Validate Schedule in CEL expressions

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: validate-cron-schedule
 5  annotations:
 6    policies.kyverno.io/title: Validate Schedule in CEL expressions
 7    policies.kyverno.io/category: Velero in CEL 
 8    policies.kyverno.io/subject: Schedule
 9    kyverno.io/kyverno-version: 1.11.0
10    kyverno.io/kubernetes-version: "1.26-1.27"
11    policies.kyverno.io/description: >-
12      A Velero Schedule is given in Cron format and must be accurate to ensure
13      operation. This policy validates that the schedule is a valid Cron format.
14spec:
15  background: true
16  validationFailureAction: Audit
17  rules:
18  - name: validate-cron
19    match:
20      any:
21      - resources:
22          kinds:
23          - velero.io/v1/Schedule
24          operations:
25          - CREATE
26          - UPDATE
27    validate:
28      cel:
29        expressions:
30          - expression: >-
31              object.spec.schedule.matches('^((?:\\*|[0-5]?[0-9](?:(?:-[0-5]?[0-9])|(?:,[0-5]?[0-9])+)?)(?:\\/[0-9]+)?)\\s+((?:\\*|(?:1?[0-9]|2[0-3])(?:(?:-(?:1?[0-9]|2[0-3]))|(?:,(?:1?[0-9]|2[0-3]))+)?)(?:\\/[0-9]+)?)\\s+((?:\\*|(?:[1-9]|[1-2][0-9]|3[0-1])(?:(?:-(?:[1-9]|[1-2][0-9]|3[0-1]))|(?:,(?:[1-9]|[1-2][0-9]|3[0-1]))+)?)(?:\\/[0-9]+)?)\\s+((?:\\*|(?:[1-9]|1[0-2])(?:(?:-(?:[1-9]|1[0-2]))|(?:,(?:[1-9]|1[0-2]))+)?)(?:\\/[0-9]+)?)\\s+((?:\\*|[0-7](?:-[0-7]|(?:,[0-7])+)?)(?:\\/[0-9]+)?)$')
32            message: The backup schedule must be in a valid cron format.