Merge pull request #58679 from CaoShuFeng/admission_webhook

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. support annotations for admission webhook Depends on: kubernetes/kubernetes#58143 **Release note**: ```release-note Support annotations for remote admission webhooks. ``` Kubernetes-commit: 4e76bb487e50996468bea6638f8ade45911953de
kubernetes · Aug 22, 2018 · 6cfd077 · 6cfd077
2 parents e393424 + 3f8a835
commit 6cfd077
Show file tree

Hide file tree

Showing 5 changed files with 238 additions and 53 deletions.
diff --git a/admission/v1beta1/generated.pb.go b/admission/v1beta1/generated.pb.go
diff --git a/admission/v1beta1/generated.proto b/admission/v1beta1/generated.proto
diff --git a/admission/v1beta1/types.go b/admission/v1beta1/types.go
@@ -94,6 +94,13 @@ type AdmissionResponse struct {
 	// The type of Patch. Currently we only allow "JSONPatch".
 	// +optional
 	PatchType *PatchType `json:"patchType,omitempty" protobuf:"bytes,5,opt,name=patchType"`
+
+	// AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted).
+	// MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with
+	// admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by
+	// the admission webhook to add additional context to the audit log for this request.
+	// +optional
+	AuditAnnotations map[string]string `json:"auditAnnotations,omitempty" protobuf:"bytes,6,opt,name=auditAnnotations"`
 }
 
 // PatchType is the type of patch being used to represent the mutated object

diff --git a/admission/v1beta1/types_swagger_doc_generated.go b/admission/v1beta1/types_swagger_doc_generated.go
@@ -46,12 +46,13 @@ func (AdmissionRequest) SwaggerDoc() map[string]string {
 }
 
 var map_AdmissionResponse = map[string]string{
-	"":          "AdmissionResponse describes an admission response.",
-	"uid":       "UID is an identifier for the individual request/response. This should be copied over from the corresponding AdmissionRequest.",
-	"allowed":   "Allowed indicates whether or not the admission request was permitted.",
-	"status":    "Result contains extra details into why an admission request was denied. This field IS NOT consulted in any way if \"Allowed\" is \"true\".",
-	"patch":     "The patch body. Currently we only support \"JSONPatch\" which implements RFC 6902.",
-	"patchType": "The type of Patch. Currently we only allow \"JSONPatch\".",
+	"":                 "AdmissionResponse describes an admission response.",
+	"uid":              "UID is an identifier for the individual request/response. This should be copied over from the corresponding AdmissionRequest.",
+	"allowed":          "Allowed indicates whether or not the admission request was permitted.",
+	"status":           "Result contains extra details into why an admission request was denied. This field IS NOT consulted in any way if \"Allowed\" is \"true\".",
+	"patch":            "The patch body. Currently we only support \"JSONPatch\" which implements RFC 6902.",
+	"patchType":        "The type of Patch. Currently we only allow \"JSONPatch\".",
+	"auditAnnotations": "AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by the admission webhook to add additional context to the audit log for this request.",
 }
 
 func (AdmissionResponse) SwaggerDoc() map[string]string {

diff --git a/admission/v1beta1/zz_generated.deepcopy.go b/admission/v1beta1/zz_generated.deepcopy.go