Struct kube_core::admission::AdmissionResponse
source · [−]#[non_exhaustive]pub struct AdmissionResponse {
pub uid: String,
pub allowed: bool,
pub result: Status,
pub patch: Option<Vec<u8>>,
pub audit_annotations: HashMap<String, String>,
pub warnings: Option<Vec<String>>,
/* private fields */
}admission only.Expand description
An outgoing AdmissionReview response. Constructed from the corresponding
AdmissionRequest.
use kube::api::{
admission::{AdmissionRequest, AdmissionResponse, AdmissionReview},
DynamicObject,
};
// The incoming AdmissionReview received by the controller.
let body: AdmissionReview<DynamicObject>;
let req: AdmissionRequest<_> = body.try_into().unwrap();
// A normal response with no side effects.
let _: AdmissionReview<_> = AdmissionResponse::from(&req).into_review();
// A response rejecting the admission webhook with a provided reason.
let _: AdmissionReview<_> = AdmissionResponse::from(&req)
.deny("Some rejection reason.")
.into_review();
use json_patch::{AddOperation, Patch, PatchOperation};
// A response adding a label to the resource.
let _: AdmissionReview<_> = AdmissionResponse::from(&req)
.with_patch(Patch(vec![PatchOperation::Add(AddOperation {
path: "/metadata/labels/my-label".to_owned(),
value: serde_json::Value::String("my-value".to_owned()),
})]))
.unwrap()
.into_review();
Fields (Non-exhaustive)
This struct is marked as non-exhaustive
Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.uid: StringIdentifier for the individual request/response. This must be copied over from the corresponding AdmissionRequest.
allowed: boolIndicates whether or not the admission request was permitted.
result: StatusExtra details into why an admission request was denied. This field IS NOT consulted in any way if “Allowed” is “true”.
patch: Option<Vec<u8>>The patch body. Currently we only support “JSONPatch” which implements RFC 6902.
audit_annotations: HashMap<String, String>An unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by the admission webhook to add additional context to the audit log for this request.
warnings: Option<Vec<String>>A list of warning messages to return to the requesting API client. Warning messages describe a problem the client making the API request should correct or be aware of. Limit warnings to 120 characters if possible. Warnings over 256 characters and large numbers of warnings may be truncated.
Implementations
Constructs an invalid AdmissionResponse. It doesn’t copy the uid from
the corresponding AdmissionRequest, so should only be used when the
original request cannot be read.
Deny the request with a reason. The reason will be sent to the original caller.
Add JSON patches to the response, modifying the object from the request.
Converts an AdmissionResponse into a generic AdmissionReview that
can be used as a webhook response.
Trait Implementations
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
Deserialize this value from the given Serde deserializer. Read more
Performs the conversion.
This method tests for self and other values to be equal, and is used
by ==. Read more
This method tests for !=.
Auto Trait Implementations
impl RefUnwindSafe for AdmissionResponse
impl Send for AdmissionResponse
impl Sync for AdmissionResponse
impl Unpin for AdmissionResponse
impl UnwindSafe for AdmissionResponse
Blanket Implementations
Mutably borrows from an owned value. Read more