Merge pull request #92667 from liggitt/admission-warnings

Admission webhook warnings
This commit is contained in:
Kubernetes Prow Robot 2020-07-01 23:14:17 -07:00 committed by GitHub
commit f7a13de36c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
29 changed files with 447 additions and 127 deletions

View File

@ -138,6 +138,12 @@ type AdmissionResponse struct {
// the admission webhook to add additional context to the audit log for this request.
// +optional
AuditAnnotations map[string]string
// warnings is a list of warning messages to return to the requesting API client.
// Warning messages describe a problem the client making the API request should correct or be aware of.
// Limit warnings to 120 characters if possible.
// Warnings over 256 characters and large numbers of warnings may be truncated.
// +optional
Warnings []string
}
// PatchType is the type of patch being used to represent the mutated object

View File

@ -143,6 +143,7 @@ func autoConvert_v1_AdmissionResponse_To_admission_AdmissionResponse(in *v1.Admi
out.Patch = *(*[]byte)(unsafe.Pointer(&in.Patch))
out.PatchType = (*admission.PatchType)(unsafe.Pointer(in.PatchType))
out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations))
out.Warnings = *(*[]string)(unsafe.Pointer(&in.Warnings))
return nil
}
@ -158,6 +159,7 @@ func autoConvert_admission_AdmissionResponse_To_v1_AdmissionResponse(in *admissi
out.Patch = *(*[]byte)(unsafe.Pointer(&in.Patch))
out.PatchType = (*v1.PatchType)(unsafe.Pointer(in.PatchType))
out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations))
out.Warnings = *(*[]string)(unsafe.Pointer(&in.Warnings))
return nil
}

View File

@ -143,6 +143,7 @@ func autoConvert_v1beta1_AdmissionResponse_To_admission_AdmissionResponse(in *v1
out.Patch = *(*[]byte)(unsafe.Pointer(&in.Patch))
out.PatchType = (*admission.PatchType)(unsafe.Pointer(in.PatchType))
out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations))
out.Warnings = *(*[]string)(unsafe.Pointer(&in.Warnings))
return nil
}
@ -158,6 +159,7 @@ func autoConvert_admission_AdmissionResponse_To_v1beta1_AdmissionResponse(in *ad
out.Patch = *(*[]byte)(unsafe.Pointer(&in.Patch))
out.PatchType = (*v1beta1.PatchType)(unsafe.Pointer(in.PatchType))
out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations))
out.Warnings = *(*[]string)(unsafe.Pointer(&in.Warnings))
return nil
}

View File

@ -93,6 +93,11 @@ func (in *AdmissionResponse) DeepCopyInto(out *AdmissionResponse) {
(*out)[key] = val
}
}
if in.Warnings != nil {
in, out := &in.Warnings, &out.Warnings
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}

