1f6 100644
--- a/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1WorkflowSpec.md
+++ b/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1WorkflowSpec.md
@@ -41,7 +41,7 @@ Name | Type | Description | Notes
**suspend** | **Boolean** | Suspend will suspend the workflow and prevent execution of any future steps in the workflow | [optional]
**synchronization** | [**IoArgoprojWorkflowV1alpha1Synchronization**](IoArgoprojWorkflowV1alpha1Synchronization.md) | | [optional]
**templateDefaults** | [**IoArgoprojWorkflowV1alpha1Template**](IoArgoprojWorkflowV1alpha1Template.md) | | [optional]
-**templates** | [**List<IoArgoprojWorkflowV1alpha1Template>**](IoArgoprojWorkflowV1alpha1Template.md) | Templates is a list of workflow templates used in a workflow | [optional]
+**templates** | [**List<IoArgoprojWorkflowV1alpha1Template>**](IoArgoprojWorkflowV1alpha1Template.md) | Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file | [optional]
**tolerations** | [**List<io.kubernetes.client.openapi.models.V1Toleration>**](io.kubernetes.client.openapi.models.V1Toleration.md) | Tolerations to apply to workflow pods. | [optional]
**ttlStrategy** | [**IoArgoprojWorkflowV1alpha1TTLStrategy**](IoArgoprojWorkflowV1alpha1TTLStrategy.md) | | [optional]
**volumeClaimGC** | [**IoArgoprojWorkflowV1alpha1VolumeClaimGC**](IoArgoprojWorkflowV1alpha1VolumeClaimGC.md) | | [optional]
diff --git a/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1WorkflowStep.md b/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1WorkflowStep.md
index 7ec225766ba6..f70dda9de7df 100644
--- a/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1WorkflowStep.md
+++ b/sdks/java/client/docs/IoArgoprojWorkflowV1alpha1WorkflowStep.md
@@ -2,7 +2,7 @@
# IoArgoprojWorkflowV1alpha1WorkflowStep
-WorkflowStep is a reference to a template to execute in a series of step
+WorkflowStep is a reference to a template to execute in a series of step Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
## Properties
diff --git a/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_cron_workflow_spec.py b/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_cron_workflow_spec.py
index a32c4db8bf52..664aca13506d 100644
--- a/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_cron_workflow_spec.py
+++ b/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_cron_workflow_spec.py
@@ -91,10 +91,10 @@ def openapi_types():
"""
lazy_import()
return {
+ 'schedules': ([str],), # noqa: E501
'workflow_spec': (IoArgoprojWorkflowV1alpha1WorkflowSpec,), # noqa: E501
'concurrency_policy': (str,), # noqa: E501
'failed_jobs_history_limit': (int,), # noqa: E501
- 'schedules': ([str],), # noqa: E501
'starting_deadline_seconds': (int,), # noqa: E501
'stop_strategy': (IoArgoprojWorkflowV1alpha1StopStrategy,), # noqa: E501
'successful_jobs_history_limit': (int,), # noqa: E501
@@ -110,10 +110,10 @@ def discriminator():
attribute_map = {
+ 'schedules': 'schedules', # noqa: E501
'workflow_spec': 'workflowSpec', # noqa: E501
'concurrency_policy': 'concurrencyPolicy', # noqa: E501
'failed_jobs_history_limit': 'failedJobsHistoryLimit', # noqa: E501
- 'schedules': 'schedules', # noqa: E501
'starting_deadline_seconds': 'startingDeadlineSeconds', # noqa: E501
'stop_strategy': 'stopStrategy', # noqa: E501
'successful_jobs_history_limit': 'successfulJobsHistoryLimit', # noqa: E501
@@ -130,10 +130,11 @@ def discriminator():
@classmethod
@convert_js_args_to_python_args
- def _from_openapi_data(cls, workflow_spec, *args, **kwargs): # noqa: E501
+ def _from_openapi_data(cls, schedules, workflow_spec, *args, **kwargs): # noqa: E501
"""IoArgoprojWorkflowV1alpha1CronWorkflowSpec - a model defined in OpenAPI
Args:
+ schedules ([str]): v3.6 and after: Schedules is a list of schedules to run the Workflow in Cron format
workflow_spec (IoArgoprojWorkflowV1alpha1WorkflowSpec):
Keyword Args:
@@ -169,7 +170,6 @@ def _from_openapi_data(cls, workflow_spec, *args, **kwargs): # noqa: E501
_visited_composed_classes = (Animal,)
concurrency_policy (str): ConcurrencyPolicy is the K8s-style concurrency policy that will be used. [optional] # noqa: E501
failed_jobs_history_limit (int): FailedJobsHistoryLimit is the number of failed jobs to be kept at a time. [optional] # noqa: E501
- schedules ([str]): v3.6 and after: Schedules is a list of schedules to run the Workflow in Cron format. [optional] # noqa: E501
starting_deadline_seconds (int): StartingDeadlineSeconds is the K8s-style deadline that will limit the time a CronWorkflow will be run after its original scheduled time if it is missed.. [optional] # noqa: E501
stop_strategy (IoArgoprojWorkflowV1alpha1StopStrategy): [optional] # noqa: E501
successful_jobs_history_limit (int): SuccessfulJobsHistoryLimit is the number of successful jobs to be kept at a time. [optional] # noqa: E501
@@ -204,6 +204,7 @@ def _from_openapi_data(cls, workflow_spec, *args, **kwargs): # noqa: E501
self._configuration = _configuration
self._visited_composed_classes = _visited_composed_classes + (self.__class__,)
+ self.schedules = schedules
self.workflow_spec = workflow_spec
for var_name, var_value in kwargs.items():
if var_name not in self.attribute_map and \
@@ -225,10 +226,11 @@ def _from_openapi_data(cls, workflow_spec, *args, **kwargs): # noqa: E501
])
@convert_js_args_to_python_args
- def __init__(self, workflow_spec, *args, **kwargs): # noqa: E501
+ def __init__(self, schedules, workflow_spec, *args, **kwargs): # noqa: E501
"""IoArgoprojWorkflowV1alpha1CronWorkflowSpec - a model defined in OpenAPI
Args:
+ schedules ([str]): v3.6 and after: Schedules is a list of schedules to run the Workflow in Cron format
workflow_spec (IoArgoprojWorkflowV1alpha1WorkflowSpec):
Keyword Args:
@@ -264,7 +266,6 @@ def __init__(self, workflow_spec, *args, **kwargs): # noqa: E501
_visited_composed_classes = (Animal,)
concurrency_policy (str): ConcurrencyPolicy is the K8s-style concurrency policy that will be used. [optional] # noqa: E501
failed_jobs_history_limit (int): FailedJobsHistoryLimit is the number of failed jobs to be kept at a time. [optional] # noqa: E501
- schedules ([str]): v3.6 and after: Schedules is a list of schedules to run the Workflow in Cron format. [optional] # noqa: E501
starting_deadline_seconds (int): StartingDeadlineSeconds is the K8s-style deadline that will limit the time a CronWorkflow will be run after its original scheduled time if it is missed.. [optional] # noqa: E501
stop_strategy (IoArgoprojWorkflowV1alpha1StopStrategy): [optional] # noqa: E501
successful_jobs_history_limit (int): SuccessfulJobsHistoryLimit is the number of successful jobs to be kept at a time. [optional] # noqa: E501
@@ -297,6 +298,7 @@ def __init__(self, workflow_spec, *args, **kwargs): # noqa: E501
self._configuration = _configuration
self._visited_composed_classes = _visited_composed_classes + (self.__class__,)
+ self.schedules = schedules
self.workflow_spec = workflow_spec
for var_name, var_value in kwargs.items():
if var_name not in self.attribute_map and \
diff --git a/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_dag_template.py b/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_dag_template.py
index 8fcb8976aac7..c7c18af2ba6c 100644
--- a/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_dag_template.py
+++ b/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_dag_template.py
@@ -114,7 +114,7 @@ def _from_openapi_data(cls, tasks, *args, **kwargs): # noqa: E501
"""IoArgoprojWorkflowV1alpha1DAGTemplate - a model defined in OpenAPI
Args:
- tasks ([IoArgoprojWorkflowV1alpha1DAGTask]): Tasks are a list of DAG tasks
+ tasks ([IoArgoprojWorkflowV1alpha1DAGTask]): Tasks are a list of DAG tasks MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Keyword Args:
_check_type (bool): if True, values for parameters in openapi_types
@@ -201,7 +201,7 @@ def __init__(self, tasks, *args, **kwargs): # noqa: E501
"""IoArgoprojWorkflowV1alpha1DAGTemplate - a model defined in OpenAPI
Args:
- tasks ([IoArgoprojWorkflowV1alpha1DAGTask]): Tasks are a list of DAG tasks
+ tasks ([IoArgoprojWorkflowV1alpha1DAGTask]): Tasks are a list of DAG tasks MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Keyword Args:
