Struct kube_client::api::admission::AdmissionRequest
source · pub struct AdmissionRequest<T>where
T: Resource,{Show 16 fields
pub types: TypeMeta,
pub uid: String,
pub kind: GroupVersionKind,
pub resource: GroupVersionResource,
pub sub_resource: Option<String>,
pub request_kind: Option<GroupVersionKind>,
pub request_resource: Option<GroupVersionResource>,
pub request_sub_resource: Option<String>,
pub name: String,
pub namespace: Option<String>,
pub operation: Operation,
pub user_info: UserInfo,
pub object: Option<T>,
pub old_object: Option<T>,
pub dry_run: bool,
pub options: Option<RawExtension>,
}client and admission only.Expand description
An incoming AdmissionReview request.
In an admission controller scenario, this is extracted from an AdmissionReview via TryInto
use kube::api::{admission::{AdmissionRequest, AdmissionReview}, DynamicObject};
// The incoming AdmissionReview received by the controller.
let body: AdmissionReview<DynamicObject>;
let req: AdmissionRequest<_> = body.try_into().unwrap();Based on the contents of the request, an admission controller should construct an
AdmissionResponse using:
AdmissionResponse::denyfor illegal/rejected requestsAdmissionResponse::invalidfor malformed requestsAdmissionResponse::fromfor the happy path
then wrap the chosen response in an AdmissionReview via AdmissionResponse::into_review.
Fields§
§types: TypeMetaCopied from the containing AdmissionReview and used to specify a
response type and version when constructing an AdmissionResponse.
uid: StringAn identifier for the individual request/response. It allows us to distinguish instances of requests which are otherwise identical (parallel requests, requests when earlier requests did not modify, etc). The UID is meant to track the round trip (request/response) between the KAS and the webhook, not the user request. It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.
kind: GroupVersionKindThe fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale).
resource: GroupVersionResourceThe fully-qualified resource being requested (for example, v1.pods).
sub_resource: Option<String>The subresource being requested, if any (for example, “status” or “scale”).
request_kind: Option<GroupVersionKind>The fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). If this is specified and differs from the value in “kind”, an equivalent match and conversion was performed.
For example, if deployments can be modified via apps/v1 and apps/v1beta1,
and a webhook registered a rule of apiGroups:["apps"], apiVersions:["v1"], resources:["deployments"] and
matchPolicy:Equivalent, an API request to apps/v1beta1 deployments
would be converted and sent to the webhook with kind: {group:"apps", version:"v1", kind:"Deployment"} (matching the rule the webhook
registered for), and requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"} (indicating the kind of the original API request).
See documentation for the “matchPolicy” field in the webhook
configuration type for more details.
request_resource: Option<GroupVersionResource>The fully-qualified resource of the original API request (for example, v1.pods). If this is specified and differs from the value in “resource”, an equivalent match and conversion was performed.
For example, if deployments can be modified via apps/v1 and apps/v1beta1,
and a webhook registered a rule of apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"] and matchPolicy: Equivalent, an API request to apps/v1beta1 deployments would be
converted and sent to the webhook with resource: {group:"apps", version:"v1", resource:"deployments"} (matching the resource the webhook
registered for), and requestResource: {group:"apps", version:"v1beta1", resource:"deployments"} (indicating the resource of the original API
request).
See documentation for the “matchPolicy” field in the webhook configuration type.
request_sub_resource: Option<String>The name of the subresource of the original API request, if any (for example, “status” or “scale”). If this is specified and differs from the value in “subResource”, an equivalent match and conversion was performed. See documentation for the “matchPolicy” field in the webhook configuration type.
name: StringThe name of the object as presented in the request. On a CREATE operation, the client may omit name and rely on the server to generate the name. If that is the case, this field will contain an empty string.
namespace: Option<String>The namespace associated with the request (if any).
operation: OperationThe operation being performed. This may be different than the operation requested. e.g. a patch can result in either a CREATE or UPDATE Operation.
user_info: UserInfoInformation about the requesting user.
object: Option<T>The object from the incoming request. It’s None for DELETE operations.
old_object: Option<T>The existing object. Only populated for DELETE and UPDATE requests.
dry_run: boolSpecifies that modifications will definitely not be persisted for this request.
options: Option<RawExtension>The operation option structure of the operation being performed. e.g.
meta.k8s.io/v1.DeleteOptions or meta.k8s.io/v1.CreateOptions. This
may be different than the options the caller provided. e.g. for a patch
request the performed Operation might be a CREATE, in
which case the Options will a meta.k8s.io/v1.CreateOptions even though
the caller provided meta.k8s.io/v1.PatchOptions.
Trait Implementations§
source§impl<T> Clone for AdmissionRequest<T>where
T: Clone + Resource,
impl<T> Clone for AdmissionRequest<T>where
T: Clone + Resource,
source§fn clone(&self) -> AdmissionRequest<T>
fn clone(&self) -> AdmissionRequest<T>
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read more