View File

@ -143,64 +143,65 @@ func init() {
}
var fileDescriptor_4b73421fd5edef9f = []byte{
// 898 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0x4d, 0x6f, 0x1b, 0x45,
0x18, 0xf6, 0xc6, 0x89, 0xed, 0x1d, 0x87, 0xda, 0x9d, 0x82, 0x58, 0xf9, 0xb0, 0x36, 0x39, 0x20,
0x17, 0xb5, 0xb3, 0x24, 0x82, 0x2a, 0xaa, 0x38, 0x34, 0x4b, 0x2a, 0x14, 0x90, 0x9a, 0x68, 0xda,
0xa0, 0x8a, 0x03, 0xd2, 0xd8, 0x3b, 0xb5, 0x17, 0xdb, 0x33, 0xcb, 0xce, 0xac, 0x83, 0x6f, 0x9c,
0x38, 0xf3, 0x0f, 0xf8, 0x1d, 0xfc, 0x83, 0x1c, 0x7b, 0xec, 0xc9, 0x22, 0xe6, 0x5f, 0x44, 0x42,
0x42, 0x33, 0x3b, 0xfb, 0xd1, 0x7c, 0x88, 0xd0, 0xf4, 0xe4, 0x79, 0x3f, 0x9e, 0xe7, 0x7d, 0xfd,
0xbc, 0x3b, 0xef, 0x80, 0x27, 0x93, 0x5d, 0x81, 0x42, 0xee, 0x4d, 0x92, 0x01, 0x8d, 0x19, 0x95,
0x54, 0x78, 0x73, 0xca, 0x02, 0x1e, 0x7b, 0x26, 0x40, 0xa2, 0xd0, 0x23, 0xc1, 0x2c, 0x14, 0x22,
0xe4, 0xcc, 0x9b, 0x6f, 0x7b, 0x23, 0xca, 0x68, 0x4c, 0x24, 0x0d, 0x50, 0x14, 0x73, 0xc9, 0xe1,
0xc7, 0x69, 0x22, 0x22, 0x51, 0x88, 0xf2, 0x44, 0x34, 0xdf, 0xee, 0x3c, 0x1c, 0x85, 0x72, 0x9c,
0x0c, 0xd0, 0x90, 0xcf, 0xbc, 0x11, 0x1f, 0x71, 0x4f, 0xe7, 0x0f, 0x92, 0x57, 0xda, 0xd2, 0x86,
0x3e, 0xa5, 0x3c, 0x9d, 0x07, 0xe5, 0x82, 0x89, 0x1c, 0x53, 0x26, 0xc3, 0x21, 0x91, 0x57, 0x57,
0xed, 0x7c, 0x51, 0x64, 0xcf, 0xc8, 0x70, 0x1c, 0x32, 0x1a, 0x2f, 0xbc, 0x68, 0x32, 0x52, 0x0e,
0xe1, 0xcd, 0xa8, 0x24, 0x57, 0xa1, 0xbc, 0xeb, 0x50, 0x71, 0xc2, 0x64, 0x38, 0xa3, 0x97, 0x00,
0x8f, 0xfe, 0x0b, 0x20, 0x86, 0x63, 0x3a, 0x23, 0x17, 0x71, 0x5b, 0x7f, 0xd8, 0xa0, 0xbd, 0x97,
0x89, 0x81, 0xe9, 0xcf, 0x09, 0x15, 0x12, 0xfa, 0xa0, 0x9a, 0x84, 0x81, 0x63, 0xf5, 0xac, 0xbe,
0xed, 0x7f, 0x7e, 0xba, 0xec, 0x56, 0x56, 0xcb, 0x6e, 0xf5, 0xf8, 0x60, 0xff, 0x7c, 0xd9, 0xfd,
0xe4, 0xba, 0x42, 0x72, 0x11, 0x51, 0x81, 0x8e, 0x0f, 0xf6, 0xb1, 0x02, 0xc3, 0x97, 0x60, 0x7d,
