pub struct AdmissionRequest<T>where
T: Resource,{Show 16 fields
pub types: TypeMeta,
pub uid: String,
pub kind: GroupVersionKind,
pub resource: GroupVersionResource,
pub sub_resource: Option<String>,
pub request_kind: Option<GroupVersionKind>,
pub request_resource: Option<GroupVersionResource>,
pub request_sub_resource: Option<String>,
pub name: String,
pub namespace: Option<String>,
pub operation: Operation,
pub user_info: UserInfo,
pub object: Option<T>,
pub old_object: Option<T>,
pub dry_run: bool,
pub options: Option<RawExtension>,
}
client
and admission
only.Expand description
An incoming AdmissionReview
request.
In an admission controller scenario, this is extracted from an AdmissionReview
via TryInto
use kube::core::{admission::{AdmissionRequest, AdmissionReview}, DynamicObject};
// The incoming AdmissionReview received by the controller.
let body: AdmissionReview<DynamicObject> = todo!();
let req: AdmissionRequest<_> = body.try_into().unwrap();
Based on the contents of the request, an admission controller should construct an
AdmissionResponse
using:
AdmissionResponse::deny
for illegal/rejected requestsAdmissionResponse::invalid
for malformed requestsAdmissionResponse::from
for the happy path
then wrap the chosen response in an AdmissionReview
via AdmissionResponse::into_review
.
Fields§
§types: TypeMeta
Copied from the containing AdmissionReview
and used to specify a
response type and version when constructing an AdmissionResponse
.
uid: String
An identifier for the individual request/response. It allows us to distinguish instances of requests which are otherwise identical (parallel requests, requests when earlier requests did not modify, etc). The UID is meant to track the round trip (request/response) between the KAS and the webhook, not the user request. It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.
kind: GroupVersionKind
The fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale).
resource: GroupVersionResource
The fully-qualified resource being requested (for example, v1.pods).
sub_resource: Option<String>
The subresource being requested, if any (for example, “status” or “scale”).
request_kind: Option<GroupVersionKind>
The fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). If this is specified and differs from the value in “kind”, an equivalent match and conversion was performed.
For example, if deployments can be modified via apps/v1 and apps/v1beta1,
and a webhook registered a rule of apiGroups:["apps"], apiVersions:["v1"], resources:["deployments"]
and
matchPolicy:Equivalent
, an API request to apps/v1beta1 deployments
would be converted and sent to the webhook with kind: {group:"apps", version:"v1", kind:"Deployment"}
(matching the rule the webhook
registered for), and requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}
(indicating the kind of the original API request).
See documentation for the “matchPolicy” field in the webhook
configuration type for more details.
request_resource: Option<GroupVersionResource>
The fully-qualified resource of the original API request (for example, v1.pods). If this is specified and differs from the value in “resource”, an equivalent match and conversion was performed.
For example, if deployments can be modified via apps/v1 and apps/v1beta1,
and a webhook registered a rule of apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]
and matchPolicy: Equivalent
, an API request to apps/v1beta1 deployments would be
converted and sent to the webhook with resource: {group:"apps", version:"v1", resource:"deployments"}
(matching the resource the webhook
registered for), and requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}
(indicating the resource of the original API
request).
See documentation for the “matchPolicy” field in the webhook configuration type.
request_sub_resource: Option<String>
The name of the subresource of the original API request, if any (for example, “status” or “scale”). If this is specified and differs from the value in “subResource”, an equivalent match and conversion was performed. See documentation for the “matchPolicy” field in the webhook configuration type.
name: String
The name of the object as presented in the request. On a CREATE operation, the client may omit name and rely on the server to generate the name. If that is the case, this field will contain an empty string.
namespace: Option<String>
The namespace associated with the request (if any).
operation: Operation
The operation being performed. This may be different than the operation requested. e.g. a patch can result in either a CREATE or UPDATE Operation.
user_info: UserInfo
Information about the requesting user.
object: Option<T>
The object from the incoming request. It’s None
for DELETE
operations.
old_object: Option<T>
The existing object. Only populated for DELETE and UPDATE requests.
dry_run: bool
Specifies that modifications will definitely not be persisted for this request.
options: Option<RawExtension>
The operation option structure of the operation being performed. e.g.
meta.k8s.io/v1.DeleteOptions
or meta.k8s.io/v1.CreateOptions
. This
may be different than the options the caller provided. e.g. for a patch
request the performed Operation
might be a CREATE
, in
which case the Options will a meta.k8s.io/v1.CreateOptions
even though
the caller provided meta.k8s.io/v1.PatchOptions
.
Trait Implementations§
source§impl<T> Clone for AdmissionRequest<T>
impl<T> Clone for AdmissionRequest<T>
source§fn clone(&self) -> AdmissionRequest<T>
fn clone(&self) -> AdmissionRequest<T>
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl<T> Debug for AdmissionRequest<T>
impl<T> Debug for AdmissionRequest<T>
source§impl<'de, T> Deserialize<'de> for AdmissionRequest<T>where
T: Resource + Deserialize<'de>,
impl<'de, T> Deserialize<'de> for AdmissionRequest<T>where
T: Resource + Deserialize<'de>,
source§fn deserialize<__D>(
__deserializer: __D,
) -> Result<AdmissionRequest<T>, <__D as Deserializer<'de>>::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(
__deserializer: __D,
) -> Result<AdmissionRequest<T>, <__D as Deserializer<'de>>::Error>where
__D: Deserializer<'de>,
source§impl<T> From<&AdmissionRequest<T>> for AdmissionResponsewhere
T: Resource,
impl<T> From<&AdmissionRequest<T>> for AdmissionResponsewhere
T: Resource,
source§fn from(req: &AdmissionRequest<T>) -> AdmissionResponse
fn from(req: &AdmissionRequest<T>) -> AdmissionResponse
source§impl<T> Serialize for AdmissionRequest<T>
impl<T> Serialize for AdmissionRequest<T>
source§fn serialize<__S>(
&self,
__serializer: __S,
) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>where
__S: Serializer,
fn serialize<__S>(
&self,
__serializer: __S,
) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>where
__S: Serializer,
source§impl<T> TryInto<AdmissionRequest<T>> for AdmissionReview<T>where
T: Resource,
impl<T> TryInto<AdmissionRequest<T>> for AdmissionReview<T>where
T: Resource,
source§type Error = ConvertAdmissionReviewError
type Error = ConvertAdmissionReviewError
source§fn try_into(
self,
) -> Result<AdmissionRequest<T>, <AdmissionReview<T> as TryInto<AdmissionRequest<T>>>::Error>
fn try_into( self, ) -> Result<AdmissionRequest<T>, <AdmissionReview<T> as TryInto<AdmissionRequest<T>>>::Error>
Auto Trait Implementations§
impl<T> Freeze for AdmissionRequest<T>where
T: Freeze,
impl<T> RefUnwindSafe for AdmissionRequest<T>where
T: RefUnwindSafe,
impl<T> Send for AdmissionRequest<T>where
T: Send,
impl<T> Sync for AdmissionRequest<T>where
T: Sync,
impl<T> Unpin for AdmissionRequest<T>where
T: Unpin,
impl<T> UnwindSafe for AdmissionRequest<T>where
T: UnwindSafe,
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§unsafe fn clone_to_uninit(&self, dst: *mut T)
unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)source§impl<T> Instrument for T
impl<T> Instrument for T
source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
source§impl<T> IntoEither for T
impl<T> IntoEither for T
source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moresource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read more