Context Variable Name does not appear to be Recognized

So the UI keeps giving me this error:

ServerError: Variable currentMappingHostValues is not defined in the context

When the context has the variable name defined... it doesn't seem to be interpreting it correctly.

With a policy like:

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: require-unique-mapping-host-name
spec:
  background: false
  validationFailureAction: Enforce
  rules:
  - name: require-unique-mapping-host-name
    match:
      any:
      - resources:
          kinds:
          - Mapping
    context:
      - name: currentMappingHostValues
        apiCall:
          urlPath: "/apis/getambassador.io/v2/mappings"
          # Gets host values of all mappings
          jmesPath: items[].spec.{host:host,prefix:prefix}.values(@) | [*].join('',[])
    preconditions:
      all:
      - key: "{{ request.operation || 'BACKGROUND' }}"
        operator: NotEquals
        value: DELETE
    validate:
      message: "Only unique hostnames are allowed"
      deny:
        conditions:
        # this checks for any existing mapped hosts that match
          all:
          - key: "{{ request.object.spec.host }}{{ request.object.spec.prefix }}"
            operator: AnyIn
            value: "{{ currentMappingHostValues}}"

And a resource like:

apiVersion: getambassador.io/v2
kind: Mapping
metadata:
  name: anchore-tst
  namespace: anchore
spec:
  allow_upgrade:
  - websocket
  bypass_auth: true
  host: anchore.appz.abc.com
  merge_slashes: true
  prefix: /
  service: anchore-anchore-engine-enterprise-ui:80

And a generic ambassador mappings CRD like:

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.6.2
    meta.helm.sh/release-name: emissary-ingress-crds
    meta.helm.sh/release-namespace: default
  generation: 3
  labels:
    app.kubernetes.io/instance: emissary-apiext
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: emissary-apiext
    app.kubernetes.io/part-of: emissary-apiext
  name: mappings.getambassador.io
spec:
  group: getambassador.io
  names:
    categories:
    - ambassador-crds
    kind: Mapping
    listKind: MappingList
    plural: mappings
    singular: mapping
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - jsonPath: .spec.host
      name: Source Host
      type: string
    - jsonPath: .spec.prefix
      name: Source Prefix
      type: string
    - jsonPath: .spec.service
      name: Dest Service
      type: string
    - jsonPath: .status.state
      name: State
      type: string
    - jsonPath: .status.reason
      name: Reason
      type: string
    name: v2
    schema:
      openAPIV3Schema:
        description: Mapping is the Schema for the mappings API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: MappingSpec defines the desired state of Mapping
            properties:
              add_linkerd_headers:
                type: boolean
              add_request_headers:
                type: object
                x-kubernetes-preserve-unknown-fields: true
              add_response_headers:
                type: object
                x-kubernetes-preserve-unknown-fields: true
              allow_upgrade:
                description: "A case-insensitive list of the non-HTTP protocols to
                  allow \"upgrading\" to from HTTP via the \"Connection: upgrade\"
                  mechanism[1].  After the upgrade, Ambassador does not interpret
                  the traffic, and behaves similarly to how it does for TCPMappings.
                  \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example,
                  if your upstream service supports WebSockets, you would write \n
                  \   allow_upgrade:    - websocket \n Or if your upstream service
                  supports upgrading from HTTP to SPDY (as the Kubernetes apiserver
                  does for `kubectl exec` functionality), you would write \n    allow_upgrade:
                  \   - spdy/3.1"
                items:
                  type: string
                type: array
              auth_context_extensions:
                additionalProperties:
                  type: string
                type: object
              auto_host_rewrite:
                type: boolean
              bypass_auth:
                type: boolean
              bypass_error_response_overrides:
                description: If true, bypasses any `error_response_overrides` set
                  on the Ambassador module.
                type: boolean
              case_sensitive:
                type: boolean
              circuit_breakers:
                items:
                  properties:
                    max_connections:
                      type: integer
                    max_pending_requests:
                      type: integer
                    max_requests:
                      type: integer
                    max_retries:
                      type: integer
                    priority:
                      enum:
                      - default
                      - high
                      type: string
                  type: object
                type: array
              cluster_idle_timeout_ms:
                type: integer
              cluster_max_connection_lifetime_ms:
                type: integer
              cluster_tag:
                type: string
              connect_timeout_ms:
                type: integer
              cors:
                properties:
                  credentials:
                    type: boolean
                  max_age:
                    type: string
                type: object
                x-kubernetes-preserve-unknown-fields: true
              dns_type:
                type: string
              docs:
                description: DocsInfo provides some extra information about the docs
                  for the Mapping (used by the Dev Portal)
                properties:
                  display_name:
                    type: string
                  ignored:
                    type: boolean
                  path:
                    type: string
                  timeout_ms:
                    type: integer
                  url:
                    type: string
                type: object
              enable_ipv4:
                type: boolean
              enable_ipv6:
                type: boolean
              envoy_override:
                description: UntypedDict is relatively opaque as a Go type, but it
                  preserves its contents in a roundtrippable way.
                type: object
                x-kubernetes-preserve-unknown-fields: true
              error_response_overrides:
                description: Error response overrides for this Mapping. Replaces all
                  of the `error_response_overrides` set on the Ambassador module,
                  if any.
                items:
                  description: A response rewrite for an HTTP error response
                  properties:
                    body:
                      description: The new response body
                      properties:
                        content_type:
                          description: The content type to set on the error response
                            body when using text_format or text_format_source. Defaults
                            to 'text/plain'.
                          type: string
                        json_format:
                          additionalProperties:
                            type: string
                          description: 'A JSON response with content-type: application/json.
                            The values can contain format text like in text_format.'
                          type: object
                        text_format:
                          description: A format string representing a text response
                            body. Content-Type can be set using the `content_type`
                            field below.
                          type: string
                        text_format_source:
                          description: A format string sourced from a file on the
                            Ambassador container. Useful for larger response bodies
                            that should not be placed inline in configuration.
                          properties:
                            filename:
                              description: The name of a file on the Ambassador pod
                                that contains a format text string.
                              type: string
                          type: object
                      type: object
                    on_status_code:
                      description: The status code to match on -- not a pointer because
                        it's required.
                      maximum: 599
                      minimum: 400
                      type: integer
                  required:
                  - body
                  - on_status_code
                  type: object
                minItems: 1
                type: array
              grpc:
                type: boolean
              headers:
                type: object
                x-kubernetes-preserve-unknown-fields: true
              host:
                type: string
              host_redirect:
                type: boolean
              host_regex:
                type: boolean
              host_rewrite:
                type: string
              idle_timeout_ms:
                type: integer