0x12, 0xb2, 0xc0, 0x59, 0xeb, 0x59, 0xfd, 0xe6, 0xce, 0x23, 0x54, 0x88, 0x9f, 0xc3, 0x50, 0x34,
0x19, 0x29, 0x87, 0x40, 0x4a, 0x06, 0x34, 0xdf, 0x46, 0xdf, 0xc4, 0x3c, 0x89, 0xbe, 0xa7, 0xb1,
0x6a, 0xe6, 0xbb, 0x90, 0x05, 0xfe, 0xa6, 0x29, 0xbe, 0xae, 0x2c, 0xac, 0x19, 0xe1, 0x18, 0x34,
0x62, 0x2a, 0x78, 0x12, 0x0f, 0xa9, 0x53, 0xd5, 0xec, 0x8f, 0xff, 0x3f, 0x3b, 0x36, 0x0c, 0x7e,
0xdb, 0x54, 0x68, 0x64, 0x1e, 0x9c, 0xb3, 0xc3, 0x2f, 0x41, 0x53, 0x24, 0x83, 0x2c, 0xe0, 0xac,
0x6b, 0x3d, 0xee, 0x19, 0x40, 0xf3, 0x79, 0x11, 0xc2, 0xe5, 0x3c, 0x18, 0x82, 0x66, 0x9c, 0x2a,
0xa9, 0xba, 0x76, 0x3e, 0xb8, 0x95, 0x02, 0x2d, 0x55, 0x0a, 0x17, 0x74, 0xb8, 0xcc, 0x0d, 0x17,
0xa0, 0x65, 0xcc, 0xbc, 0xcb, 0x3b, 0xb7, 0x96, 0xe4, 0xde, 0x6a, 0xd9, 0x6d, 0xe1, 0xb7, 0x69,
0xf1, 0xc5, 0x3a, 0xf0, 0x5b, 0x00, 0x8d, 0xab, 0x24, 0x84, 0xd3, 0xd2, 0x1a, 0x75, 0x8c, 0x46,
0x10, 0x5f, 0xca, 0xc0, 0x57, 0xa0, 0x60, 0x0f, 0xac, 0x33, 0x32, 0xa3, 0xce, 0x86, 0x46, 0xe7,
0x43, 0x7f, 0x46, 0x66, 0x14, 0xeb, 0x08, 0xf4, 0x80, 0xad, 0x7e, 0x45, 0x44, 0x86, 0xd4, 0xa9,
0xe9, 0xb4, 0xbb, 0x26, 0xcd, 0x7e, 0x96, 0x05, 0x70, 0x91, 0x03, 0xbf, 0x02, 0x36, 0x8f, 0xd4,
0xa7, 0x1e, 0x72, 0xe6, 0xd4, 0x35, 0xc0, 0xcd, 0x00, 0x87, 0x59, 0xe0, 0xbc, 0x6c, 0xe0, 0x02,
0x00, 0x5f, 0x80, 0x46, 0x22, 0x68, 0x7c, 0xc0, 0x5e, 0x71, 0xa7, 0xa1, 0x05, 0xfd, 0x14, 0x95,
0xd7, 0xc7, 0x5b, 0xd7, 0x5e, 0x09, 0x79, 0x6c, 0xb2, 0x8b, 0xef, 0x29, 0xf3, 0xe0, 0x9c, 0x09,
0x1e, 0x83, 0x1a, 0x1f, 0xfc, 0x44, 0x87, 0xd2, 0xb1, 0x35, 0xe7, 0xc3, 0x6b, 0x87, 0x64, 0x6e,
0x2d, 0xc2, 0xe4, 0xe4, 0xe9, 0x2f, 0x92, 0x32, 0x35, 0x1f, 0xff, 0x8e, 0xa1, 0xae, 0x1d, 0x6a,
0x12, 0x6c, 0xc8, 0xe0, 0x8f, 0xc0, 0xe6, 0xd3, 0x20, 0x75, 0x3a, 0xe0, 0x5d, 0x98, 0x73, 0x29,
0x0f, 0x33, 0x1e, 0x5c, 0x50, 0xc2, 0x2d, 0x50, 0x0b, 0xe2, 0x05, 0x4e, 0x98, 0xd3, 0xec, 0x59,
