1package v2
2
3// UpdateRequest is a request to process mutate and generate rules
4// in background.
5#UpdateRequest: {
6 _embeddedResource
7
8 // APIVersion defines the versioned schema of this representation
9 // of an object.
10 // Servers should convert recognized schemas to the latest
11 // internal value, and
12 // may reject unrecognized values.
13 // More info:
14 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
15 "apiVersion"?: string
16
17 // Kind is a string value representing the REST resource this
18 // object represents.
19 // Servers may infer this from the endpoint the client submits
20 // requests to.
21 // Cannot be updated.
22 // In CamelCase.
23 // More info:
24 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
25 "kind"?: string
26 "metadata"?: {}
27
28 // ResourceSpec is the information to identify the trigger
29 // resource.
30 "spec"?: {
31 // Context represents admission request context.
32 // It is used upon admission review only and is shared across
33 // rules within the same UR.
34 "context"!: {
35 // AdmissionRequestInfoObject stores the admission request and
36 // operation details
37 "admissionRequestInfo"?: {
38 // AdmissionRequest describes the admission.Attributes for the
39 // admission request.
40 "admissionRequest"?: {
41 // DryRun indicates that modifications will definitely not be
42 // persisted for this request.
43 // Defaults to false.
44 "dryRun"?: bool
45
46 // Kind is the fully-qualified type of object being submitted (for
47 // example, v1.Pod or autoscaling.v1.Scale)
48 "kind"!: {
49 "group"!: string
50 "kind"!: string
51 "version"!: string
52 }
53
54 // Name is the name of the object as presented in the request. On
55 // a CREATE operation, the client may omit name and
56 // rely on the server to generate the name. If that is the case,
57 // this field will contain an empty string.
58 "name"?: string
59
60 // Namespace is the namespace associated with the request (if
61 // any).
62 "namespace"?: string
63
64 // Object is the object from the incoming request.
65 "object"?: {
66 ...
67 }
68
69 // OldObject is the existing object. Only populated for DELETE and
70 // UPDATE requests.
71 "oldObject"?: {
72 ...
73 }
74
75 // Operation is the operation being performed. This may be
76 // different than the operation
77 // requested. e.g. a patch can result in either a CREATE or UPDATE
78 // Operation.
79 "operation"!: string
80
81 // Options is the operation option structure of the operation
82 // being performed.
83 // e.g. `meta.k8s.io/v1.DeleteOptions` or
84 // `meta.k8s.io/v1.CreateOptions`. This may be
85 // different than the options the caller provided. e.g. for a
86 // patch request the performed
87 // Operation might be a CREATE, in which case the Options will a
88 // `meta.k8s.io/v1.CreateOptions` even though the caller provided
89 // `meta.k8s.io/v1.PatchOptions`.
90 "options"?: {
91 ...
92 }
93
94 // RequestKind is the fully-qualified type of the original API
95 // request (for example, v1.Pod or autoscaling.v1.Scale).
96 // If this is specified and differs from the value in "kind", an
97 // equivalent match and conversion was performed.
98 //
99 // For example, if deployments can be modified via apps/v1 and
100 // apps/v1beta1, and a webhook registered a rule of
101 // `apiGroups:["apps"], apiVersions:["v1"], resources:
102 // ["deployments"]` and `matchPolicy: Equivalent`,
103 // an API request to apps/v1beta1 deployments would be converted
104 // and sent to the webhook
105 // with `kind: {group:"apps", version:"v1", kind:"Deployment"}`
106 // (matching the rule the webhook registered for),
107 // and `requestKind: {group:"apps", version:"v1beta1",
108 // kind:"Deployment"}` (indicating the kind of the original API
109 // request).
110 //
111 // See documentation for the "matchPolicy" field in the webhook
112 // configuration type for more details.
113 "requestKind"?: {
114 "group"!: string
115 "kind"!: string
116 "version"!: string
117 }
118
119 // RequestResource is the fully-qualified resource of the original
120 // API request (for example, v1.pods).
121 // If this is specified and differs from the value in "resource",
122 // an equivalent match and conversion was performed.
123 //
124 // For example, if deployments can be modified via apps/v1 and
125 // apps/v1beta1, and a webhook registered a rule of
126 // `apiGroups:["apps"], apiVersions:["v1"], resources:
127 // ["deployments"]` and `matchPolicy: Equivalent`,
128 // an API request to apps/v1beta1 deployments would be converted
129 // and sent to the webhook
130 // with `resource: {group:"apps", version:"v1",
131 // resource:"deployments"}` (matching the resource the webhook
132 // registered for),
133 // and `requestResource: {group:"apps", version:"v1beta1",
134 // resource:"deployments"}` (indicating the resource of the
135 // original API request).
136 //
137 // See documentation for the "matchPolicy" field in the webhook
138 // configuration type.
139 "requestResource"?: {
140 "group"!: string
141 "resource"!: string
142 "version"!: string
143 }
144
145 // RequestSubResource is the name of the subresource of the
146 // original API request, if any (for example, "status" or
147 // "scale")
148 // If this is specified and differs from the value in
149 // "subResource", an equivalent match and conversion was
150 // performed.
151 // See documentation for the "matchPolicy" field in the webhook
152 // configuration type.
