| /* |
| Copyright The Kubernetes Authors. |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| */ |
| |
| |
| // This file was autogenerated by go-to-protobuf. Do not edit it manually! |
| |
| syntax = 'proto2'; |
| |
| package k8s.io.api.admission.v1beta1; |
| |
| import "k8s.io/api/authentication/v1/generated.proto"; |
| import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; |
| import "k8s.io/apimachinery/pkg/runtime/generated.proto"; |
| import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; |
| |
| // Package-wide variables from generator "generated". |
| option go_package = "v1beta1"; |
| |
| // AdmissionRequest describes the admission.Attributes for the admission request. |
| message AdmissionRequest { |
| // UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are |
| // otherwise identical (parallel requests, requests when earlier requests did not modify etc) |
| // The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. |
| // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging. |
| optional string uid = 1; |
| |
| // Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale) |
| optional k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionKind kind = 2; |
| |
| // Resource is the fully-qualified resource being requested (for example, v1.pods) |
| optional k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionResource resource = 3; |
| |
| // SubResource is the subresource being requested, if any (for example, "status" or "scale") |
| // +optional |
| optional string subResource = 4; |
| |
| // RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). |
| // If this is specified and differs from the value in "kind", an equivalent match and conversion was performed. |
| // |
| // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of |
| // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, |
| // an API request to apps/v1beta1 deployments would be converted and sent to the webhook |
| // with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), |
| // and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request). |
| // |
| // See documentation for the "matchPolicy" field in the webhook configuration type for more details. |
| // +optional |
| optional k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionKind requestKind = 13; |
| |
| // RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). |
| // If this is specified and differs from the value in "resource", an equivalent match and conversion was performed. |
| // |
| // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of |
| // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, |
| // an API request to apps/v1beta1 deployments would be converted and sent to the webhook |
| // with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), |
| // and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request). |
| // |
| // See documentation for the "matchPolicy" field in the webhook configuration type. |
| // +optional |
| optional k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionResource requestResource = 14; |
| |
| // RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale") |
| // If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed. |
| // See documentation for the "matchPolicy" field in the webhook configuration type. |
| // +optional |
| optional string requestSubResource = 15; |
| |
| // Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and |
| // rely on the server to generate the name. If that is the case, this method will return the empty string. |
| // +optional |
| optional string name = 5; |
| |
| // Namespace is the namespace associated with the request (if any). |
| // +optional |
| optional string namespace = 6; |
| |
| // Operation is the operation being performed. This may be different than the operation |
| // requested. e.g. a patch can result in either a CREATE or UPDATE Operation. |
| optional string operation = 7; |
| |
| // UserInfo is information about the requesting user |
| optional k8s.io.api.authentication.v1.UserInfo userInfo = 8; |
| |
| // Object is the object from the incoming request prior to default values being applied |
| // +optional |
| optional k8s.io.apimachinery.pkg.runtime.RawExtension object = 9; |
| |
| // OldObject is the existing object. Only populated for UPDATE requests. |
| // +optional |
| optional k8s.io.apimachinery.pkg.runtime.RawExtension oldObject = 10; |
| |
| // DryRun indicates that modifications will definitely not be persisted for this request. |
| // Defaults to false. |
| // +optional |
| optional bool dryRun = 11; |
| |
| // Options is the operation option structure of the operation being performed. |
| // e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be |
| // different than the options the caller provided. e.g. for a patch request the performed |
| // Operation might be a CREATE, in which case the Options will a |
| // `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`. |
| // +optional |
| optional k8s.io.apimachinery.pkg.runtime.RawExtension options = 12; |
| } |
| |
| // AdmissionResponse describes an admission response. |
| message AdmissionResponse { |
| // UID is an identifier for the individual request/response. |
| // This should be copied over from the corresponding AdmissionRequest. |
| optional string uid = 1; |
| |
| // Allowed indicates whether or not the admission request was permitted. |
| optional bool allowed = 2; |
| |
| // Result contains extra details into why an admission request was denied. |
| // This field IS NOT consulted in any way if "Allowed" is "true". |
| // +optional |
| optional k8s.io.apimachinery.pkg.apis.meta.v1.Status status = 3; |
| |
| // The patch body. Currently we only support "JSONPatch" which implements RFC 6902. |
| // +optional |
| optional bytes patch = 4; |
| |
| // The type of Patch. Currently we only allow "JSONPatch". |
| // +optional |
| optional string patchType = 5; |
| |
| // AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). |
| // MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with |
| // admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by |
| // the admission webhook to add additional context to the audit log for this request. |
| // +optional |
| map<string, string> auditAnnotations = 6; |
| } |
| |
| // AdmissionReview describes an admission review request/response. |
| message AdmissionReview { |
| // Request describes the attributes for the admission request. |
| // +optional |
| optional AdmissionRequest request = 1; |
| |
| // Response describes the attributes for the admission response. |
| // +optional |
| optional AdmissionResponse response = 2; |
| } |
| |