Struct kube_core::admission::AdmissionResponse

#[non_exhaustive]
pub struct AdmissionResponse {
    pub types: TypeMeta,
    pub uid: String,
    pub allowed: bool,
    pub result: Status,
    pub patch: Option<Vec<u8>>,
    pub audit_annotations: HashMap<String, String>,
    pub warnings: Option<Vec<String>>,
    /* private fields */
}

Available on crate feature admission only.

An outgoing AdmissionReview response. Constructed from the corresponding AdmissionRequest.

use kube::api::{
        admission::{AdmissionRequest, AdmissionResponse, AdmissionReview},
        DynamicObject,
};

// The incoming AdmissionReview received by the controller.
let body: AdmissionReview<DynamicObject>;
let req: AdmissionRequest<_> = body.try_into().unwrap();

// A normal response with no side effects.
let _: AdmissionReview<_> = AdmissionResponse::from(&req).into_review();

// A response rejecting the admission webhook with a provided reason.
let _: AdmissionReview<_> = AdmissionResponse::from(&req)
    .deny("Some rejection reason.")
    .into_review();

use json_patch::{AddOperation, Patch, PatchOperation};

// A response adding a label to the resource.
let _: AdmissionReview<_> = AdmissionResponse::from(&req)
    .with_patch(Patch(vec![PatchOperation::Add(AddOperation {
        path: "/metadata/labels/my-label".to_owned(),
        value: serde_json::Value::String("my-value".to_owned()),
    })]))
    .unwrap()
    .into_review();

Fields (Non-exhaustive)

Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.

types: TypeMeta

Copied from the corresponding consructing AdmissionRequest.

uid: String

Identifier for the individual request/response. This must be copied over from the corresponding AdmissionRequest.

allowed: bool

Indicates whether or not the admission request was permitted.

result: Status

Extra details into why an admission request was denied. This field IS NOT consulted in any way if “Allowed” is “true”.

patch: Option<Vec<u8>>

The patch body. Currently we only support “JSONPatch” which implements RFC 6902.

audit_annotations: HashMap<String, String>

An unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by the admission webhook to add additional context to the audit log for this request.

warnings: Option<Vec<String>>

A list of warning messages to return to the requesting API client. Warning messages describe a problem the client making the API request should correct or be aware of. Limit warnings to 120 characters if possible. Warnings over 256 characters and large numbers of warnings may be truncated.

Implementations

impl AdmissionResponse

pub fn invalid<T: ToString>(reason: T) -> Self

Constructs an invalid AdmissionResponse. It doesn’t copy the uid from the corresponding AdmissionRequest, so should only be used when the original request cannot be read.

pub fn deny<T: ToString>(self, reason: T) -> Self

Deny the request with a reason. The reason will be sent to the original caller.

pub fn with_patch(self, patch: Patch) -> Result<Self, SerializePatchError>

Add JSON patches to the response, modifying the object from the request.

pub fn into_review(self) -> AdmissionReview<DynamicObject>

Converts an AdmissionResponse into a generic AdmissionReview that can be used as a webhook response.

Trait Implementations

impl Clone for AdmissionResponse

fn clone(&self) -> AdmissionResponse

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for AdmissionResponse

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for AdmissionResponse

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
    __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl<T: Resource> From<&AdmissionRequest<T>> for AdmissionResponse

fn from(req: &AdmissionRequest<T>) -> Self

Converts to this type from the input type.

impl PartialEq<AdmissionResponse> for AdmissionResponse

fn eq(&self, other: &AdmissionResponse) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for AdmissionResponse

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>where
    __S: Serializer,

Serialize this value into the given Serde serializer.

impl Eq for AdmissionResponse

impl StructuralEq for AdmissionResponse

impl StructuralPartialEq for AdmissionResponse