cue.dev/x/kyverno@v0.4.0

updaterequest/v1beta1/schema.cue raw

  1package v1beta1
  2
  3// UpdateRequest is a request to process mutate and generate rules
  4// in background.
  5#UpdateRequest: {
  6	_embeddedResource
  7
  8	// APIVersion defines the versioned schema of this representation
  9	// of an object.
 10	// Servers should convert recognized schemas to the latest
 11	// internal value, and
 12	// may reject unrecognized values.
 13	// More info:
 14	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
 15	"apiVersion"?: string
 16
 17	// Kind is a string value representing the REST resource this
 18	// object represents.
 19	// Servers may infer this from the endpoint the client submits
 20	// requests to.
 21	// Cannot be updated.
 22	// In CamelCase.
 23	// More info:
 24	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 25	"kind"?: string
 26	"metadata"?: {}
 27
 28	// ResourceSpec is the information to identify the trigger
 29	// resource.
 30	"spec"?: {
 31		// Context ...
 32		"context"!: {
 33			// AdmissionRequestInfoObject stores the admission request and
 34			// operation details
 35			"admissionRequestInfo"?: {
 36				// AdmissionRequest describes the admission.Attributes for the
 37				// admission request.
 38				"admissionRequest"?: {
 39					// DryRun indicates that modifications will definitely not be
 40					// persisted for this request.
 41					// Defaults to false.
 42					"dryRun"?: bool
 43
 44					// Kind is the fully-qualified type of object being submitted (for
 45					// example, v1.Pod or autoscaling.v1.Scale)
 46					"kind"!: {
 47						"group"!:   string
 48						"kind"!:    string
 49						"version"!: string
 50					}
 51
 52					// Name is the name of the object as presented in the request. On
 53					// a CREATE operation, the client may omit name and
 54					// rely on the server to generate the name. If that is the case,
 55					// this field will contain an empty string.
 56					"name"?: string
 57
 58					// Namespace is the namespace associated with the request (if
 59					// any).
 60					"namespace"?: string
 61
 62					// Object is the object from the incoming request.
 63					"object"?: {
 64						...
 65					}
 66
 67					// OldObject is the existing object. Only populated for DELETE and
 68					// UPDATE requests.
 69					"oldObject"?: {
 70						...
 71					}
 72
 73					// Operation is the operation being performed. This may be
 74					// different than the operation
 75					// requested. e.g. a patch can result in either a CREATE or UPDATE
 76					// Operation.
 77					"operation"!: string
 78
 79					// Options is the operation option structure of the operation
 80					// being performed.
 81					// e.g. `meta.k8s.io/v1.DeleteOptions` or
 82					// `meta.k8s.io/v1.CreateOptions`. This may be
 83					// different than the options the caller provided. e.g. for a
 84					// patch request the performed
 85					// Operation might be a CREATE, in which case the Options will a
 86					// `meta.k8s.io/v1.CreateOptions` even though the caller provided
 87					// `meta.k8s.io/v1.PatchOptions`.
 88					"options"?: {
 89						...
 90					}
 91
 92					// RequestKind is the fully-qualified type of the original API
 93					// request (for example, v1.Pod or autoscaling.v1.Scale).
 94					// If this is specified and differs from the value in "kind", an
 95					// equivalent match and conversion was performed.
 96					//
 97					// For example, if deployments can be modified via apps/v1 and
 98					// apps/v1beta1, and a webhook registered a rule of
 99					// `apiGroups:["apps"], apiVersions:["v1"], resources:
100					// ["deployments"]` and `matchPolicy: Equivalent`,
101					// an API request to apps/v1beta1 deployments would be converted
102					// and sent to the webhook
103					// with `kind: {group:"apps", version:"v1", kind:"Deployment"}`
104					// (matching the rule the webhook registered for),
105					// and `requestKind: {group:"apps", version:"v1beta1",
106					// kind:"Deployment"}` (indicating the kind of the original API
107					// request).
108					//
109					// See documentation for the "matchPolicy" field in the webhook
110					// configuration type for more details.
111					"requestKind"?: {
112						"group"!:   string
113						"kind"!:    string
114						"version"!: string
115					}
116
117					// RequestResource is the fully-qualified resource of the original
118					// API request (for example, v1.pods).
119					// If this is specified and differs from the value in "resource",
120					// an equivalent match and conversion was performed.
121					//
122					// For example, if deployments can be modified via apps/v1 and
123					// apps/v1beta1, and a webhook registered a rule of
124					// `apiGroups:["apps"], apiVersions:["v1"], resources:
125					// ["deployments"]` and `matchPolicy: Equivalent`,
126					// an API request to apps/v1beta1 deployments would be converted
127					// and sent to the webhook
128					// with `resource: {group:"apps", version:"v1",
129					// resource:"deployments"}` (matching the resource the webhook
130					// registered for),
131					// and `requestResource: {group:"apps", version:"v1beta1",
132					// resource:"deployments"}` (indicating the resource of the
133					// original API request).
134					//
135					// See documentation for the "matchPolicy" field in the webhook
136					// configuration type.
