1package v1beta1
2
3// UpdateRequest is a request to process mutate and generate rules
4// in background.
5#UpdateRequest: {
6 _embeddedResource
7
8 // APIVersion defines the versioned schema of this representation
9 // of an object.
10 // Servers should convert recognized schemas to the latest
11 // internal value, and
12 // may reject unrecognized values.
13 // More info:
14 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
15 "apiVersion"?: string
16
17 // Kind is a string value representing the REST resource this
18 // object represents.
19 // Servers may infer this from the endpoint the client submits
20 // requests to.
21 // Cannot be updated.
22 // In CamelCase.
23 // More info:
24 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
25 "kind"?: string
26 "metadata"?: {}
27
28 // ResourceSpec is the information to identify the trigger
29 // resource.
30 "spec"?: {
31 // Context ...
32 "context"!: {
33 // AdmissionRequestInfoObject stores the admission request and
34 // operation details
35 "admissionRequestInfo"?: {
36 // AdmissionRequest describes the admission.Attributes for the
37 // admission request.
38 "admissionRequest"?: {
39 // DryRun indicates that modifications will definitely not be
40 // persisted for this request.
41 // Defaults to false.
42 "dryRun"?: bool
43
44 // Kind is the fully-qualified type of object being submitted (for
45 // example, v1.Pod or autoscaling.v1.Scale)
46 "kind"!: {
47 "group"!: string
48 "kind"!: string
49 "version"!: string
50 }
51
52 // Name is the name of the object as presented in the request. On
53 // a CREATE operation, the client may omit name and
54 // rely on the server to generate the name. If that is the case,
55 // this field will contain an empty string.
56 "name"?: string
57
58 // Namespace is the namespace associated with the request (if
59 // any).
60 "namespace"?: string
61
62 // Object is the object from the incoming request.
63 "object"?: {
64 ...
65 }
66
67 // OldObject is the existing object. Only populated for DELETE and
68 // UPDATE requests.
69 "oldObject"?: {
70 ...
71 }
72
73 // Operation is the operation being performed. This may be
74 // different than the operation
75 // requested. e.g. a patch can result in either a CREATE or UPDATE
76 // Operation.
77 "operation"!: string
78
79 // Options is the operation option structure of the operation
80 // being performed.
81 // e.g. `meta.k8s.io/v1.DeleteOptions` or
82 // `meta.k8s.io/v1.CreateOptions`. This may be
83 // different than the options the caller provided. e.g. for a
84 // patch request the performed
85 // Operation might be a CREATE, in which case the Options will a
86 // `meta.k8s.io/v1.CreateOptions` even though the caller provided
87 // `meta.k8s.io/v1.PatchOptions`.
88 "options"?: {
89 ...
90 }
91
92 // RequestKind is the fully-qualified type of the original API
93 // request (for example, v1.Pod or autoscaling.v1.Scale).
94 // If this is specified and differs from the value in "kind", an
95 // equivalent match and conversion was performed.
96 //
97 // For example, if deployments can be modified via apps/v1 and
98 // apps/v1beta1, and a webhook registered a rule of
99 // `apiGroups:["apps"], apiVersions:["v1"], resources:
100 // ["deployments"]` and `matchPolicy: Equivalent`,
101 // an API request to apps/v1beta1 deployments would be converted
102 // and sent to the webhook
103 // with `kind: {group:"apps", version:"v1", kind:"Deployment"}`
104 // (matching the rule the webhook registered for),
105 // and `requestKind: {group:"apps", version:"v1beta1",
106 // kind:"Deployment"}` (indicating the kind of the original API
107 // request).
108 //
109 // See documentation for the "matchPolicy" field in the webhook
110 // configuration type for more details.
111 "requestKind"?: {
112 "group"!: string
113 "kind"!: string
114 "version"!: string
115 }
116
117 // RequestResource is the fully-qualified resource of the original
118 // API request (for example, v1.pods).
119 // If this is specified and differs from the value in "resource",
120 // an equivalent match and conversion was performed.
121 //
122 // For example, if deployments can be modified via apps/v1 and
123 // apps/v1beta1, and a webhook registered a rule of
124 // `apiGroups:["apps"], apiVersions:["v1"], resources:
125 // ["deployments"]` and `matchPolicy: Equivalent`,
126 // an API request to apps/v1beta1 deployments would be converted
127 // and sent to the webhook
128 // with `resource: {group:"apps", version:"v1",
129 // resource:"deployments"}` (matching the resource the webhook
130 // registered for),
131 // and `requestResource: {group:"apps", version:"v1beta1",
132 // resource:"deployments"}` (indicating the resource of the
133 // original API request).
134 //
135 // See documentation for the "matchPolicy" field in the webhook
136 // configuration type.