_check_type (bool): if True, values for parameters in openapi_types
diff --git a/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_gauge.py b/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_gauge.py
index b1c122de5d17..725e40e577e1 100644
--- a/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_gauge.py
+++ b/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_gauge.py
@@ -109,7 +109,7 @@ def _from_openapi_data(cls, realtime, value, *args, **kwargs): # noqa: E501
Args:
realtime (bool): Realtime emits this metric in real time if applicable
- value (str): Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric
+ value (str): Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
Keyword Args:
_check_type (bool): if True, values for parameters in openapi_types
@@ -197,7 +197,7 @@ def __init__(self, realtime, value, *args, **kwargs): # noqa: E501
Args:
realtime (bool): Realtime emits this metric in real time if applicable
- value (str): Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric
+ value (str): Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
Keyword Args:
_check_type (bool): if True, values for parameters in openapi_types
diff --git a/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_inputs.py b/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_inputs.py
index 27a2c1d335d8..017b0856413f 100644
--- a/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_inputs.py
+++ b/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_inputs.py
@@ -145,7 +145,7 @@ def _from_openapi_data(cls, *args, **kwargs): # noqa: E501
through its discriminator because we passed in
_visited_composed_classes = (Animal,)
artifacts ([IoArgoprojWorkflowV1alpha1Artifact]): Artifact are a list of artifacts passed as inputs. [optional] # noqa: E501
- parameters ([IoArgoprojWorkflowV1alpha1Parameter]): Parameters are a list of parameters passed as inputs. [optional] # noqa: E501
+ parameters ([IoArgoprojWorkflowV1alpha1Parameter]): Parameters are a list of parameters passed as inputs MaxItems is an artificial limit to limit CEL validation costs - see note at top of file. [optional] # noqa: E501
"""
_check_type = kwargs.pop('_check_type', True)
@@ -228,7 +228,7 @@ def __init__(self, *args, **kwargs): # noqa: E501
through its discriminator because we passed in
_visited_composed_classes = (Animal,)
artifacts ([IoArgoprojWorkflowV1alpha1Artifact]): Artifact are a list of artifacts passed as inputs. [optional] # noqa: E501
- parameters ([IoArgoprojWorkflowV1alpha1Parameter]): Parameters are a list of parameters passed as inputs. [optional] # noqa: E501
+ parameters ([IoArgoprojWorkflowV1alpha1Parameter]): Parameters are a list of parameters passed as inputs MaxItems is an artificial limit to limit CEL validation costs - see note at top of file. [optional] # noqa: E501
"""
_check_type = kwargs.pop('_check_type', True)
diff --git a/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_metrics.py b/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_metrics.py
index b7a4022ebc6d..a1d21aa63e44 100644
--- a/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_metrics.py
+++ b/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_metrics.py
@@ -110,7 +110,7 @@ def _from_openapi_data(cls, prometheus, *args, **kwargs): # noqa: E501
"""IoArgoprojWorkflowV1alpha1Metrics - a model defined in OpenAPI
Args:
- prometheus ([IoArgoprojWorkflowV1alpha1Prometheus]): Prometheus is a list of prometheus metrics to be emitted
+ prometheus ([IoArgoprojWorkflowV1alpha1Prometheus]): Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Keyword Args:
_check_type (bool): if True, values for parameters in openapi_types
@@ -195,7 +195,7 @@ def __init__(self, prometheus, *args, **kwargs): # noqa: E501
"""IoArgoprojWorkflowV1alpha1Metrics - a model defined in OpenAPI
Args:
- prometheus ([IoArgoprojWorkflowV1alpha1Prometheus]): Prometheus is a list of prometheus metrics to be emitted
+ prometheus ([IoArgoprojWorkflowV1alpha1Prometheus]): Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Keyword Args:
