package k8s.io.api.admission.v1beta1

Get desktop application:
View/edit binary Protocol Buffers messages

AdmissionRequest describes the admission.Attributes for the admission request.

Used in: AdmissionReview

• optional string uid = 1

  UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are otherwise identical (parallel requests, requests when earlier requests did not modify etc) The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.

• optional apimachinery.pkg.apis.meta.v1.GroupVersionKind kind = 2

  Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale)

• optional apimachinery.pkg.apis.meta.v1.GroupVersionResource resource = 3

  Resource is the fully-qualified resource being requested (for example, v1.pods)

• optional string subResource = 4

  SubResource is the subresource being requested, if any (for example, "status" or "scale") +optional

• optional apimachinery.pkg.apis.meta.v1.GroupVersionKind requestKind = 13

  RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). If this is specified and differs from the value in "kind", an equivalent match and conversion was performed. For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, an API request to apps/v1beta1 deployments would be converted and sent to the webhook with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request). See documentation for the "matchPolicy" field in the webhook configuration type for more details. +optional

• optional apimachinery.pkg.apis.meta.v1.GroupVersionResource requestResource = 14

  RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). If this is specified and differs from the value in "resource", an equivalent match and conversion was performed. For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, an API request to apps/v1beta1 deployments would be converted and sent to the webhook with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request). See documentation for the "matchPolicy" field in the webhook configuration type. +optional

• optional string requestSubResource = 15

  RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale") If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed. See documentation for the "matchPolicy" field in the webhook configuration type. +optional

• optional string name = 5

  Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and rely on the server to generate the name. If that is the case, this field will contain an empty string. +optional

• optional string namespace = 6

  Namespace is the namespace associated with the request (if any). +optional

• optional string operation = 7

  Operation is the operation being performed. This may be different than the operation requested. e.g. a patch can result in either a CREATE or UPDATE Operation.

• optional authentication.v1.UserInfo userInfo = 8

  UserInfo is information about the requesting user

• optional apimachinery.pkg.runtime.RawExtension object = 9

  Object is the object from the incoming request. +optional

• optional apimachinery.pkg.runtime.RawExtension oldObject = 10

  OldObject is the existing object. Only populated for DELETE and UPDATE requests. +optional

• optional bool dryRun = 11

  DryRun indicates that modifications will definitely not be persisted for this request. Defaults to false. +optional

• optional apimachinery.pkg.runtime.RawExtension options = 12

  Options is the operation option structure of the operation being performed. e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be different than the options the caller provided. e.g. for a patch request the performed Operation might be a CREATE, in which case the Options will a `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`. +optional

AdmissionResponse describes an admission response.

Used in: AdmissionReview

• optional string uid = 1

  UID is an identifier for the individual request/response. This should be copied over from the corresponding AdmissionRequest.

• optional bool allowed = 2

  Allowed indicates whether or not the admission request was permitted.

• optional apimachinery.pkg.apis.meta.v1.Status status = 3

  Result contains extra details into why an admission request was denied. This field IS NOT consulted in any way if "Allowed" is "true". +optional

• optional bytes patch = 4

  The patch body. Currently we only support "JSONPatch" which implements RFC 6902. +optional

• optional string patchType = 5

  The type of Patch. Currently we only allow "JSONPatch". +optional

• map<string, string> auditAnnotations = 6

  AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by the admission webhook to add additional context to the audit log for this request. +optional

• repeated string warnings = 7

  warnings is a list of warning messages to return to the requesting API client. Warning messages describe a problem the client making the API request should correct or be aware of. Limit warnings to 120 characters if possible. Warnings over 256 characters and large numbers of warnings may be truncated. +optional

AdmissionReview describes an admission review request/response.

• optional AdmissionRequest request = 1

  Request describes the attributes for the admission request. +optional

• optional AdmissionResponse response = 2

  Response describes the attributes for the admission response. +optional