0xfd, 0x86, 0x0f, 0x54, 0x0f, 0xfb, 0xda, 0x83, 0x4d, 0x04, 0xbe, 0x04, 0x75, 0x1e, 0x29, 0x31,
0x84, 0xb3, 0xf9, 0x2e, 0x1d, 0xb4, 0x4c, 0x07, 0xf5, 0xc3, 0x94, 0x05, 0x67, 0x74, 0x5b, 0xff,
0x54, 0xc1, 0xdd, 0xd2, 0x86, 0x12, 0x11, 0x67, 0x82, 0xbe, 0x97, 0x15, 0x75, 0x1f, 0xd4, 0xc9,
0x74, 0xca, 0x4f, 0x68, 0xba, 0xa5, 0x1a, 0x45, 0x13, 0x7b, 0xa9, 0x1b, 0x67, 0x71, 0x78, 0x04,
0x6a, 0x42, 0x12, 0x99, 0x08, 0xb3, 0x71, 0x1e, 0xdc, 0xec, 0x7a, 0x3d, 0xd7, 0x98, 0x54, 0x30,
0x4c, 0x45, 0x32, 0x95, 0xd8, 0xf0, 0xc0, 0x2e, 0xd8, 0x88, 0x88, 0x1c, 0x8e, 0xf5, 0x56, 0xd9,
0xf4, 0xed, 0xd5, 0xb2, 0xbb, 0x71, 0xa4, 0x1c, 0x38, 0xf5, 0xc3, 0x5d, 0x60, 0xeb, 0xc3, 0x8b,
0x45, 0x94, 0x5d, 0x8c, 0x8e, 0x1a, 0xd1, 0x51, 0xe6, 0x3c, 0x2f, 0x1b, 0xb8, 0x48, 0x86, 0xbf,
0x59, 0xa0, 0x4d, 0x92, 0x20, 0x94, 0x7b, 0x8c, 0x71, 0x49, 0xd2, 0xa9, 0xd4, 0x7a, 0xd5, 0x7e,
0x73, 0xe7, 0x09, 0xba, 0xe6, 0x11, 0x44, 0x97, 0x24, 0x46, 0x7b, 0x17, 0x28, 0x9e, 0x32, 0x19,
0x2f, 0x7c, 0xc7, 0x68, 0xd4, 0xbe, 0x18, 0xc6, 0x97, 0x6a, 0x76, 0xbe, 0x06, 0x1f, 0x5d, 0x49,
0x02, 0xdb, 0xa0, 0x3a, 0xa1, 0x8b, 0x74, 0x7a, 0x58, 0x1d, 0xe1, 0x87, 0x60, 0x63, 0x4e, 0xa6,
0x09, 0xd5, 0x93, 0xb0, 0x71, 0x6a, 0x3c, 0x5e, 0xdb, 0xb5, 0xb6, 0xfe, 0xb4, 0x40, 0xab, 0xd4,
0xdc, 0x3c, 0xa4, 0x27, 0xf0, 0x08, 0xd4, 0xcd, 0x16, 0xd1, 0x1c, 0xcd, 0x9d, 0xfb, 0x37, 0xf9,
0x5f, 0x1a, 0xe0, 0x37, 0xd5, 0x80, 0xb3, 0xed, 0x96, 0xd1, 0xa8, 0x0b, 0x1f, 0x9b, 0x3f, 0x6e,
0x9e, 0xac, 0xcf, 0x6e, 0x2e, 0x95, 0xbf, 0x69, 0x1e, 0x10, 0x6d, 0xe1, 0x9c, 0xc9, 0xef, 0x9f,
0x9e, 0xb9, 0x95, 0xd7, 0x67, 0x6e, 0xe5, 0xcd, 0x99, 0x5b, 0xf9, 0x75, 0xe5, 0x5a, 0xa7, 0x2b,
0xd7, 0x7a, 0xbd, 0x72, 0xad, 0x37, 0x2b, 0xd7, 0xfa, 0x6b, 0xe5, 0x5a, 0xbf, 0xff, 0xed, 0x56,
0x7e, 0x58, 0x9b, 0x6f, 0xff, 0x1b, 0x00, 0x00, 0xff, 0xff, 0x37, 0xc7, 0x3f, 0x71, 0xdf, 0x08,
0x00, 0x00,
// 919 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0x4f, 0x6f, 0x1b, 0x45,
0x14, 0xf7, 0xd6, 0x8e, 0xed, 0x1d, 0x87, 0xda, 0x9d, 0x82, 0x58, 0xf9, 0xb0, 0x36, 0x39, 0x20,
0x17, 0xb5, 0xbb, 0x24, 0x82, 0x2a, 0xaa, 0x38, 0x34, 0x4b, 0x2a, 0x14, 0x90, 0x9a, 0x68, 0xda,
0x40, 0xc5, 0x01, 0x69, 0xec, 0x9d, 0xda, 0x83, 0xed, 0x99, 0x65, 0x67, 0xd6, 0xc1, 0x37, 0x4e,
0x9c, 0xf9, 0x06, 0x1c, 0xf9, 0x0c, 0x7c, 0x83, 0x1c, 0x7b, 0xec, 0xc9, 0x22, 0xe6, 0x5b, 0xe4,
0x84, 0x66, 0x76, 0xf6, 0x4f, 0xf3, 0x47, 0x84, 0x96, 0x93, 0xf7, 0xfd, 0xf9, 0xfd, 0xde, 0xf3,
0xef, 0xed, 0x7b, 0x0b, 0x1e, 0x4f, 0x77, 0x85, 0x47, 0xb9, 0x3f, 0x4d, 0x86, 0x24, 0x66, 0x44,
0x12, 0xe1, 0x2f, 0x08, 0x0b, 0x79, 0xec, 0x9b, 0x00, 0x8e, 0xa8, 0x8f, 0xc3, 0x39, 0x15, 0x82,
0x72, 0xe6, 0x2f, 0xb6, 0xfd, 0x31, 0x61, 0x24, 0xc6, 0x92, 0x84, 0x5e, 0x14, 0x73, 0xc9, 0xe1,
0x87, 0x69, 0xa2, 0x87, 0x23, 0xea, 0xe5, 0x89, 0xde, 0x62, 0xbb, 0xfb, 0x60, 0x4c, 0xe5, 0x24,
0x19, 0x7a, 0x23, 0x3e, 0xf7, 0xc7, 0x7c, 0xcc, 0x7d, 0x9d, 0x3f, 0x4c, 0x5e, 0x6a, 0x4b, 0x1b,
0xfa, 0x29, 0xe5, 0xe9, 0xde, 0x2f, 0x17, 0x4c, 0xe4, 0x84, 0x30, 0x49, 0x47, 0x58, 0x5e, 0x5d,
0xb5, 0xfb, 0x59, 0x91, 0x3d, 0xc7, 0xa3, 0x09, 0x65, 0x24, 0x5e, 0xfa, 0xd1, 0x74, 0xac, 0x1c,
0xc2, 0x9f, 0x13, 0x89, 0xaf, 0x42, 0xf9, 0xd7, 0xa1, 0xe2, 0x84, 0x49, 0x3a, 0x27, 0x97, 0x00,
0x0f, 0xff, 0x0d, 0x20, 0x46, 0x13, 0x32, 0xc7, 0x17, 0x71, 0x5b, 0xbf, 0xdb, 0xa0, 0xb3, 0x97,
0x89, 0x81, 0xc8, 0x4f, 0x09, 0x11, 0x12, 0x06, 0xa0, 0x9a, 0xd0, 0xd0, 0xb1, 0xfa, 0xd6, 0xc0,
0x0e, 0x3e, 0x3d, 0x5d, 0xf5, 0x2a, 0xeb, 0x55, 0xaf, 0x7a, 0x7c, 0xb0, 0x7f, 0xbe, 0xea, 0x7d,
0x74, 0x5d, 0x21, 0xb9, 0x8c, 0x88, 0xf0, 0x8e, 0x0f, 0xf6, 0x91, 0x02, 0xc3, 0x17, 0xa0, 0x36,
0xa5, 0x2c, 0x74, 0x6e, 0xf5, 0xad, 0x41, 0x6b, 0xe7, 0xa1, 0x57, 0x88, 0x9f, 0xc3, 0xbc, 0x68,
