| /* |
| Copyright The Kubernetes Authors. |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| */ |
| |
| |
| // This file was autogenerated by go-to-protobuf. Do not edit it manually! |
| |
| syntax = 'proto2'; |
| |
| package k8s.io.api.imagepolicy.v1alpha1; |
| |
| import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; |
| import "k8s.io/apimachinery/pkg/runtime/generated.proto"; |
| import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; |
| |
| // Package-wide variables from generator "generated". |
| option go_package = "v1alpha1"; |
| |
| // ImageReview checks if the set of images in a pod are allowed. |
| message ImageReview { |
| // +optional |
| optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; |
| |
| // Spec holds information about the pod being evaluated |
| optional ImageReviewSpec spec = 2; |
| |
| // Status is filled in by the backend and indicates whether the pod should be allowed. |
| // +optional |
| optional ImageReviewStatus status = 3; |
| } |
| |
| // ImageReviewContainerSpec is a description of a container within the pod creation request. |
| message ImageReviewContainerSpec { |
| // This can be in the form image:tag or image@SHA:012345679abcdef. |
| // +optional |
| optional string image = 1; |
| } |
| |
| // ImageReviewSpec is a description of the pod creation request. |
| message ImageReviewSpec { |
| // Containers is a list of a subset of the information in each container of the Pod being created. |
| // +optional |
| repeated ImageReviewContainerSpec containers = 1; |
| |
| // Annotations is a list of key-value pairs extracted from the Pod's annotations. |
| // It only includes keys which match the pattern `*.image-policy.k8s.io/*`. |
| // It is up to each webhook backend to determine how to interpret these annotations, if at all. |
| // +optional |
| map<string, string> annotations = 2; |
| |
| // Namespace is the namespace the pod is being created in. |
| // +optional |
| optional string namespace = 3; |
| } |
| |
| // ImageReviewStatus is the result of the review for the pod creation request. |
| message ImageReviewStatus { |
| // Allowed indicates that all images were allowed to be run. |
| optional bool allowed = 1; |
| |
| // Reason should be empty unless Allowed is false in which case it |
| // may contain a short description of what is wrong. Kubernetes |
| // may truncate excessively long errors when displaying to the user. |
| // +optional |
| optional string reason = 2; |
| |
| // AuditAnnotations will be added to the attributes object of the |
| // admission controller request using 'AddAnnotation'. The keys should |
| // be prefix-less (i.e., the admission controller will add an |
| // appropriate prefix). |
| // +optional |
| map<string, string> auditAnnotations = 3; |
| } |
| |