Admission response alt #55829
Merged
Admission response alt #55829
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
k8s-ci-robot
added
release-note
k8s-github-robot
added
needs-rebase
5 tasks
cheftako
force-pushed
the
admissionResponseAlt
branch
from
09ecaac
to
201c3f0
Compare
k8s-github-robot
removed
the
needs-rebase
cheftako
force-pushed
the
admissionResponseAlt
branch
2 times, most recently
from
767883b
to
49de924
Compare
|
/test pull-kubernetes-e2e-gce |
cheftako
force-pushed
the
admissionResponseAlt
branch
from
49de924
to
c89d0b2
Compare
lavalamp
reviewed
Nov 16, 2017
pkg/apis/admission/types.go
Outdated
| // AdmissionRequest describes the admission.Attributes for the admission request. | ||
| type AdmissionRequest struct { | ||
| // UID is an identifier for the individual request. It allows us to distinguish instances of requests which are | ||
| // otherwise identical (parallel requests, requests when earlier requests did not modify etc) |
There was a problem hiding this comment.
// It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.
?
There was a problem hiding this comment.
Is it unique to the webhook request or to the originating user request (would two webhooks get the same uid for calls resulting from a single user request, or would they each get their own unique uid)?
There was a problem hiding this comment.
They should each get their own, I think--if we did a UID per request then we'd probably also want a nonce or something here.
There was a problem hiding this comment.
sounds ok, should clarify that in the field doc
pkg/apis/admission/types.go
Outdated
| Patch []byte | ||
| // PatchType indicates the form the Patch will take. Currently we only support "JSONPatch". | ||
| // +optional | ||
| PatchType string |
There was a problem hiding this comment.
We often make special types for this, and define constants.
type PatchType string
const (
PatchTypeJSONPatch PatchType = "JSONPatch"
)
pkg/apis/admission/types.go
Outdated
| // AdmissionReviewStatus describes the status of the admission request. | ||
| type AdmissionReviewStatus struct { | ||
| // AdmissionResponse describes an admission response. | ||
| type AdmissionResponse struct { | ||
| // Allowed indicates whether or not the admission request was permitted. |
There was a problem hiding this comment.
I feel that the UID belongs with the request of the metadata about the request (UserInfo, Operation, Namespace etc). If we are not copying them into the response then it doesn't feel right to copy just the UID in. (If we want to abstract them into a type and reflect that in both request/response, I would be fine with that)
There was a problem hiding this comment.
If we are not copying them into the response then it doesn't feel right to copy just the UID in.
Not sure I follow... the point of the uid is to identify the unique request, right? If the point of echoing is to bind the response to a particular request, the uid seems like the right thing to copy (it implies the rest of the request fields)
There was a problem hiding this comment.
So from the discussions I was in, it seems we want things like UserInfo, Operation, Namespace coming back from the Webhook to the KAS (Just like we want the UID coming back). I'm not objecting to putting the UID in the Response field, so much as saying that I think all the fields want round tripping should be dealt with consistently. So we should either leave all of the in the "Request" field for the return trip (so the KAS can confirm the request the webhook operated on) or we should have the webhook copy all of the fields we want in the return trip into the "Response" object. At that point I would suggest we just package them up to make copying them over a but easier and tidier.
| // Since this admission controller is non-mutating the webhook should avoid setting this in its response to avoid the | ||
| // cost of deserializing it. | ||
| // Request describes the attributes for the admission request. | ||
| Request AdmissionRequest `json:"request,omitempty" protobuf:"bytes,1,opt,name=request"` |
There was a problem hiding this comment.
Should Request be optional?
Do you make it required because the UID/Kind/Resource are required even if the AdmissionReview is a response from the webhook?
There was a problem hiding this comment.
I made it non optional so as you suggest fields like UID/Kind/Resource are present on the response and could be validated by the KAS.
There was a problem hiding this comment.
Things required in the response should probably be in the response portion of the object, and the request optional to echo. The unique identifier makes particular sense.
| // Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and | ||
| // rely on the server to generate the name. If that is the case, this method will return the empty string. | ||
| // +optional | ||
| Name string |
There was a problem hiding this comment.
This is violating our API convention that the empty value of an optional field has to be nil. But I guess we don't care anymore since there are so many violations in our code base.
There was a problem hiding this comment.
This is reflecting the optionality of what was already in the API. I agree we need to come up with a consistent story on what and when we are going to do about our large base of optional/non-pointer fields.
There was a problem hiding this comment.
"If that is the case, this method will return the empty string." ...so, it's not really optional, is it?
cheftako
force-pushed
the
admissionResponseAlt
branch
2 times, most recently
from
f448fea
to
281563a
Compare
pkg/apis/admission/types.go
Outdated
| Patch []byte | ||
| // PatchType indicates the form the Patch will take. Currently we only support "JSONPatch". | ||
| // +optional | ||
| PatchType PatchType |
There was a problem hiding this comment.
