diff --git a/.api-docs-config.yaml b/.api-docs-config.yaml
index 684bdf3a..8df5e2f3 100644
--- a/.api-docs-config.yaml
+++ b/.api-docs-config.yaml
@@ -13,7 +13,7 @@ sources:
- name: network-services-operator
org: datum-cloud
repo: network-services-operator
- version: v0.14.4
+ version: v0.14.5
# Telemetry Services Operator - Observability APIs (ExportPolicy)
- name: telemetry-services-operator
diff --git a/src/content/docs/docs/api/reference.mdx b/src/content/docs/docs/api/reference.mdx
index 625a466f..afd479fa 100644
--- a/src/content/docs/docs/api/reference.mdx
+++ b/src/content/docs/docs/api/reference.mdx
@@ -35,75 +35,421 @@ Package v1alpha1 contains API Schema definitions for the activity v1alpha1 API g
-#### AuditLogFacetsQuerySpec
-AuditLogFacetsQuerySpec defines which facets to retrieve from audit logs.
+#### Activity
+
+
+
+Activity is a human-readable summary of something that happened in your cluster.
+Think of it as the "what changed and who did it" record that powers activity feeds,
+audit trails, and change history views.
+
+Activities are created automatically from audit logs and Kubernetes events based on
+your ActivityPolicy rules. They're read-only - you query them, not create them.
+
+# Accessing Activities
+
+There are three ways to get activity data, depending on what you need:
+
+| What you need | API to use | Notes |
+| --- | --- | --- |
+| Live feed | GET /activities?watch=true | Streams new activities as they happen. List only returns the last hour. |
+| Search history | POST /activityqueries | Query any time range with filters, search, and pagination. |
+| Filter options | POST /activityfacetqueries | Get values for dropdowns (e.g., "which actors have activities?"). |
+
+# Quick Examples
+
+Watch for new activities:
+
+ kubectl get activities --watch
+
+List recent human-initiated changes:
+
+ kubectl get activities --field-selector spec.changeSource=human
+
+For historical queries or advanced filtering, use ActivityQuery instead.
_Appears in:_
-- [AuditLogFacetsQuery](#auditlogfacetsquery)
+- [ActivityList](#activitylist)
+- [ActivityQueryStatus](#activityquerystatus)
+- [PolicyPreviewStatus](#policypreviewstatus)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
-| `timeRange`
_[FacetTimeRange](#facettimerange)_ | TimeRange limits the time window for facet aggregation.
If not specified, defaults to the last 7 days. | | |
-| `filter`
_string_ | Filter narrows the audit logs before computing facets using CEL.
This allows you to get facet values for a subset of audit logs.
Available Fields:
verb - API action: get, list, create, update, patch, delete, watch
user.username - who made the request (user or service account)
user.uid - unique user identifier
responseStatus.code - HTTP response code (200, 201, 404, 500, etc.)
objectRef.namespace - target resource namespace
objectRef.resource - resource type (pods, deployments, secrets, configmaps, etc.)
objectRef.apiGroup - API group of the resource
objectRef.name - specific resource name
Operators: ==, !=, <, >, <=, >=, &&, \|\|, !, in
String Functions: startsWith(), endsWith(), contains()
Examples:
"verb in ['create', 'update', 'delete']" - Facets for write operations only
"!(verb in ['get', 'list', 'watch'])" - Exclude read-only operations
"!user.username.startsWith('system:')" - Exclude system users
"objectRef.namespace == 'production'" - Facets for production namespace | | |
-| `facets`
_[FacetSpec](#facetspec) array_ | Facets specifies which fields to get distinct values for.
Each facet returns the top N values with counts.
Supported fields:
- verb: API action (get, list, create, update, patch, delete, watch)
- user.username: Actor display names
- user.uid: Unique user identifiers
- responseStatus.code: HTTP response codes
- objectRef.namespace: Namespaces
- objectRef.resource: Resource types
- objectRef.apiGroup: API groups | | |
+| `metadata`
_[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
+| `spec`
_[ActivitySpec](#activityspec)_ | | | |
-#### AuditLogFacetsQueryStatus
+#### ActivityActor
-AuditLogFacetsQueryStatus contains the facet results.
+ActivityActor identifies who performed an action.
_Appears in:_
-- [AuditLogFacetsQuery](#auditlogfacetsquery)
+- [ActivitySpec](#activityspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `type`
_string_ | Type indicates the actor category.