137 "requestResource"?: {
138 "group"!: string
139 "resource"!: string
140 "version"!: string
141 }
142
143 // RequestSubResource is the name of the subresource of the
144 // original API request, if any (for example, "status" or
145 // "scale")
146 // If this is specified and differs from the value in
147 // "subResource", an equivalent match and conversion was
148 // performed.
149 // See documentation for the "matchPolicy" field in the webhook
150 // configuration type.
151 "requestSubResource"?: string
152
153 // Resource is the fully-qualified resource being requested (for
154 // example, v1.pods)
155 "resource"!: {
156 "group"!: string
157 "resource"!: string
158 "version"!: string
159 }
160
161 // SubResource is the subresource being requested, if any (for
162 // example, "status" or "scale")
163 "subResource"?: string
164
165 // UID is an identifier for the individual request/response. It
166 // allows us to distinguish instances of requests which are
167 // otherwise identical (parallel requests, requests when earlier
168 // requests did not modify etc)
169 // The UID is meant to track the round trip (request/response)
170 // between the KAS and the WebHook, not the user request.
171 // It is suitable for correlating log entries between the webhook
172 // and apiserver, for either auditing or debugging.
173 "uid"!: string
174
175 // UserInfo is information about the requesting user
176 "userInfo"!: {
177 // Any additional information provided by the authenticator.
178 "extra"?: [string]: [...string]
179
180 // The names of groups this user is a part of.
181 "groups"?: [...string]
182
183 // A unique value that identifies this user across time. If this
184 // user is
185 // deleted and another user by the same name is added, they will
186 // have
187 // different UIDs.
188 "uid"?: string
189
190 // The name that uniquely identifies this user among all active
191 // users.
192 "username"?: string
193 }
194 }
195
196 // Operation is the type of resource operation being checked for
197 // admission control
198 "operation"?: string
199 }
200
201 // RequestInfo contains permission info carried in an admission
202 // request.
203 "userInfo"?: {
204 // ClusterRoles is a list of possible clusterRoles send the
205 // request.
206 "clusterRoles"?:
207 null | [...string]
208
209 // Roles is a list of possible role send the request.
210 "roles"?:
211 null | [...string]
212
213 // UserInfo is the userInfo carried in the admission request.
214 "userInfo"?: {
215 // Any additional information provided by the authenticator.
216 "extra"?: [string]: [...string]
217
218 // The names of groups this user is a part of.
219 "groups"?: [...string]
220
221 // A unique value that identifies this user across time. If this
222 // user is
223 // deleted and another user by the same name is added, they will
224 // have
225 // different UIDs.
226 "uid"?: string
227
228 // The name that uniquely identifies this user among all active
229 // users.
230 "username"?: string
231 }
232 }
233 }
234
235 // DeleteDownstream represents whether the downstream needs to be
236 // deleted.
237 "deleteDownstream"!: bool
238
239 // Specifies the name of the policy.
240 "policy"!: string
241
242 // Type represents request type for background processing
243 "requestType"?: "mutate" | "generate"
244
245 // ResourceSpec is the information to identify the trigger
246 // resource.
247 "resource"!: {
248 // APIVersion specifies resource apiVersion.
249 "apiVersion"?: string
250
251 // Kind specifies resource kind.
252 "kind"?: string
253
254 // Name specifies the resource name.
255 "name"?: string
256
257 // Namespace specifies resource namespace.
258 "namespace"?: string
259
260 // UID specifies the resource uid.
261 "uid"?: string
262 }
263
264 // Rule is the associate rule name of the current UR.
265 "rule"!: string
266
267 // Synchronize represents the sync behavior of the corresponding
268 // rule
269 // Optional. Defaults to "false" if not specified.
270 "synchronize"?: bool
271 }
272
273 // Status contains statistics related to update request.
274 "status"?: {
275 // This will track the resources that are updated by the generate
276 // Policy.
277 // Will be used during clean up resources.
278 "generatedResources"?: [...{
279 // APIVersion specifies resource apiVersion.
280 "apiVersion"?: string
281
282 // Kind specifies resource kind.
283 "kind"?: string
284
285 // Name specifies the resource name.
286 "name"?: string
287
288 // Namespace specifies resource namespace.
289 "namespace"?: string
290
291 // UID specifies the resource uid.
292 "uid"?: string
293 }]
294
295 // Deprecated
296 "handler"?: string
297
298 // Specifies request status message.
299 "message"?: string
300 "retryCount"?: int
301
302 // State represents state of the update request.
303 "state"!: string
304 }
305
306 _embeddedResource: {
307 "apiVersion"!: string
308 "kind"!: string
309 "metadata"?: {
310 ...
311 }
312 }
313 apiVersion: "kyverno.io/v1beta1"
314 kind: "UpdateRequest"
315 metadata!: {
316 "name"!: string
317 "namespace"!: string
318 "labels"?: {
319 [string]: string
320 }
321 "annotations"?: {
322 [string]: string
323 }
324 ...
325 }
326}