Could you make this field a pointer? Validating webhooks will leave this field nil.
Also could you add validation code to check that this field is either nil or equal to PatchTypeJSONPatch?
cheftako
force-pushed
the
admissionResponseAlt
branch
from
281563a
to
bf78973
Compare
|
/test pull-kubernetes-bazel-build |
cheftako
force-pushed
the
admissionResponseAlt
branch
from
bf78973
to
8abf2d1
Compare
liggitt
reviewed
Nov 17, 2017
| // Status is filled in by the webhook and indicates whether the admission request should be permitted. | ||
| // +optional | ||
| Status AdmissionReviewStatus `json:"status,omitempty" protobuf:"bytes,2,opt,name=status"` | ||
| Response AdmissionResponse `json:"response,omitempty" protobuf:"bytes,2,opt,name=response"` |
There was a problem hiding this comment.
The field name and protobuf tag changes throughout mean any existing webhook impl or protobuf client cannot correctly decode the content.
I think that's acceptable given the API and feature was alpha, but worth a check against the deprecation policy,
k8s-github-robot
added
the
needs-rebase
sttts
pushed a commit
to sttts/apiextensions-apiserver
that referenced
this pull request
Nov 18, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/apiserver
that referenced
this pull request
Nov 27, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/kube-aggregator
that referenced
this pull request
Nov 27, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/sample-apiserver
that referenced
this pull request
Nov 27, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/apiextensions-apiserver
that referenced
this pull request
Nov 27, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/apiserver
that referenced
this pull request
Nov 28, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/kube-aggregator
that referenced
this pull request
Nov 28, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/sample-apiserver
that referenced
this pull request
Nov 28, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/apiextensions-apiserver
that referenced
this pull request
Nov 28, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/apiserver
that referenced
this pull request
Nov 28, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/kube-aggregator
that referenced
this pull request
Nov 28, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/sample-apiserver
that referenced
this pull request
Nov 28, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/apiextensions-apiserver
that referenced
this pull request
Nov 28, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/apiserver
that referenced
this pull request
Nov 28, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/kube-aggregator
that referenced
this pull request
Nov 28, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/sample-apiserver
that referenced
this pull request
Nov 28, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/apiextensions-apiserver
that referenced
this pull request
Nov 28, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/apiserver
that referenced
this pull request
Nov 28, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/kube-aggregator
that referenced
this pull request
Nov 28, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/sample-apiserver
that referenced
this pull request
Nov 28, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
sttts
pushed a commit
to sttts/apiextensions-apiserver
that referenced
this pull request
Nov 28, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
k8s-publishing-bot
pushed a commit
to k8s-publishing-bot/apiserver
that referenced
this pull request
Nov 29, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
k8s-publishing-bot
pushed a commit
to k8s-publishing-bot/kube-aggregator
that referenced
this pull request
Nov 29, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
k8s-publishing-bot
pushed a commit
to k8s-publishing-bot/sample-apiserver
that referenced
this pull request
Nov 29, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
k8s-publishing-bot
pushed a commit
to k8s-publishing-bot/apiextensions-apiserver
that referenced
this pull request
Nov 29, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
k8s-publishing-bot
pushed a commit
to k8s-publishing-bot/apiserver
that referenced
this pull request
Dec 7, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
k8s-publishing-bot
pushed a commit
to k8s-publishing-bot/kube-aggregator
that referenced
this pull request
Dec 7, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
k8s-publishing-bot
pushed a commit
to k8s-publishing-bot/sample-apiserver
that referenced
this pull request
Dec 7, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
k8s-publishing-bot
pushed a commit
to k8s-publishing-bot/apiextensions-apiserver
that referenced
this pull request
Dec 7, 2017
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
openshift-publish-robot
pushed a commit
to openshift/kubernetes-sample-apiserver
that referenced
this pull request
Jan 14, 2019
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding mutating webhook admission plugin Ref #kubernetes/enhancements#492 I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once kubernetes/kubernetes#55829 is merged. We should update the release notes to point to the user docs when we have any. ```release-note Added mutation supports to admission webhooks. ``` TODO: - [ ] update test image to v6 after #55829 is merged - [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook - [ ] reduce json marshal/unmarshal roundtrip: kubernetes/kubernetes#54892 (comment) - [ ] move the matching function to a common package that validating and mutating webhooks can both import. - [ ] handle namespace GET failure gracefully for fail open webhook? Kubernetes-commit: 638add6ddfb6d2f9fbc3224d0ce1e8cab9aa3049
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it: This reflects the imperative nature of AdmissionReview. It adds AdmissionRequest and AdmissionResponse in place of status/spec. The AdmissionResponse the allows the mutating webhook to send back a json path with the mutated version of the requested object.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Ref #kubernetes/enhancements#492
Special notes for your reviewer:Port of caesarxuchao's fix with outcome of #55729
Release note: