rules:
  # The core E2E framework is meant to be a normal Kubernetes client,
  # which means that it shouldn't depend on internal
  # code. But we are not there yet, so some exceptions
  # have to be allowed. Over time the list of allowed
  # packages should get shorter, not longer.
  - selectorRegexp: ^k8s[.]io/kubernetes/pkg/
    allowedPrefixes:
    - k8s.io/kubernetes/pkg/kubelet/apis/

  # The following packages are okay to use:
  #
  # public API
  - selectorRegexp: ^k8s[.]io/(api|apimachinery|client-go|component-base|klog|pod-security-admission|utils)/|^[a-z]+(/|$)|github.com/onsi/(ginkgo|gomega)|^k8s[.]io/kubernetes/test/(e2e/framework/internal/|utils)
    allowedPrefixes: [ "" ]

  # stdlib
  - selectorRegexp: ^[a-z]+(/|$)
    allowedPrefixes: [ "" ]

  # Ginkgo + Gomega.
  - selectorRegexp: github.com/onsi/(ginkgo|gomega)|^k8s[.]io/kubernetes/test/(e2e/framework/internal/|utils)
    allowedPrefixes: [ "" ]

  # some of the shared test helpers (but not E2E sub-packages!)
  - selectorRegexp: ^k8s[.]io/kubernetes/test/(e2e/framework/internal/|utils)
    allowedPrefixes: [ "" ]

  # Everything else isn't.
  #
  # In particular importing any test/e2e/framework/* package would be a
  # violation (sub-packages get to use the framework, not the other way
  # around).
  - selectorRegexp: .