Values: "user", "serviceaccount", "controller" | | |
+| `name`
_string_ | Name is the display name for the actor.
For users, this is typically the email address.
For service accounts, this is the full name (e.g., "system:serviceaccount:default:my-sa").
For controllers, this is the controller name. | | |
+| `uid`
_string_ | UID is the unique identifier for the actor.
Stable across username changes. | | |
+| `email`
_string_ | Email is the actor's email address.
Only populated for user actors when available. | | |
+
+
+#### ActivityChange
+
+
+
+ActivityChange represents a field-level change in an update/patch operation.
+
+
+
+_Appears in:_
+- [ActivitySpec](#activityspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `field`
_string_ | Field is the path to the changed field (e.g., "spec.virtualhost.fqdn"). | | |
+| `old`
_string_ | Old is the previous value. May be empty for new fields. | | |
+| `new`
_string_ | New is the new value. May be empty for deleted fields. | | |
+
+
+
+
+#### ActivityFacetQuerySpec
+
+
+
+ActivityFacetQuerySpec defines what you want facet data for.
+
+
+
+_Appears in:_
+- [ActivityFacetQuery](#activityfacetquery)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `timeRange`
_[FacetTimeRange](#facettimerange)_ | TimeRange sets how far back to look. Defaults to the last 7 days if not set.
Use relative times like "now-7d" or absolute timestamps. | | |
+| `filter`
_string_ | Filter lets you narrow down which activities to include before computing facets.
Uses CEL (Common Expression Language) syntax.
This is useful when you want facet values for a specific subset - for example,
"show me actors, but only for human-initiated changes."
Fields you can filter on:
spec.changeSource - "human" or "system"
spec.actor.name - who did it (e.g., "alice@example.com")
spec.actor.type - user, serviceaccount, or controller
spec.resource.kind - what type of resource (Deployment, Pod, etc.)
spec.resource.namespace - which namespace
spec.resource.name - resource name
spec.resource.apiGroup - API group (empty string for core resources)
Example filters:
"spec.changeSource == 'human'" - Only human actions
"spec.resource.kind == 'Deployment'" - Only Deployment changes
"!spec.actor.name.startsWith('system:')" - Exclude system accounts | | |
+| `facets`
_[FacetSpec](#facetspec) array_ | Facets specifies which fields to get distinct values for.
Each facet returns the top N values with counts. | | |
+
+
+#### ActivityFacetQueryStatus
+
+
+
+ActivityFacetQueryStatus contains the facet results.
+
+
+
+_Appears in:_
+- [ActivityFacetQuery](#activityfacetquery)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `facets`
_[FacetResult](#facetresult) array_ | Facets contains the results for each requested facet. | | |
-#### AuditLogQuery
+#### ActivityLink
+
+
+
+ActivityLink represents a clickable reference in an activity summary.
+
+
+
+_Appears in:_
+- [ActivitySpec](#activityspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `marker`
_string_ | Marker is the text substring in the summary that should be linked.
The portal scans the summary for this marker and makes it clickable.
Example: "HTTP proxy api-gateway" | | |
+| `resource`
_[ActivityResource](#activityresource)_ | Resource identifies what the marker links to. | | |
+
+
+
+
+#### ActivityOrigin
+
+
+
+ActivityOrigin identifies the source record for an activity.
+
+
+
+_Appears in:_
+- [ActivitySpec](#activityspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `type`
_string_ | Type indicates the source type.
Values: "audit" (from audit logs), "event" (from Kubernetes events) | | |
+| `id`
_string_ | ID is the correlation ID to the source record.
For audit: the auditID from the audit log entry.
For event: the metadata.uid of the Kubernetes Event. | | |
+
+#### ActivityPolicy
-AuditLogQuery searches your control plane's audit logs.
-Use this to investigate incidents, track resource changes, generate compliance reports,
-or analyze user activity. Results are returned in the Status field, ordered newest-first.
+ActivityPolicy defines translation rules for a specific resource type. Service providers
+create one ActivityPolicy per resource kind to customize activity descriptions without
+modifying the Activity Processor.
