Discover modules > cue.dev/x/kyverno > updaterequest > v2
v0.4.0
#UpdateRequest: ¶

UpdateRequest is a request to process mutate and generate rules in background.

apiVersion: "kyverno.io/v2" ¶

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind: "UpdateRequest" ¶

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata!: ¶
name!: string ¶
namespace!: string ¶
labels?: [string]: string ¶
annotations?: [string]: string ¶
spec?: ¶

ResourceSpec is the information to identify the trigger resource.

context!: ¶

Context represents admission request context. It is used upon admission review only and is shared across rules within the same UR.

admissionRequestInfo?: ¶

AdmissionRequestInfoObject stores the admission request and operation details

admissionRequest?: ¶

AdmissionRequest describes the admission.Attributes for the admission request.

dryRun?: bool ¶

DryRun indicates that modifications will definitely not be persisted for this request. Defaults to false.

kind!: ¶

Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale)

group!: string ¶
kind!: string ¶
version!: string ¶
name?: string ¶

Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and rely on the server to generate the name. If that is the case, this field will contain an empty string.

namespace?: string ¶

Namespace is the namespace associated with the request (if any).

object?: ... ¶

Object is the object from the incoming request.

oldObject?: ... ¶

OldObject is the existing object. Only populated for DELETE and UPDATE requests.

operation!: string ¶

Operation is the operation being performed. This may be different than the operation requested. e.g. a patch can result in either a CREATE or UPDATE Operation.

options?: ... ¶

Options is the operation option structure of the operation being performed. e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be different than the options the caller provided. e.g. for a patch request the performed Operation might be a CREATE, in which case the Options will a `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`.

requestKind?: ¶

RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). If this is specified and differs from the value in "kind", an equivalent match and conversion was performed.

For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, an API request to apps/v1beta1 deployments would be converted and sent to the webhook with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request).

See documentation for the "matchPolicy" field in the webhook configuration type for more details.

group!: string ¶
kind!: string ¶
version!: string ¶
requestResource?: ¶

RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). If this is specified and differs from the value in "resource", an equivalent match and conversion was performed.

For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, an API request to apps/v1beta1 deployments would be converted and sent to the webhook with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request).

See documentation for the "matchPolicy" field in the webhook configuration type.

group!: string ¶
resource!: string ¶
version!: string ¶
requestSubResource?: string ¶

RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale") If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed. See documentation for the "matchPolicy" field in the webhook configuration type.

resource!: ¶

Resource is the fully-qualified resource being requested (for example, v1.pods)

group!: string ¶
resource!: string ¶
version!: string ¶
subResource?: string ¶

SubResource is the subresource being requested, if any (for example, "status" or "scale")

uid!: string ¶

UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are otherwise identical (parallel requests, requests when earlier requests did not modify etc) The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.

userInfo!: ¶

UserInfo is information about the requesting user

extra?: [string]: [...string] ¶

Any additional information provided by the authenticator.

groups?: [...string] ¶

The names of groups this user is a part of.

uid?: string ¶

A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs.

username?: string ¶

The name that uniquely identifies this user among all active users.

operation?: string ¶

Operation is the type of resource operation being checked for admission control

userInfo?: ¶

RequestInfo contains permission info carried in an admission request.

clusterRoles?: null | [...string] ¶

ClusterRoles is a list of possible clusterRoles send the request.

roles?: null | [...string] ¶

Roles is a list of possible role send the request.

userInfo?: ¶

UserInfo is the userInfo carried in the admission request.

extra?: [string]: [...string] ¶

Any additional information provided by the authenticator.

groups?: [...string] ¶

The names of groups this user is a part of.

uid?: string ¶

A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs.

username?: string ¶

The name that uniquely identifies this user among all active users.

deleteDownstream!: bool ¶

DeleteDownstream represents whether the downstream needs to be deleted. Deprecated

policy!: string ¶

Specifies the name of the policy.

requestType?: "mutate" | "generate" ¶

Type represents request type for background processing

resource!: ¶

ResourceSpec is the information to identify the trigger resource.

apiVersion?: string ¶

APIVersion specifies resource apiVersion.

kind?: string ¶

Kind specifies resource kind.

name?: string ¶

Name specifies the resource name.

namespace?: string ¶

Namespace specifies resource namespace.

uid?: string ¶

UID specifies the resource uid.

rule!: string ¶

Rule is the associate rule name of the current UR.

ruleContext?:
click to see definition
[...{
	deleteDownstream!: bool
	rule!:             string
	synchronize?:      bool
	trigger!: {
		apiVersion?: string
		kind?:       string
		name?:       string
		namespace?:  string
		uid?:        string
	}
}]
¶

RuleContext is the associate context to apply rules. optional

synchronize?: bool ¶

Synchronize represents the sync behavior of the corresponding rule Optional. Defaults to "false" if not specified. Deprecated, will be removed in 1.14.

status?: ¶

Status contains statistics related to update request.

generatedResources?:
click to see definition
[...{
	apiVersion?: string
	kind?:       string
	name?:       string
	namespace?:  string
	uid?:        string
}]
¶

This will track the resources that are updated by the generate Policy. Will be used during clean up resources.

message?: string ¶

Specifies request status message.

retryCount?: int ¶
state!: string ¶

State represents state of the update request.

Source files

  • schema.cue