_check_type (bool): if True, values for parameters in openapi_types
diff --git a/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_workflow_spec.py b/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_workflow_spec.py
index 6244db821b62..2fd40bd59968 100644
--- a/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_workflow_spec.py
+++ b/sdks/python/client/argo_workflows/model/io_argoproj_workflow_v1alpha1_workflow_spec.py
@@ -299,7 +299,7 @@ def _from_openapi_data(cls, *args, **kwargs): # noqa: E501
suspend (bool): Suspend will suspend the workflow and prevent execution of any future steps in the workflow. [optional] # noqa: E501
synchronization (IoArgoprojWorkflowV1alpha1Synchronization): [optional] # noqa: E501
template_defaults (IoArgoprojWorkflowV1alpha1Template): [optional] # noqa: E501
- templates ([IoArgoprojWorkflowV1alpha1Template]): Templates is a list of workflow templates used in a workflow. [optional] # noqa: E501
+ templates ([IoArgoprojWorkflowV1alpha1Template]): Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file. [optional] # noqa: E501
tolerations ([Toleration]): Tolerations to apply to workflow pods.. [optional] # noqa: E501
ttl_strategy (IoArgoprojWorkflowV1alpha1TTLStrategy): [optional] # noqa: E501
volume_claim_gc (IoArgoprojWorkflowV1alpha1VolumeClaimGC): [optional] # noqa: E501
@@ -421,7 +421,7 @@ def __init__(self, *args, **kwargs): # noqa: E501
suspend (bool): Suspend will suspend the workflow and prevent execution of any future steps in the workflow. [optional] # noqa: E501
synchronization (IoArgoprojWorkflowV1alpha1Synchronization): [optional] # noqa: E501
template_defaults (IoArgoprojWorkflowV1alpha1Template): [optional] # noqa: E501
- templates ([IoArgoprojWorkflowV1alpha1Template]): Templates is a list of workflow templates used in a workflow. [optional] # noqa: E501
+ templates ([IoArgoprojWorkflowV1alpha1Template]): Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file. [optional] # noqa: E501
tolerations ([Toleration]): Tolerations to apply to workflow pods.. [optional] # noqa: E501
ttl_strategy (IoArgoprojWorkflowV1alpha1TTLStrategy): [optional] # noqa: E501
volume_claim_gc (IoArgoprojWorkflowV1alpha1VolumeClaimGC): [optional] # noqa: E501
diff --git a/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1CronWorkflowSpec.md b/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1CronWorkflowSpec.md
index abf8253fd5eb..1753fca37e77 100644
--- a/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1CronWorkflowSpec.md
+++ b/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1CronWorkflowSpec.md
@@ -5,10 +5,10 @@ CronWorkflowSpec is the specification of a CronWorkflow
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
+**schedules** | **[str]** | v3.6 and after: Schedules is a list of schedules to run the Workflow in Cron format |
**workflow_spec** | [**IoArgoprojWorkflowV1alpha1WorkflowSpec**](IoArgoprojWorkflowV1alpha1WorkflowSpec.md) | |
**concurrency_policy** | **str** | ConcurrencyPolicy is the K8s-style concurrency policy that will be used | [optional]
**failed_jobs_history_limit** | **int** | FailedJobsHistoryLimit is the number of failed jobs to be kept at a time | [optional]
-**schedules** | **[str]** | v3.6 and after: Schedules is a list of schedules to run the Workflow in Cron format | [optional]
**starting_deadline_seconds** | **int** | StartingDeadlineSeconds is the K8s-style deadline that will limit the time a CronWorkflow will be run after its original scheduled time if it is missed. | [optional]
**stop_strategy** | [**IoArgoprojWorkflowV1alpha1StopStrategy**](IoArgoprojWorkflowV1alpha1StopStrategy.md) | | [optional]
**successful_jobs_history_limit** | **int** | SuccessfulJobsHistoryLimit is the number of successful jobs to be kept at a time | [optional]
diff --git a/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1DAGTask.md b/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1DAGTask.md
index 74bb409f7345..02757e76c3e8 100644
--- a/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1DAGTask.md