137					"requestResource"?: {
138						"group"!:    string
139						"resource"!: string
140						"version"!:  string
141					}
142
143					// RequestSubResource is the name of the subresource of the
144					// original API request, if any (for example, "status" or
145					// "scale")
146					// If this is specified and differs from the value in
147					// "subResource", an equivalent match and conversion was
148					// performed.
149					// See documentation for the "matchPolicy" field in the webhook
150					// configuration type.
151					"requestSubResource"?: string
152
153					// Resource is the fully-qualified resource being requested (for
154					// example, v1.pods)
155					"resource"!: {
156						"group"!:    string
157						"resource"!: string
158						"version"!:  string
159					}
160
161					// SubResource is the subresource being requested, if any (for
162					// example, "status" or "scale")
163					"subResource"?: string
164
165					// UID is an identifier for the individual request/response. It
166					// allows us to distinguish instances of requests which are
167					// otherwise identical (parallel requests, requests when earlier
168					// requests did not modify etc)
169					// The UID is meant to track the round trip (request/response)
170					// between the KAS and the WebHook, not the user request.
171					// It is suitable for correlating log entries between the webhook
172					// and apiserver, for either auditing or debugging.
173					"uid"!: string
174
175					// UserInfo is information about the requesting user
176					"userInfo"!: {
177						// Any additional information provided by the authenticator.
178						"extra"?: [string]: [...string]
179
180						// The names of groups this user is a part of.
181						"groups"?: [...string]
182
183						// A unique value that identifies this user across time. If this
184						// user is
185						// deleted and another user by the same name is added, they will
186						// have
187						// different UIDs.
188						"uid"?: string
189
190						// The name that uniquely identifies this user among all active
191						// users.
192						"username"?: string
193					}
194				}
195
196				// Operation is the type of resource operation being checked for
197				// admission control
198				"operation"?: string
199			}
200
201			// RequestInfo contains permission info carried in an admission
202			// request.
203			"userInfo"?: {
204				// ClusterRoles is a list of possible clusterRoles send the
205				// request.
206				"clusterRoles"?:
207					null | [...string]
208
209				// Roles is a list of possible role send the request.
210				"roles"?:
211					null | [...string]
212
213				// UserInfo is the userInfo carried in the admission request.
214				"userInfo"?: {
215					// Any additional information provided by the authenticator.
216					"extra"?: [string]: [...string]
217
218					// The names of groups this user is a part of.
219					"groups"?: [...string]
220
221					// A unique value that identifies this user across time. If this
222					// user is
223					// deleted and another user by the same name is added, they will
224					// have
225					// different UIDs.
226					"uid"?: string
227
228					// The name that uniquely identifies this user among all active
229					// users.
230					"username"?: string
231				}
232			}
233		}
234
235		// DeleteDownstream represents whether the downstream needs to be
236		// deleted.
237		"deleteDownstream"!: bool
238
239		// Specifies the name of the policy.
240		"policy"!: string
241
242		// Type represents request type for background processing
243		"requestType"?: "mutate" | "generate"
244
245		// ResourceSpec is the information to identify the trigger
246		// resource.
247		"resource"!: {
248			// APIVersion specifies resource apiVersion.
249			"apiVersion"?: string
250
251			// Kind specifies resource kind.
252			"kind"?: string
253
254			// Name specifies the resource name.
255			"name"?: string
256
257			// Namespace specifies resource namespace.
258			"namespace"?: string
259
260			// UID specifies the resource uid.
261			"uid"?: string
262		}
263
264		// Rule is the associate rule name of the current UR.
265		"rule"!: string
266
267		// Synchronize represents the sync behavior of the corresponding
268		// rule
269		// Optional. Defaults to "false" if not specified.
270		"synchronize"?: bool
271	}
272
273	// Status contains statistics related to update request.
274	"status"?: {
275		// This will track the resources that are updated by the generate
276		// Policy.
277		// Will be used during clean up resources.
278		"generatedResources"?: [...{
279			// APIVersion specifies resource apiVersion.
280			"apiVersion"?: string
281
282			// Kind specifies resource kind.
283			"kind"?: string
284
285			// Name specifies the resource name.
286			"name"?: string
287
288			// Namespace specifies resource namespace.
289			"namespace"?: string
290
291			// UID specifies the resource uid.
292			"uid"?: string
293		}]
294
295		// Deprecated
296		"handler"?: string
297
298		// Specifies request status message.
299		"message"?:    string
300		"retryCount"?: int
301
302		// State represents state of the update request.
303		"state"!: string
304	}
305
306	_embeddedResource: {
307		"apiVersion"!: string
308		"kind"!:       string
309		"metadata"?: {
310			...
311		}
312	}
313	apiVersion: "kyverno.io/v1beta1"
314	kind:       "UpdateRequest"
315	metadata!: {
316		"name"!:      string
317		"namespace"!: string
318		"labels"?: {
319			[string]: string
320		}
321		"annotations"?: {
322			[string]: string
323		}
324		...
325	}
326}