APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
ResourceSpec is the information to identify the trigger resource.
Context represents admission request context. It is used upon admission review only and is shared across rules within the same UR.
AdmissionRequestInfoObject stores the admission request and operation details
AdmissionRequest describes the admission.Attributes for the admission request.
Namespace is the namespace associated with the request (if any).
OldObject is the existing object. Only populated for DELETE and UPDATE requests.
Operation is the operation being performed. This may be different than the operation requested. e.g. a patch can result in either a CREATE or UPDATE Operation.
Options is the operation option structure of the operation being performed. e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be different than the options the caller provided. e.g. for a patch request the performed Operation might be a CREATE, in which case the Options will a `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`.
RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). If this is specified and differs from the value in "kind", an equivalent match and conversion was performed.
For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, an API request to apps/v1beta1 deployments would be converted and sent to the webhook with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request).
See documentation for the "matchPolicy" field in the webhook configuration type for more details.
RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). If this is specified and differs from the value in "resource", an equivalent match and conversion was performed.
For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, an API request to apps/v1beta1 deployments would be converted and sent to the webhook with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request).
See documentation for the "matchPolicy" field in the webhook configuration type.
RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale") If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed. See documentation for the "matchPolicy" field in the webhook configuration type.
SubResource is the subresource being requested, if any (for example, "status" or "scale")
UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are otherwise identical (parallel requests, requests when earlier requests did not modify etc) The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.
UserInfo is information about the requesting user
Operation is the type of resource operation being checked for admission control
RequestInfo contains permission info carried in an admission request.
ClusterRoles is a list of possible clusterRoles send the request.
UserInfo is the userInfo carried in the admission request.
DeleteDownstream represents whether the downstream needs to be deleted. Deprecated
Type represents request type for background processing
ResourceSpec is the information to identify the trigger resource.
APIVersion specifies resource apiVersion.
Namespace specifies resource namespace.
[...{
deleteDownstream!: bool
rule!: string
synchronize?: bool
trigger!: {
apiVersion?: string
kind?: string
name?: string
namespace?: string
uid?: string
}
}]RuleContext is the associate context to apply rules. optional
Synchronize represents the sync behavior of the corresponding rule Optional. Defaults to "false" if not specified. Deprecated, will be removed in 1.14.
Status contains statistics related to update request.
[...{
apiVersion?: string
kind?: string
name?: string
namespace?: string
uid?: string
}]This will track the resources that are updated by the generate Policy. Will be used during clean up resources.
UpdateRequest is a request to process mutate and generate rules in background.