+++ b/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1DAGTask.md
@@ -1,6 +1,6 @@
# IoArgoprojWorkflowV1alpha1DAGTask
-DAGTask represents a node in the graph during DAG execution
+DAGTask represents a node in the graph during DAG execution Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
## Properties
Name | Type | Description | Notes
diff --git a/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1DAGTemplate.md b/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1DAGTemplate.md
index af46c7d3aec8..55187c4ee485 100644
--- a/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1DAGTemplate.md
+++ b/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1DAGTemplate.md
@@ -5,7 +5,7 @@ DAGTemplate is a template subtype for directed acyclic graph templates
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
-**tasks** | [**[IoArgoprojWorkflowV1alpha1DAGTask]**](IoArgoprojWorkflowV1alpha1DAGTask.md) | Tasks are a list of DAG tasks |
+**tasks** | [**[IoArgoprojWorkflowV1alpha1DAGTask]**](IoArgoprojWorkflowV1alpha1DAGTask.md) | Tasks are a list of DAG tasks MaxItems is an artificial limit to limit CEL validation costs - see note at top of file |
**fail_fast** | **bool** | This flag is for DAG logic. The DAG logic has a built-in \"fail fast\" feature to stop scheduling new steps, as soon as it detects that one of the DAG nodes is failed. Then it waits until all DAG nodes are completed before failing the DAG itself. The FailFast flag default is true, if set to false, it will allow a DAG to run all branches of the DAG to completion (either success or failure), regardless of the failed outcomes of branches in the DAG. More info and example about this feature at https://github.com/argoproj/argo-workflows/issues/1442 | [optional]
**target** | **str** | Target are one or more names of targets to execute in a DAG | [optional]
**any string name** | **bool, date, datetime, dict, float, int, list, str, none_type** | any string name can be used but the value must be the correct type | [optional]
diff --git a/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1Gauge.md b/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1Gauge.md
index baf27afa4648..0495a66374e1 100644
--- a/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1Gauge.md
+++ b/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1Gauge.md
@@ -6,7 +6,7 @@ Gauge is a Gauge prometheus metric
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**realtime** | **bool** | Realtime emits this metric in real time if applicable |
-**value** | **str** | Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric |
+**value** | **str** | Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric MaxLength is an artificial limit to limit CEL validation costs - see note at top of file |
**operation** | **str** | Operation defines the operation to apply with value and the metrics' current value | [optional]
**any string name** | **bool, date, datetime, dict, float, int, list, str, none_type** | any string name can be used but the value must be the correct type | [optional]
diff --git a/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1Inputs.md b/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1Inputs.md
index eb819f1e4ae2..70f664ce857f 100644
--- a/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1Inputs.md
+++ b/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1Inputs.md
@@ -6,7 +6,7 @@ Inputs are the mechanism for passing parameters, artifacts, volumes from one tem
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**artifacts** | [**[IoArgoprojWorkflowV1alpha1Artifact]**](IoArgoprojWorkflowV1alpha1Artifact.md) | Artifact are a list of artifacts passed as inputs | [optional]
-**parameters** | [**[IoArgoprojWorkflowV1alpha1Parameter]**](IoArgoprojWorkflowV1alpha1Parameter.md) | Parameters are a list of parameters passed as inputs | [optional]
+**parameters** | [**[IoArgoprojWorkflowV1alpha1Parameter]**](IoArgoprojWorkflowV1alpha1Parameter.md) | Parameters are a list of parameters passed as inputs MaxItems is an artificial limit to limit CEL validation costs - see note at top of file | [optional]
**any string name** | **bool, date, datetime, dict, float, int, list, str, none_type** | any string name can be used but the value must be the correct type | [optional]
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
diff --git a/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1Metrics.md b/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1Metrics.md
index 638ff778a47f..e6b3966b31c9 100644
--- a/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1Metrics.md
+++ b/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1Metrics.md
@@ -5,7 +5,7 @@ Metrics are a list of metrics emitted from a Workflow/Template
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
-**prometheus** | [**[IoArgoprojWorkflowV1alpha1Prometheus]**](IoArgoprojWorkflowV1alpha1Prometheus.md) | Prometheus is a list of prometheus metrics to be emitted |
+**prometheus** | [**[IoArgoprojWorkflowV1alpha1Prometheus]**](IoArgoprojWorkflowV1alpha1Prometheus.md) | Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file |
**any string name** | **bool, date, datetime, dict, float, int, list, str, none_type** | any string name can be used but the value must be the correct type | [optional]
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
diff --git a/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1WorkflowSpec.md b/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1WorkflowSpec.md
index 9beb442b2693..6638d914f77b 100644
--- a/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1WorkflowSpec.md
+++ b/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1WorkflowSpec.md
@@ -38,7 +38,7 @@ Name | Type | Description | Notes
**suspend** | **bool** | Suspend will suspend the workflow and prevent execution of any future steps in the workflow | [optional]
**synchronization** | [**IoArgoprojWorkflowV1alpha1Synchronization**](IoArgoprojWorkflowV1alpha1Synchronization.md) | | [optional]
**template_defaults** | [**IoArgoprojWorkflowV1alpha1Template**](IoArgoprojWorkflowV1alpha1Template.md) | | [optional]
-**templates** | [**[IoArgoprojWorkflowV1alpha1Template]**](IoArgoprojWorkflowV1alpha1Template.md) | Templates is a list of workflow templates used in a workflow | [optional]
+**templates** | [**[IoArgoprojWorkflowV1alpha1Template]**](IoArgoprojWorkflowV1alpha1Template.md) | Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file | [optional]
**tolerations** | [**[Toleration]**](Toleration.md) | Tolerations to apply to workflow pods. | [optional]
**ttl_strategy** | [**IoArgoprojWorkflowV1alpha1TTLStrategy**](IoArgoprojWorkflowV1alpha1TTLStrategy.md) | | [optional]
**volume_claim_gc** | [**IoArgoprojWorkflowV1alpha1VolumeClaimGC**](IoArgoprojWorkflowV1alpha1VolumeClaimGC.md) | | [optional]
diff --git a/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1WorkflowStep.md b/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1WorkflowStep.md
index 1385ea840060..beadf7d0fc03 100644
--- a/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1WorkflowStep.md
+++ b/sdks/python/client/docs/IoArgoprojWorkflowV1alpha1WorkflowStep.md
@@ -1,6 +1,6 @@
# IoArgoprojWorkflowV1alpha1WorkflowStep
-WorkflowStep is a reference to a template to execute in a series of step
+WorkflowStep is a reference to a template to execute in a series of step Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
## Properties
Name | Type | Description | Notes
diff --git a/workflow/validate/validate.go b/workflow/validate/validate.go
index bb85a8138028..17a3a0e759a2 100644
--- a/workflow/validate/validate.go
+++ b/workflow/validate/validate.go
@@ -1566,7 +1566,7 @@ func sortDAGTasks(ctx context.Context, tmpl *wfv1.Template, tctx *dagValidationC
var (
// paramRegex matches a parameter. e.g. {{inputs.parameters.blah}}
paramRegex = regexp.MustCompile(`{{[-a-zA-Z0-9]+(\.[-a-zA-Z0-9_]+)*}}`)
- paramOrArtifactNameRegex = regexp.MustCompile(`^[-a-zA-Z0-9_]+[-a-zA-Z0-9_]*$`)
+ paramOrArtifactNameRegex = regexp.MustCompile(`^[-a-zA-Z0-9_]+$`)
workflowFieldNameRegex = regexp.MustCompile("^" + workflowFieldNameFmt + "$")
)