153 "requestSubResource"?: string
154
155 // Resource is the fully-qualified resource being requested (for
156 // example, v1.pods)
157 "resource"!: {
158 "group"!: string
159 "resource"!: string
160 "version"!: string
161 }
162
163 // SubResource is the subresource being requested, if any (for
164 // example, "status" or "scale")
165 "subResource"?: string
166
167 // UID is an identifier for the individual request/response. It
168 // allows us to distinguish instances of requests which are
169 // otherwise identical (parallel requests, requests when earlier
170 // requests did not modify etc)
171 // The UID is meant to track the round trip (request/response)
172 // between the KAS and the WebHook, not the user request.
173 // It is suitable for correlating log entries between the webhook
174 // and apiserver, for either auditing or debugging.
175 "uid"!: string
176
177 // UserInfo is information about the requesting user
178 "userInfo"!: {
179 // Any additional information provided by the authenticator.
180 "extra"?: [string]: [...string]
181
182 // The names of groups this user is a part of.
183 "groups"?: [...string]
184
185 // A unique value that identifies this user across time. If this
186 // user is
187 // deleted and another user by the same name is added, they will
188 // have
189 // different UIDs.
190 "uid"?: string
191
192 // The name that uniquely identifies this user among all active
193 // users.
194 "username"?: string
195 }
196 }
197
198 // Operation is the type of resource operation being checked for
199 // admission control
200 "operation"?: string
201 }
202
203 // RequestInfo contains permission info carried in an admission
204 // request.
205 "userInfo"?: {
206 // ClusterRoles is a list of possible clusterRoles send the
207 // request.
208 "clusterRoles"?:
209 null | [...string]
210
211 // Roles is a list of possible role send the request.
212 "roles"?:
213 null | [...string]
214
215 // UserInfo is the userInfo carried in the admission request.
216 "userInfo"?: {
217 // Any additional information provided by the authenticator.
218 "extra"?: [string]: [...string]
219
220 // The names of groups this user is a part of.
221 "groups"?: [...string]
222
223 // A unique value that identifies this user across time. If this
224 // user is
225 // deleted and another user by the same name is added, they will
226 // have
227 // different UIDs.
228 "uid"?: string
229
230 // The name that uniquely identifies this user among all active
231 // users.
232 "username"?: string
233 }
234 }
235 }
236
237 // DeleteDownstream represents whether the downstream needs to be
238 // deleted.
239 // Deprecated
240 "deleteDownstream"!: bool
241
242 // Specifies the name of the policy.
243 "policy"!: string
244
245 // Type represents request type for background processing
246 "requestType"?: "mutate" | "generate"
247
248 // ResourceSpec is the information to identify the trigger
249 // resource.
250 "resource"!: {
251 // APIVersion specifies resource apiVersion.
252 "apiVersion"?: string
253
254 // Kind specifies resource kind.
255 "kind"?: string
256
257 // Name specifies the resource name.
258 "name"?: string
259
260 // Namespace specifies resource namespace.
261 "namespace"?: string
262
263 // UID specifies the resource uid.
264 "uid"?: string
265 }
266
267 // Rule is the associate rule name of the current UR.
268 "rule"!: string
269
270 // RuleContext is the associate context to apply rules.
271 // optional
272 "ruleContext"?: [...{
273 // DeleteDownstream represents whether the downstream needs to be
274 // deleted.
275 "deleteDownstream"!: bool
276
277 // Rule is the associate rule name of the current UR.
278 "rule"!: string
279
280 // Synchronize represents the sync behavior of the corresponding
281 // rule
282 // Optional. Defaults to "false" if not specified.
283 "synchronize"?: bool
284
285 // ResourceSpec is the information to identify the trigger
286 // resource.
287 "trigger"!: {
288 // APIVersion specifies resource apiVersion.
289 "apiVersion"?: string
290
291 // Kind specifies resource kind.
292 "kind"?: string
293
294 // Name specifies the resource name.
295 "name"?: string
296
297 // Namespace specifies resource namespace.
298 "namespace"?: string
299
300 // UID specifies the resource uid.
301 "uid"?: string
302 }
303 }]
304
305 // Synchronize represents the sync behavior of the corresponding
306 // rule
307 // Optional. Defaults to "false" if not specified.
308 // Deprecated, will be removed in 1.14.
309 "synchronize"?: bool
310 }
311
312 // Status contains statistics related to update request.
313 "status"?: {
314 // This will track the resources that are updated by the generate
315 // Policy.
316 // Will be used during clean up resources.
317 "generatedResources"?: [...{
318 // APIVersion specifies resource apiVersion.
319 "apiVersion"?: string
320
321 // Kind specifies resource kind.
322 "kind"?: string
323
324 // Name specifies the resource name.
325 "name"?: string
326
327 // Namespace specifies resource namespace.
328 "namespace"?: string
329
330 // UID specifies the resource uid.
331 "uid"?: string
332 }]
333
334 // Specifies request status message.
335 "message"?: string
336 "retryCount"?: int
337
338 // State represents state of the update request.
339 "state"!: string
340 }
341
342 _embeddedResource: {
343 "apiVersion"!: string
344 "kind"!: string
345 "metadata"?: {
346 ...
347 }
348 }
349 apiVersion: "kyverno.io/v2"
350 kind: "UpdateRequest"
351 metadata!: {
352 "name"!: string
353 "namespace"!: string
354 "labels"?: {
355 [string]: string
356 }
357 "annotations"?: {
358 [string]: string
359 }
360 ...
361 }
362}