Merge pull request #58679 from CaoShuFeng/admission_webhook

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. support annotations for admission webhook Depends on: #58143 **Release note**: ```release-note Support annotations for remote admission webhooks. ```
kubernetes · Aug 22, 2018 · 4e76bb4 · 4e76bb4
2 parents 0cb018f + 0ebfc3e
commit 4e76bb4
Show file tree

Hide file tree

Showing 17 changed files with 380 additions and 79 deletions.
diff --git a/pkg/apis/admission/types.go b/pkg/apis/admission/types.go
@@ -92,6 +92,12 @@ type AdmissionResponse struct {
 	// PatchType indicates the form the Patch will take. Currently we only support "JSONPatch".
 	// +optional
 	PatchType *PatchType
+	// AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted).
+	// MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with
+	// admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by
+	// the admission webhook to add additional context to the audit log for this request.
+	// +optional
+	AuditAnnotations map[string]string
 }
 
 // PatchType is the type of patch being used to represent the mutated object

diff --git a/pkg/apis/admission/v1beta1/zz_generated.conversion.go b/pkg/apis/admission/v1beta1/zz_generated.conversion.go
diff --git a/pkg/apis/admission/zz_generated.deepcopy.go b/pkg/apis/admission/zz_generated.deepcopy.go
diff --git a/staging/src/k8s.io/api/admission/v1beta1/BUILD b/staging/src/k8s.io/api/admission/v1beta1/BUILD
@@ -20,6 +20,7 @@ go_library(
         "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
         "//vendor/github.com/gogo/protobuf/proto:go_default_library",
+        "//vendor/github.com/gogo/protobuf/sortkeys:go_default_library",
     ],
 )
 

diff --git a/staging/src/k8s.io/api/admission/v1beta1/generated.pb.go b/staging/src/k8s.io/api/admission/v1beta1/generated.pb.go
diff --git a/staging/src/k8s.io/api/admission/v1beta1/generated.proto b/staging/src/k8s.io/api/admission/v1beta1/generated.proto
diff --git a/staging/src/k8s.io/api/admission/v1beta1/types.go b/staging/src/k8s.io/api/admission/v1beta1/types.go
@@ -94,6 +94,13 @@ type AdmissionResponse struct {
 	// The type of Patch. Currently we only allow "JSONPatch".
 	// +optional
 	PatchType *PatchType `json:"patchType,omitempty" protobuf:"bytes,5,opt,name=patchType"`
+
+	// AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted).
+	// MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with
+	// admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by
+	// the admission webhook to add additional context to the audit log for this request.
+	// +optional
+	AuditAnnotations map[string]string `json:"auditAnnotations,omitempty" protobuf:"bytes,6,opt,name=auditAnnotations"`
 }
 
 // PatchType is the type of patch being used to represent the mutated object