              keepalive:
                properties:
                  idle_time:
                    type: integer
                  interval:
                    type: integer
                  probes:
                    type: integer
                type: object
              labels:
                additionalProperties:
                  description: A MappingLabelGroupsArray is an array of MappingLabelGroups.
                    I know, complex.
                  items:
                    description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray:
                      a second map, where the key is a human-readable name that identifies
                      the group.'
                    maxProperties: 1
                    minProperties: 1
                    type: object
                    x-kubernetes-preserve-unknown-fields: true
                  type: array
                description: A DomainMap is the overall Mapping.spec.Labels type.
                  It maps domains (kind of like namespaces for Mapping labels) to
                  arrays of label groups.
                type: object
              load_balancer:
                properties:
                  cookie:
                    properties:
                      name:
                        type: string
                      path:
                        type: string
                      ttl:
                        type: string
                    required:
                    - name
                    type: object
                  header:
                    type: string
                  policy:
                    enum:
                    - round_robin
                    - ring_hash
                    - maglev
                    - least_request
                    type: string
                  source_ip:
                    type: boolean
                required:
                - policy
                type: object
              method:
                type: string
              method_regex:
                type: boolean
              modules:
                items:
                  description: UntypedDict is relatively opaque as a Go type, but
                    it preserves its contents in a roundtrippable way.
                  type: object
                  x-kubernetes-preserve-unknown-fields: true
                type: array
              outlier_detection:
                type: string
              path_redirect:
                description: Path replacement to use when generating an HTTP redirect.
                  Used with `host_redirect`.
                type: string
              precedence:
                type: integer
              prefix:
                type: string
              prefix_exact:
                type: boolean
              prefix_redirect:
                description: Prefix rewrite to use when generating an HTTP redirect.
                  Used with `host_redirect`.
                type: string
              prefix_regex:
                type: boolean
              priority:
                type: string
              query_parameters:
                type: object
                x-kubernetes-preserve-unknown-fields: true
              redirect_response_code:
                description: The response code to use when generating an HTTP redirect.
                  Defaults to 301. Used with `host_redirect`.
                enum:
                - 301
                - 302
                - 303
                - 307
                - 308
                type: integer
              regex_headers:
                additionalProperties:
                  type: string
                type: object
              regex_query_parameters:
                additionalProperties:
                  type: string
                type: object
              regex_redirect:
                description: Prefix regex rewrite to use when generating an HTTP redirect.
                  Used with `host_redirect`.
                properties:
                  pattern:
                    type: string
                  substitution:
                    type: string
                type: object
              regex_rewrite:
                properties:
                  pattern:
                    type: string
                  substitution:
                    type: string
                type: object
              resolver:
                type: string
              respect_dns_ttl:
                type: boolean
              retry_policy:
                properties:
                  num_retries:
                    type: integer
                  per_try_timeout:
                    type: string
                  retry_on:
                    enum:
                    - 5xx
                    - gateway-error
                    - connect-failure
                    - retriable-4xx
                    - refused-stream
                    - retriable-status-codes
                    type: string
                type: object
              rewrite:
                type: string
              service:
                type: string
              shadow:
                type: boolean
              timeout_ms:
                description: The timeout for requests that use this Mapping. Overrides
                  `cluster_request_timeout_ms` set on the Ambassador Module, if it
                  exists.
                type: integer
              use_websocket:
                description: 'use_websocket is deprecated, and is equivlaent to setting
                  `allow_upgrade: ["websocket"]`'
                type: boolean
              v3StatsName:
                type: string
              weight:
                type: integer
            required:
            - prefix
            - service
            type: object
            x-kubernetes-preserve-unknown-fields: true
          status:
            description: MappingStatus defines the observed state of Mapping
            properties:
              reason:
                type: string
              state:
                enum:
                - ""
                - Inactive
                - Running
                type: string
            type: object
        type: object
    served: true
    storage: true
    subresources:
      status: {}
  - additionalPrinterColumns:
    - jsonPath: .spec.host
      name: Source Host
      type: string
    - jsonPath: .spec.prefix
      name: Source Prefix
      type: string
    - jsonPath: .spec.service
      name: Dest Service
      type: string
    - jsonPath: .status.state
      name: State
      type: string
    - jsonPath: .status.reason
      name: Reason
      type: string
    name: v3alpha1
    schema:
      openAPIV3Schema:
        description: Mapping is the Schema for the mappings API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: MappingSpec defines the desired state of Mapping
            properties:
              add_linkerd_headers:
                type: boolean
              add_request_headers:
                additionalProperties:
                  properties:
                    append:
                      type: boolean
                    v2Representation:
                      enum:
                      - ""
                      - string
                      - "null"
                      type: string
                    value:
                      type: string
                  type: object
                type: object
              add_response_headers:
                additionalProperties:
                  properties:
                    append:
                      type: boolean
                    v2Representation:
                      enum:
                      - ""
                      - string
                      - "null"
                      type: string
                    value:
                      type: string
                  type: object
                type: object
              allow_upgrade:
                description: "A case-insensitive list of the non-HTTP protocols to
                  allow \"upgrading\" to from HTTP via the \"Connection: upgrade\"
                  mechanism[1].  After the upgrade, Ambassador does not interpret
                  the traffic, and behaves similarly to how it does for TCPMappings.
                  \n [1]: https://tools.ietf.org/html/rfc7230#section-6.7 \n For example,
                  if your upstream service supports WebSockets, you would write \n
                  \   allow_upgrade:    - websocket \n Or if your upstream service
                  supports upgrading from HTTP to SPDY (as the Kubernetes apiserver
                  does for `kubectl exec` functionality), you would write \n    allow_upgrade:
                  \   - spdy/3.1"
                items:
                  type: string
                type: array
              ambassador_id:
                description: "AmbassadorID declares which Ambassador instances should
                  pay attention to this resource. If no value is provided, the default
                  is: \n    ambassador_id:    - \"default\" \n TODO(lukeshu): In v3alpha2,
                  consider renaming all of the `ambassador_id` (singular) fields to
                  `ambassador_ids` (plural)."
                items:
                  type: string
                type: array
              auth_context_extensions:
                additionalProperties:
                  type: string
                type: object
              auto_host_rewrite:
                type: boolean
              bypass_auth:
                type: boolean
              bypass_error_response_overrides:
                description: If true, bypasses any `error_response_overrides` set
                  on the Ambassador module.
                type: boolean
              case_sensitive:
                type: boolean
              circuit_breakers:
                items:
                  properties:
                    max_connections:
                      type: integer
                    max_pending_requests:
                      type: integer
                    max_requests:
                      type: integer
                    max_retries:
                      type: integer
                    priority:
                      enum:
                      - default
                      - high
                      type: string
                  type: object
                type: array
              cluster_idle_timeout_ms:
                description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration`
                  fields to `{foo}`/`metav1.Duration`.'
                type: integer
              cluster_max_connection_lifetime_ms:
                description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration`
                  fields to `{foo}`/`metav1.Duration`.'
                type: integer
              cluster_tag:
                type: string
              connect_timeout_ms:
                description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration`
                  fields to `{foo}`/`metav1.Duration`.'
                type: integer
              cors:
                properties:
                  credentials:
                    type: boolean
                  exposed_headers:
                    items:
                      type: string
                    type: array
                  headers:
                    items:
                      type: string
                    type: array
                  max_age:
                    type: string
                  methods:
                    items:
                      type: string
                    type: array
                  origins:
                    items:
                      type: string
                    type: array
                  v2CommaSeparatedOrigins:
                    type: boolean
                type: object
              dns_type:
                type: string
              docs:
                description: DocsInfo provides some extra information about the docs
                  for the Mapping. Docs is used by both the agent and the DevPortal.
                properties:
                  display_name:
                    type: string
                  ignored:
                    type: boolean
                  path:
                    type: string
                  timeout_ms:
                    description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration`
                      fields to `{foo}`/`metav1.Duration`.'
                    type: integer
                  url:
                    type: string
                type: object
              enable_ipv4:
                type: boolean
              enable_ipv6:
                type: boolean
              envoy_override:
                description: UntypedDict is relatively opaque as a Go type, but it
                  preserves its contents in a roundtrippable way.
                type: object
                x-kubernetes-preserve-unknown-fields: true
              error_response_overrides:
                description: Error response overrides for this Mapping. Replaces all
                  of the `error_response_overrides` set on the Ambassador module,
                  if any.
                items:
                  description: A response rewrite for an HTTP error response
                  properties:
                    body:
                      description: The new response body
                      properties:
                        content_type:
                          description: The content type to set on the error response
                            body when using text_format or text_format_source. Defaults
                            to 'text/plain'.
                          type: string
                        json_format:
                          additionalProperties:
                            type: string
                          description: 'A JSON response with content-type: application/json.
                            The values can contain format text like in text_format.'
                          type: object
                        text_format:
                          description: A format string representing a text response
                            body. Content-Type can be set using the `content_type`
                            field below.
                          type: string
                        text_format_source:
                          description: A format string sourced from a file on the
                            Ambassador container. Useful for larger response bodies
                            that should not be placed inline in configuration.
                          properties:
                            filename:
                              description: The name of a file on the Ambassador pod
                                that contains a format text string.
                              type: string
                          type: object
                      type: object
                    on_status_code:
                      description: The status code to match on -- not a pointer because
                        it's required.
                      maximum: 599
                      minimum: 400
                      type: integer
                  required:
                  - body
                  - on_status_code
                  type: object
                minItems: 1
                type: array
              grpc:
                type: boolean
              headers:
                additionalProperties:
                  type: string
                type: object
              host:
                description: "Exact match for the hostname of a request if HostRegex
                  is false; regex match for the hostname if HostRegex is true. \n
                  Host specifies both a match for the ':authority' header of a request,
                  as well as a match criterion for Host CRDs: a Mapping that specifies
                  Host will not associate with a Host that doesn't have a matching
                  Hostname. \n If both Host and Hostname are set, an error is logged,
                  Host is ignored, and Hostname is used. \n DEPRECATED: Host is either
                  an exact match or a regex, depending on HostRegex. Use HostName
                  instead. \n TODO(lukeshu): In v3alpha2, get rid of MappingSpec.host
                  and MappingSpec.host_regex in favor of a MappingSpec.deprecated_hostname_regex."
                type: string
              host_redirect:
                type: boolean
              host_regex:
                description: "DEPRECATED: Host is either an exact match or a regex,
                  depending on HostRegex. Use HostName instead. \n TODO(lukeshu):
                  In v3alpha2, get rid of MappingSpec.host and MappingSpec.host_regex
                  in favor of a MappingSpec.deprecated_hostname_regex."
                type: boolean
              host_rewrite:
                type: string
              hostname:
                description: "Hostname is a DNS glob specifying the hosts to which
                  this Mapping applies. \n Hostname specifies both a match for the
                  ':authority' header of a request, as well as a match criterion for
                  Host CRDs: a Mapping that specifies Hostname will not associate
                  with a Host that doesn't have a matching Hostname. \n If both Host
                  and Hostname are set, an error is logged, Host is ignored, and Hostname
                  is used."
                type: string
              idle_timeout_ms:
                description: 'TODO(lukeshu): In v3alpha2, change all of the `{foo}_ms`/`MillisecondDuration`
                  fields to `{foo}`/`metav1.Duration`.'
                type: integer
              keepalive:
                properties:
                  idle_time:
                    type: integer
                  interval:
                    type: integer
                  probes:
                    type: integer
                type: object
              labels:
                additionalProperties:
                  description: A MappingLabelGroupsArray is an array of MappingLabelGroups.
                    I know, complex.
                  items:
                    additionalProperties:
                      description: 'A MappingLabelsArray is the value in the MappingLabelGroup:
                        an array of label specifiers.'
                      items:
                        description: "A MappingLabelSpecifier (finally!) defines a
                          single label. \n This mimics envoy/config/route/v3/route_components.proto:RateLimit:Action:action_specifier."
                        maxProperties: 1
                        minProperties: 1
                        properties:
                          destination_cluster:
                            description: Sets the label "destination_cluster=«Envoy
                              destination cluster name»".
                            properties:
                              key:
                                enum:
                                - destination_cluster
                                type: string
                            required:
                            - key
                            type: object
                          generic_key:
                            description: Sets the label "«key»=«value»" (where by
                              default «key» is "generic_key").
                            properties:
                              key:
                                description: The default is "generic_key".
                                type: string
                              v2Shorthand:
                                type: boolean
                              value:
                                type: string
                            required:
                            - value
                            type: object
                          remote_address:
                            description: Sets the label "remote_address=«IP address
                              of the client»".
                            properties:
                              key:
                                enum:
                                - remote_address
                                type: string
                            required:
                            - key
                            type: object
                          request_headers:
                            description: If the «header_name» header is set, then
                              set the label "«key»=«Value of the «header_name» header»";
                              otherwise skip applying this label group.
                            properties:
                              header_name:
                                type: string
                              key:
                                type: string
                              omit_if_not_present:
                                type: boolean
                            required:
                            - header_name
                            - key
                            type: object
                          source_cluster:
                            description: Sets the label "source_cluster=«Envoy source
                              cluster name»".
                            properties:
                              key:
                                enum:
                                - source_cluster
                                type: string
                            required:
                            - key
                            type: object
                        type: object
                      type: array
                    description: 'A MappingLabelGroup is a single element of a MappingLabelGroupsArray:
                      a second map, where the key is a human-readable name that identifies
                      the group.'
                    maxProperties: 1
                    minProperties: 1
                    type: object
                  type: array
                description: A DomainMap is the overall Mapping.spec.Labels type.
                  It maps domains (kind of like namespaces for Mapping labels) to
                  arrays of label groups.
                type: object
              load_balancer:
                properties:
                  cookie:
                    properties:
                      name:
                        type: string
                      path:
                        type: string
                      ttl:
                        type: string
                    required:
                    - name
                    type: object
                  header:
                    type: string
                  policy:
                    enum:
                    - round_robin
                    - ring_hash
                    - maglev
                    - least_request
                    type: string
                  source_ip:
                    type: boolean
                required:
                - policy
                type: object
              method:
                type: string
              method_regex:
                type: boolean
              modules:
                items:
                  description: UntypedDict is relatively opaque as a Go type, but
                    it preserves its contents in a roundtrippable way.
                  type: object
                  x-kubernetes-preserve-unknown-fields: true
                type: array
              outlier_detection:
                type: string
              path_redirect:
                description: Path replacement to use when generating an HTTP redirect.
                  Used with `host_redirect`.
                type: string
              precedence:
                type: integer
              prefix:
                type: string
              prefix_exact:
                type: boolean
              prefix_redirect:
                description: Prefix rewrite to use when generating an HTTP redirect.
                  Used with `host_redirect`.
                type: string
              prefix_regex:
                type: boolean
              priority:
                type: string
              query_parameters:
                additionalProperties:
                  type: string
                type: object
              redirect_response_code:
                description: The response code to use when generating an HTTP redirect.
                  Defaults to 301. Used with `host_redirect`.
                enum:
                - 301
                - 302
                - 303
                - 307
                - 308
                type: integer
              regex_headers:
                additionalProperties:
                  type: string
                type: object
              regex_query_parameters:
                additionalProperties:
                  type: string
                type: object
              regex_redirect:
                description: Prefix regex rewrite to use when generating an HTTP redirect.
                  Used with `host_redirect`.
                properties:
                  pattern:
                    type: string
                  substitution:
                    type: string
                type: object
              regex_rewrite:
                properties:
                  pattern:
                    type: string
                  substitution:
                    type: string
                type: object
              remove_request_headers:
                items:
                  type: string
                type: array
              remove_response_headers:
                items:
                  type: string
                type: array
              resolver:
                type: string
              respect_dns_ttl:
                type: boolean
              retry_policy:
                properties:
                  num_retries:
                    type: integer
                  per_try_timeout:
                    type: string
                  retry_on:
                    enum:
                    - 5xx
                    - gateway-error
                    - connect-failure
                    - retriable-4xx
                    - refused-stream
                    - retriable-status-codes
                    type: string
                type: object
              rewrite:
                type: string
              service:
                type: string
              shadow:
                type: boolean
              stats_name:
                type: string
              timeout_ms:
                description: The timeout for requests that use this Mapping. Overrides
                  `cluster_request_timeout_ms` set on the Ambassador Module, if it
                  exists.
                type: integer
              tls:
                type: string
              use_websocket:
                description: "use_websocket is deprecated, and is equivlaent to setting
                  `allow_upgrade: [\"websocket\"]` \n TODO(lukeshu): In v3alpha2,
                  get rid of MappingSpec.DeprecatedUseWebsocket."
                type: boolean
              v2BoolHeaders:
                items:
                  type: string
                type: array
              v2BoolQueryParameters:
                items:
                  type: string
                type: array
              v2ExplicitTLS:
                description: V2ExplicitTLS controls some vanity/stylistic elements
                  when converting from v3alpha1 to v2.  The values in an V2ExplicitTLS
                  should not in any way affect the runtime operation of Emissary;
                  except that it may affect internal names in the Envoy config, which
                  may in turn affect stats names.  But it should not affect any end-user
                  observable behavior.
                properties:
                  serviceScheme:
                    description: "ServiceScheme specifies how to spell and capitalize
                      the scheme-part of the service URL. \n Acceptable values are
                      \"http://\" (case-insensitive), \"https://\" (case-insensitive),
                      or \"\".  The value is used if it agrees with whether or not
                      this resource enables TLS origination, or if something else
                      in the resource overrides the scheme."
                    pattern: ^([hH][tT][tT][pP][sS]?://)?$
                    type: string
                  tls:
                    description: "TLS controls whether and how to represent the \"tls\"
                      field when its value could be implied by the \"service\" field.
                      \ In v2, there were a lot of different ways to spell an \"empty\"
                      value, and this field specifies which way to spell it (and will
                      therefore only be used if the value will indeed be empty). \n
                      \ | Value        | Representation                        | Meaning
                      of representation          |  |--------------+---------------------------------------+------------------------------------|
                      \ | \"\"           | omit the field                        |
                      defer to service (no TLSContext)   |  | \"null\"       | store
                      an explicit \"null\" in the field | defer to service (no TLSContext)
                      \  |  | \"string\"     | store an empty string in the field
                      \   | defer to service (no TLSContext)   |  | \"bool:false\"
                      | store a Boolean \"false\" in the field  | defer to service
                      (no TLSContext)   |  | \"bool:true\"  | store a Boolean \"true\"
                      in the field   | originate TLS (no TLSContext)      | \n If
                      the meaning of the representation contradicts anything else
                      (if a TLSContext is to be used, or in the case of \"bool:true\"
                      if TLS is not to be originated), then this field is ignored."
                    enum:
                    - ""
                    - "null"
                    - bool:true
                    - bool:false
                    - string
                    type: string
                type: object
              weight:
                type: integer
            required:
            - prefix
            - service
            type: object
          status:
            description: MappingStatus defines the observed state of Mapping
            properties:
              reason:
                type: string
              state:
                enum:
                - ""
                - Inactive
                - Running
                type: string
            type: object
        type: object
    served: true
    storage: false
    subresources:
      status: {}
  - name: v1
    schema:
      openAPIV3Schema:
        description: Mapping is the Schema for the mappings API
        type: object
        x-kubernetes-preserve-unknown-fields: true
    served: false
    storage: false

kyverno / playground

Context Variable Name does not appear to be Recognized #530