-Quick Start:
+Example:
apiVersion: activity.miloapis.com/v1alpha1
- kind: AuditLogQuery
+ kind: ActivityPolicy
metadata:
- name: recent-deletions
+ name: networking-httpproxy
spec:
- startTime: "now-30d" # last 30 days
- endTime: "now"
- filter: "verb == 'delete'" # optional: narrow your search
- limit: 100
-
-Time Formats:
-- Relative: "now-30d" (great for dashboards and recurring queries)
-- Absolute: "2024-01-01T00:00:00Z" (great for historical analysis)
+ resource:
+ apiGroup: networking.datumapis.com
+ kind: HTTPProxy
+ auditRules:
+ - match: "audit.verb == 'create'"
+ summary: "{{ actor }} created {{ link(kind + ' ' + audit.objectRef.name, audit.responseObject) }}"
+ eventRules:
+ - match: "event.reason == 'Programmed'"
+ summary: "{{ link(kind + ' ' + event.regarding.name, event.regarding) }} is now programmed"
_Appears in:_
-- [AuditLogQueryList](#auditlogquerylist)
+- [ActivityPolicyList](#activitypolicylist)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `metadata`
_[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
-| `spec`
_[AuditLogQuerySpec](#auditlogqueryspec)_ | | | |
-| `status`
_[AuditLogQueryStatus](#auditlogquerystatus)_ | | | |
+| `spec`
_[ActivityPolicySpec](#activitypolicyspec)_ | | | |
+| `status`
_[ActivityPolicyStatus](#activitypolicystatus)_ | | | |
+
+
+
+
+#### ActivityPolicyResource
+
+
+
+ActivityPolicyResource identifies the target Kubernetes resource for a policy.
+
+
+
+_Appears in:_
+- [ActivityPolicySpec](#activitypolicyspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `apiGroup`
_string_ | APIGroup is the API group of the target resource (e.g., "networking.datumapis.com").
Use an empty string for core API group resources. | | |
+| `kind`
_string_ | Kind is the kind of the target resource (e.g., "HTTPProxy", "Network"). | | |
+
+
+#### ActivityPolicyRule
+
+
+
+ActivityPolicyRule defines a single translation rule that matches input events
+and generates human-readable activity summaries.
+
+
+
+_Appears in:_
+- [ActivityPolicySpec](#activitypolicyspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `match`
_string_ | Match is a CEL expression that determines if this rule applies to the input.
For audit rules, use the `audit` variable (e.g., "audit.verb == 'create'").
For event rules, use the `event` variable (e.g., "event.reason == 'Programmed'").
Examples:
"audit.verb == 'create'"
"audit.verb in ['update', 'patch']"
"event.reason.startsWith('Failed')"
"true" (fallback rule that always matches) | | |
+| `summary`
_string_ | Summary is a CEL template for generating the activity summary.
Use \{\{ \}\} delimiters to embed CEL expressions within strings.
Available variables:
- audit/event: The full input object
- actor: Resolved display name for the actor
Available functions:
- link(displayText, resourceRef): Creates a clickable reference
Examples:
"\{\{ actor \}\} created \{\{ link(kind + ' ' + audit.objectRef.name, audit.responseObject) \}\}"
"\{\{ link(kind + ' ' + event.regarding.name, event.regarding) \}\} is now programmed" | | |
+
+
+#### ActivityPolicySpec
+
+
+
+ActivityPolicySpec defines the translation rules for a resource type.
+
+
+
+_Appears in:_
+- [ActivityPolicy](#activitypolicy)
+- [PolicyPreviewSpec](#policypreviewspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `resource`
_[ActivityPolicyResource](#activitypolicyresource)_ | Resource identifies the Kubernetes resource this policy applies to.
One ActivityPolicy should exist per resource kind. | | |
+| `auditRules`
_[ActivityPolicyRule](#activitypolicyrule) array_ | AuditRules define how to translate audit log entries into activity summaries.
Rules are evaluated in order; the first matching rule wins.
The `audit` variable contains the full Kubernetes audit event structure.
Convenience variables available: actor | | |
+| `eventRules`
_[ActivityPolicyRule](#activitypolicyrule) array_ | EventRules define how to translate Kubernetes events into activity summaries.
Rules are evaluated in order; the first matching rule wins.
The `event` variable contains the full Kubernetes Event structure.
Convenience variables available: actor | | |
+
+
+#### ActivityPolicyStatus
+
+
+
+ActivityPolicyStatus represents the current state of an ActivityPolicy.
+
+
+
+_Appears in:_
+- [ActivityPolicy](#activitypolicy)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `conditions`
_[Condition](https://kubernetes.io/docs/reference/generated/kubernetes-api/v/#condition-v1-meta) array_ | Conditions represent the current state of the policy.
The "Ready" condition indicates whether all rules compile successfully. | | |
+| `observedGeneration`
_integer_ | ObservedGeneration is the generation last processed by the controller. | | |
+
+
+
+
+#### ActivityQuerySpec
+
+
+
+ActivityQuerySpec defines the search parameters for activities.
+
+Required: startTime and endTime define your search window.
+Optional: filter (CEL expression), namespace, changeSource, search, limit, continue.
+
+
+
+_Appears in:_
+- [ActivityQuery](#activityquery)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `startTime`
_string_ | StartTime is the beginning of your search window (inclusive).
Format Options:
- Relative: "now-7d", "now-2h", "now-30m" (units: s, m, h, d, w)
- Absolute: "2024-01-01T00:00:00Z" (RFC3339 with timezone) | | |
+| `endTime`
_string_ | EndTime is the end of your search window (exclusive).
Uses the same formats as StartTime. Commonly "now" for current moment.
Must be greater than StartTime. | | |
+| `namespace`
_string_ | Namespace filters activities to a specific namespace.
Leave empty for cluster-wide results. | | |
+| `changeSource`
_string_ | ChangeSource filters by who initiated the change.
Values:
- "human": User actions via kubectl, API, or UI
- "system": Controller reconciliation, operator actions
Leave empty for both. | | |
+| `search`
_string_ | Search performs full-text search on activity summaries.
Example: "created deployment" matches activities with those words in the summary. | | |
+| `filter`
_string_ | Filter narrows results using CEL (Common Expression Language).
Available Fields:
spec.changeSource - "human" or "system"
spec.actor.name - who performed the action
spec.actor.type - "user", "serviceaccount", "controller"
spec.actor.uid - actor's unique identifier
spec.resource.apiGroup - resource API group (empty for core)
spec.resource.kind - resource kind (Deployment, Pod, etc.)
spec.resource.name - resource name
spec.resource.namespace - resource namespace
spec.resource.uid - resource UID
spec.summary - activity summary text
spec.origin.type - "audit" or "event"
metadata.namespace - activity namespace
Operators: ==, !=, &&, \|\|, !, in
String Functions: startsWith(), endsWith(), contains()
Examples:
"spec.changeSource == 'human'"
"spec.resource.kind == 'Deployment'"
"spec.actor.name.contains('admin')"
"spec.resource.kind in ['Deployment', 'StatefulSet']" | | |
+| `resourceKind`
_string_ | ResourceKind filters by the kind of resource affected.
Examples: "Deployment", "Pod", "ConfigMap", "HTTPProxy" | | |
+| `resourceUID`
_string_ | ResourceUID filters activities for a specific resource by UID.
Use this to get the full history of changes to a single resource. | | |
+| `apiGroup`
_string_ | APIGroup filters by the API group of affected resources.
Examples: "apps", "projectcontour.io", "" (empty for core API) | | |
+| `actorName`
_string_ | ActorName filters by who performed the action.
Examples: "alice@example.com", "system:serviceaccount:default:my-sa" | | |
+| `limit`
_integer_ | Limit sets the maximum number of results per page.
Default: 100, Maximum: 1000. | | |
+| `continue`
_string_ | Continue is the pagination cursor for fetching additional pages.
Leave empty for the first page. Copy status.continue here to get the next page.
Keep all other parameters identical across paginated requests. | | |
+
+
+#### ActivityQueryStatus
+
+
+
+ActivityQueryStatus contains the query results and pagination state.
+
+
+
+_Appears in:_
+- [ActivityQuery](#activityquery)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `results`
_[Activity](#activity) array_ | Results contains matching activities, sorted newest-first. | | |
+| `continue`
_string_ | Continue is the pagination cursor.
Non-empty means more results are available. | | |
+| `effectiveStartTime`
_string_ | EffectiveStartTime is the actual start time used (RFC3339 format).
Shows the resolved timestamp when relative times are used. | | |
+| `effectiveEndTime`
_string_ | EffectiveEndTime is the actual end time used (RFC3339 format).
Shows the resolved timestamp when relative times are used. | | |
+
+
+#### ActivityResource
+
+
+
+ActivityResource identifies the Kubernetes resource affected by an activity.
+
+
+
+_Appears in:_
+- [ActivityLink](#activitylink)
+- [ActivitySpec](#activityspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `apiGroup`
_string_ | APIGroup is the API group of the resource.
Empty string for core API group. | | |
+| `apiVersion`
_string_ | APIVersion is the API version of the resource. | | |
+| `kind`
_string_ | Kind is the kind of the resource. | | |
+| `name`
_string_ | Name is the name of the resource. | | |
+| `namespace`
_string_ | Namespace is the namespace of the resource.
Empty for cluster-scoped resources. | | |
+| `uid`
_string_ | UID is the unique identifier of the resource. | | |
+
+
+#### ActivitySpec
+
+
+
+ActivitySpec contains the translated activity details.
+
+
+
+_Appears in:_
+- [Activity](#activity)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `summary`
_string_ | Summary is the human-readable description of what happened.
Generated from ActivityPolicy templates.
Example: "alice created HTTP proxy api-gateway" | | |
+| `changeSource`
_string_ | ChangeSource indicates who initiated the change.
Used to filter human actions from system reconciliation noise.
Values:
- "human": User action via kubectl, API, or UI
- "system": Controller reconciliation, operator actions, scheduled jobs | | |
+| `actor`
_[ActivityActor](#activityactor)_ | Actor identifies who performed the action. | | |
+| `resource`
_[ActivityResource](#activityresource)_ | Resource identifies the Kubernetes resource that was affected. | | |
+| `links`
_[ActivityLink](#activitylink) array_ | Links contains clickable references found in the summary.
The portal uses these to make resource names in the summary clickable. | | |
+| `tenant`
_[ActivityTenant](#activitytenant)_ | Tenant identifies the scope for multi-tenant isolation. | | |
+| `changes`
_[ActivityChange](#activitychange) array_ | Changes contains field-level changes for update/patch operations.
Shows old and new values for modified fields.
NOTE: This field may be empty in the initial implementation.
Populating old values requires resource history lookups. | | |
+| `origin`
_[ActivityOrigin](#activityorigin)_ | Origin identifies the source record for correlation. | | |
+
+
+#### ActivityTenant
+
+
+
+ActivityTenant identifies the scope for multi-tenant isolation.
+
+
+
+_Appears in:_
+- [ActivitySpec](#activityspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `type`
_string_ | Type is the scope level.
Values: "global", "organization", "project", "user" | | |
+| `name`
_string_ | Name is the tenant identifier within the scope type. | | |
+
+
+
+
+#### AuditLogFacetsQuerySpec
+
+
+
+AuditLogFacetsQuerySpec defines which facets to retrieve from audit logs.
+
+
+
+_Appears in:_
+- [AuditLogFacetsQuery](#auditlogfacetsquery)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `timeRange`
_[FacetTimeRange](#facettimerange)_ | TimeRange limits the time window for facet aggregation.
If not specified, defaults to the last 7 days. | | |
+| `filter`
_string_ | Filter narrows the audit logs before computing facets using CEL.
This allows you to get facet values for a subset of audit logs.
Available Fields:
verb - API action: get, list, create, update, patch, delete, watch
user.username - who made the request (user or service account)
user.uid - unique user identifier
responseStatus.code - HTTP response code (200, 201, 404, 500, etc.)
objectRef.namespace - target resource namespace
objectRef.resource - resource type (pods, deployments, secrets, configmaps, etc.)
objectRef.apiGroup - API group of the resource
objectRef.name - specific resource name
Operators: ==, !=, <, >, <=, >=, &&, \|\|, !, in
String Functions: startsWith(), endsWith(), contains()
Examples:
"verb in ['create', 'update', 'delete']" - Facets for write operations only
"!(verb in ['get', 'list', 'watch'])" - Exclude read-only operations
"!user.username.startsWith('system:')" - Exclude system users
"objectRef.namespace == 'production'" - Facets for production namespace | | |
+| `facets`
_[FacetSpec](#facetspec) array_ | Facets specifies which fields to get distinct values for.
Each facet returns the top N values with counts.
Supported fields:
- verb: API action (get, list, create, update, patch, delete, watch)
- user.username: Actor display names
- user.uid: Unique user identifiers
- responseStatus.code: HTTP response codes
- objectRef.namespace: Namespaces
- objectRef.resource: Resource types
- objectRef.apiGroup: API groups | | |
+
+
+#### AuditLogFacetsQueryStatus
+
+
+
+AuditLogFacetsQueryStatus contains the facet results.
