From b4a71bbd8a2aaed23cdd857aa3bf329afd7090d7 Mon Sep 17 00:00:00 2001
From: Cao Shufeng <caosf.fnst@cn.fujitsu.com>
Date: Mon, 21 May 2018 17:16:57 +0800
Subject: [PATCH] add annotations to admission webhook

---
 pkg/apis/admission/types.go                       | 6 ++++++
 staging/src/k8s.io/api/admission/v1beta1/types.go | 7 +++++++
 2 files changed, 13 insertions(+)

diff --git a/pkg/apis/admission/types.go b/pkg/apis/admission/types.go
index 37822220e9f..16cbd586955 100644
--- a/pkg/apis/admission/types.go
+++ b/pkg/apis/admission/types.go
@@ -92,6 +92,12 @@ type AdmissionResponse struct {
 	// PatchType indicates the form the Patch will take. Currently we only support "JSONPatch".
 	// +optional
 	PatchType *PatchType
+	// AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted).
+	// MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with
+	// admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by
+	// the admission webhook to add additional context to the audit log for this request.
+	// +optional
+	AuditAnnotations map[string]string
 }
 
 // PatchType is the type of patch being used to represent the mutated object
diff --git a/staging/src/k8s.io/api/admission/v1beta1/types.go b/staging/src/k8s.io/api/admission/v1beta1/types.go
index 9ad939c396c..a64ec211154 100644
--- a/staging/src/k8s.io/api/admission/v1beta1/types.go
+++ b/staging/src/k8s.io/api/admission/v1beta1/types.go
@@ -94,6 +94,13 @@ type AdmissionResponse struct {
 	// The type of Patch. Currently we only allow "JSONPatch".
 	// +optional
 	PatchType *PatchType `json:"patchType,omitempty" protobuf:"bytes,5,opt,name=patchType"`
+
+	// AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted).
+	// MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with
+	// admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by
+	// the admission webhook to add additional context to the audit log for this request.
+	// +optional
+	AuditAnnotations map[string]string `json:"auditAnnotations,omitempty" protobuf:"bytes,6,opt,name=auditAnnotations"`
 }
 
 // PatchType is the type of patch being used to represent the mutated object