mirror of https://github.com/k3s-io/k3s
161 lines
7.7 KiB
Protocol Buffer
161 lines
7.7 KiB
Protocol Buffer
|
/*
|
||
|
Copyright The Kubernetes Authors.
|
||
|
|
||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
you may not use this file except in compliance with the License.
|
||
|
You may obtain a copy of the License at
|
||
|
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||
|
|
||
|
Unless required by applicable law or agreed to in writing, software
|
||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
See the License for the specific language governing permissions and
|
||
|
limitations under the License.
|
||
|
*/
|
||
|
|
||
|
|
||
|
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
|
||
|
|
||
|
syntax = 'proto2';
|
||
|
|
||
|
package k8s.io.api.admission.v1;
|
||
|
|
||
|
import "k8s.io/api/authentication/v1/generated.proto";
|
||
|
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
|
||
|
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
|
||
|
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
|
||
|
|
||
|
// Package-wide variables from generator "generated".
|
||
|
option go_package = "v1";
|
||
|
|
||
|
// AdmissionRequest describes the admission.Attributes for the admission request.
|
||
|
message AdmissionRequest {
|
||
|
// UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are
|
||
|
// otherwise identical (parallel requests, requests when earlier requests did not modify etc)
|
||
|
// The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request.
|
||
|
// It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.
|
||
|
optional string uid = 1;
|
||
|
|
||
|
// Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale)
|
||
|
optional k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionKind kind = 2;
|
||
|
|
||
|
// Resource is the fully-qualified resource being requested (for example, v1.pods)
|
||
|
optional k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionResource resource = 3;
|
||
|
|
||
|
// SubResource is the subresource being requested, if any (for example, "status" or "scale")
|
||
|
// +optional
|
||
|
optional string subResource = 4;
|
||
|
|
||
|
// RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale).
|
||
|
// If this is specified and differs from the value in "kind", an equivalent match and conversion was performed.
|
||
|
//
|
||
|
// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of
|
||
|
// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`,
|
||
|
// an API request to apps/v1beta1 deployments would be converted and sent to the webhook
|
||
|
// with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for),
|
||
|
// and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request).
|
||
|
//
|
||
|
// See documentation for the "matchPolicy" field in the webhook configuration type for more details.
|
||
|
// +optional
|
||
|
optional k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionKind requestKind = 13;
|
||
|
|
||
|
// RequestResource is the fully-qualified resource of the original API request (for example, v1.pods).
|
||
|
// If this is specified and differs from the value in "resource", an equivalent match and conversion was performed.
|
||
|
//
|
||
|
// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of
|
||
|
// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`,
|
||
|
// an API request to apps/v1beta1 deployments would be converted and sent to the webhook
|
||
|
// with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for),
|
||
|
// and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request).
|
||
|
//
|
||
|
// See documentation for the "matchPolicy" field in the webhook configuration type.
|
||
|
// +optional
|
||
|
optional k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionResource requestResource = 14;
|
||
|
|
||
|
// RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale")
|
||
|
// If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed.
|
||
|
// See documentation for the "matchPolicy" field in the webhook configuration type.
|
||
|
// +optional
|
||
|
optional string requestSubResource = 15;
|
||
|
|
||
|
// Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and
|
||
|
// rely on the server to generate the name. If that is the case, this field will contain an empty string.
|
||
|
// +optional
|
||
|
optional string name = 5;
|
||
|
|
||
|
// Namespace is the namespace associated with the request (if any).
|
||
|
// +optional
|
||
|
optional string namespace = 6;
|
||
|
|
||
|
// Operation is the operation being performed. This may be different than the operation
|
||
|
// requested. e.g. a patch can result in either a CREATE or UPDATE Operation.
|
||
|
optional string operation = 7;
|
||
|
|
||
|
// UserInfo is information about the requesting user
|
||
|
optional k8s.io.api.authentication.v1.UserInfo userInfo = 8;
|
||
|
|
||
|
// Object is the object from the incoming request.
|
||
|
// +optional
|
||
|
optional k8s.io.apimachinery.pkg.runtime.RawExtension object = 9;
|
||
|
|
||
|
// OldObject is the existing object. Only populated for DELETE and UPDATE requests.
|
||
|
// +optional
|
||
|
optional k8s.io.apimachinery.pkg.runtime.RawExtension oldObject = 10;
|
||
|
|
||
|
// DryRun indicates that modifications will definitely not be persisted for this request.
|
||
|
// Defaults to false.
|
||
|
// +optional
|
||
|
optional bool dryRun = 11;
|
||
|
|
||
|
// Options is the operation option structure of the operation being performed.
|
||
|
// e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be
|
||
|
// different than the options the caller provided. e.g. for a patch request the performed
|
||
|
// Operation might be a CREATE, in which case the Options will a
|
||
|
// `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`.
|
||
|
// +optional
|
||
|
optional k8s.io.apimachinery.pkg.runtime.RawExtension options = 12;
|
||
|
}
|
||
|
|
||
|
// AdmissionResponse describes an admission response.
|
||
|
message AdmissionResponse {
|
||
|
// UID is an identifier for the individual request/response.
|
||
|
// This must be copied over from the corresponding AdmissionRequest.
|
||
|
optional string uid = 1;
|
||
|
|
||
|
// Allowed indicates whether or not the admission request was permitted.
|
||
|
optional bool allowed = 2;
|
||
|
|
||
|
// Result contains extra details into why an admission request was denied.
|
||
|
// This field IS NOT consulted in any way if "Allowed" is "true".
|
||
|
// +optional
|
||
|
optional k8s.io.apimachinery.pkg.apis.meta.v1.Status status = 3;
|
||
|
|
||
|
// The patch body. Currently we only support "JSONPatch" which implements RFC 6902.
|
||
|
// +optional
|
||
|
optional bytes patch = 4;
|
||
|
|
||
|
// The type of Patch. Currently we only allow "JSONPatch".
|
||
|
// +optional
|
||
|
optional string patchType = 5;
|
||
|
|
||
|
// AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted).
|
||
|
// MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with
|
||
|
// admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by
|
||
|
// the admission webhook to add additional context to the audit log for this request.
|
||
|
// +optional
|
||
|
map<string, string> auditAnnotations = 6;
|
||
|
}
|
||
|
|
||
|
// AdmissionReview describes an admission review request/response.
|
||
|
message AdmissionReview {
|
||
|
// Request describes the attributes for the admission request.
|
||
|
// +optional
|
||
|
optional AdmissionRequest request = 1;
|
||
|
|
||
|
// Response describes the attributes for the admission response.
|
||
|
// +optional
|
||
|
optional AdmissionResponse response = 2;
|
||
|
}
|
||
|
|