+
+
+
+_Appears in:_
+- [AuditLogFacetsQuery](#auditlogfacetsquery)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `facets`
_[FacetResult](#facetresult) array_ | Facets contains the results for each requested facet. | | |
@@ -163,6 +509,7 @@ FacetResult contains the distinct values for a single facet.
_Appears in:_
+- [ActivityFacetQueryStatus](#activityfacetquerystatus)
- [AuditLogFacetsQueryStatus](#auditlogfacetsquerystatus)
| Field | Description | Default | Validation |
@@ -180,6 +527,7 @@ FacetSpec defines a single facet to retrieve.
_Appears in:_
+- [ActivityFacetQuerySpec](#activityfacetqueryspec)
- [AuditLogFacetsQuerySpec](#auditlogfacetsqueryspec)
| Field | Description | Default | Validation |
@@ -197,6 +545,7 @@ FacetTimeRange specifies the time window for facet queries.
_Appears in:_
+- [ActivityFacetQuerySpec](#activityfacetqueryspec)
- [AuditLogFacetsQuerySpec](#auditlogfacetsqueryspec)
| Field | Description | Default | Validation |
@@ -223,6 +572,81 @@ _Appears in:_
+
+#### PolicyPreviewInput
+
+
+
+PolicyPreviewInput contains the sample input for policy testing.
+
+
+
+_Appears in:_
+- [PolicyPreviewSpec](#policypreviewspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `type`
_string_ | Type indicates whether this is an audit log or event input.
Values: "audit", "event" | | |
+| `audit`
_[Event](#event)_ | Audit contains a sample audit log entry.
Required when Type is "audit". | | |
+| `event`
_[RawExtension](https://kubernetes.io/docs/reference/generated/kubernetes-api/v/#rawextension-runtime-pkg)_ | Event contains a sample Kubernetes event.
Required when Type is "event".
Uses RawExtension to allow flexible event structure. | | |
+
+
+#### PolicyPreviewInputResult
+
+
+
+PolicyPreviewInputResult contains the result for a single input.
+
+
+
+_Appears in:_
+- [PolicyPreviewStatus](#policypreviewstatus)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `inputIndex`
_integer_ | InputIndex is the index of this input in spec.inputs (0-based). | | |
+| `matched`
_boolean_ | Matched indicates whether any rule matched this input. | | |
+| `matchedRuleIndex`
_integer_ | MatchedRuleIndex is the index of the rule that matched (0-based).
-1 if no rule matched. | | |
+| `matchedRuleType`
_string_ | MatchedRuleType indicates whether the matched rule was an audit or event rule.
Empty if no rule matched. | | |
+| `error`
_string_ | Error contains any error message if evaluating this input failed.
This could be a CEL compilation error or evaluation error. | | |
+
+
+#### PolicyPreviewSpec
+
+
+
+PolicyPreviewSpec defines the policy and inputs to test.
+
+
+
+_Appears in:_
+- [PolicyPreview](#policypreview)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `policy`
_[ActivityPolicySpec](#activitypolicyspec)_ | Policy is the ActivityPolicy spec to test.
You can use the full spec from an existing policy or create a new one. | | |
+| `inputs`
_[PolicyPreviewInput](#policypreviewinput) array_ | Inputs contains sample audit logs and/or events to test against the policy.
Each input is evaluated independently and produces an Activity if a rule matches.
You can mix audit logs and events in the same request. | | |
+
+
+#### PolicyPreviewStatus
+
+
+
+PolicyPreviewStatus contains the preview results.
+
+
+
+_Appears in:_
+- [PolicyPreview](#policypreview)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `activities`
_[Activity](#activity) array_ | Activities contains the rendered Activity objects for inputs that matched a rule.
The order corresponds to the order of matched inputs (not necessarily the input order).
Inputs that don't match any rule are not included here. | | |
+| `results`
_[PolicyPreviewInputResult](#policypreviewinputresult) array_ | Results contains detailed results for each input, in the same order as spec.inputs.
Use this to see which inputs matched and any errors that occurred. | | |
+| `error`
_string_ | Error contains a general error message if the preview failed entirely.
Individual input errors are reported in results[].error. | | |
+
+
+
## crm.miloapis.com/v1alpha1