0x3a, 0x56, 0x0e, 0xe1, 0x29, 0x19, 0xbc, 0xc5, 0xb6, 0xf7, 0x55, 0xcc, 0x93, 0xe8, 0x5b, 0x12,
0xab, 0x66, 0xbe, 0xa1, 0x2c, 0x0c, 0x36, 0x4d, 0xf1, 0x9a, 0xb2, 0x90, 0x66, 0x84, 0x13, 0xd0,
0x8c, 0x89, 0xe0, 0x49, 0x3c, 0x22, 0x4e, 0x55, 0xb3, 0x3f, 0xfa, 0xef, 0xec, 0xc8, 0x30, 0x04,
0x1d, 0x53, 0xa1, 0x99, 0x79, 0x50, 0xce, 0x0e, 0x3f, 0x07, 0x2d, 0x91, 0x0c, 0xb3, 0x80, 0x53,
0xd3, 0x7a, 0xdc, 0x35, 0x80, 0xd6, 0xb3, 0x22, 0x84, 0xca, 0x79, 0x90, 0x82, 0x56, 0x9c, 0x2a,
0xa9, 0xba, 0x76, 0xde, 0x7b, 0x27, 0x05, 0xda, 0xaa, 0x14, 0x2a, 0xe8, 0x50, 0x99, 0x1b, 0x2e,
0x41, 0xdb, 0x98, 0x79, 0x97, 0xb7, 0xdf, 0x59, 0x92, 0xbb, 0xeb, 0x55, 0xaf, 0x8d, 0xde, 0xa4,
0x45, 0x17, 0xeb, 0xc0, 0xaf, 0x01, 0x34, 0xae, 0x92, 0x10, 0x4e, 0x5b, 0x6b, 0xd4, 0x35, 0x1a,
0x41, 0x74, 0x29, 0x03, 0x5d, 0x81, 0x82, 0x7d, 0x50, 0x63, 0x78, 0x4e, 0x9c, 0x0d, 0x8d, 0xce,
0x87, 0xfe, 0x14, 0xcf, 0x09, 0xd2, 0x11, 0xe8, 0x03, 0x5b, 0xfd, 0x8a, 0x08, 0x8f, 0x88, 0x53,
0xd7, 0x69, 0x77, 0x4c, 0x9a, 0xfd, 0x34, 0x0b, 0xa0, 0x22, 0x07, 0x7e, 0x01, 0x6c, 0x1e, 0xa9,
0x57, 0x9d, 0x72, 0xe6, 0x34, 0x34, 0xc0, 0xcd, 0x00, 0x87, 0x59, 0xe0, 0xbc, 0x6c, 0xa0, 0x02,
0x00, 0x9f, 0x83, 0x66, 0x22, 0x48, 0x7c, 0xc0, 0x5e, 0x72, 0xa7, 0xa9, 0x05, 0xfd, 0xd8, 0x2b,
0x9f, 0x8f, 0x37, 0xd6, 0x5e, 0x09, 0x79, 0x6c, 0xb2, 0x8b, 0xf7, 0x29, 0xf3, 0xa0, 0x9c, 0x09,
0x1e, 0x83, 0x3a, 0x1f, 0xfe, 0x48, 0x46, 0xd2, 0xb1, 0x35, 0xe7, 0x83, 0x6b, 0x87, 0x64, 0xb6,
0xd6, 0x43, 0xf8, 0xe4, 0xc9, 0xcf, 0x92, 0x30, 0x35, 0x9f, 0xe0, 0xb6, 0xa1, 0xae, 0x1f, 0x6a,
0x12, 0x64, 0xc8, 0xe0, 0x0f, 0xc0, 0xe6, 0xb3, 0x30, 0x75, 0x3a, 0xe0, 0x6d, 0x98, 0x73, 0x29,
0x0f, 0x33, 0x1e, 0x54, 0x50, 0xc2, 0x2d, 0x50, 0x0f, 0xe3, 0x25, 0x4a, 0x98, 0xd3, 0xea, 0x5b,
0x83, 0x66, 0x00, 0x54, 0x0f, 0xfb, 0xda, 0x83, 0x4c, 0x04, 0xbe, 0x00, 0x0d, 0x1e, 0x29, 0x31,
0x84, 0xb3, 0xf9, 0x36, 0x1d, 0xb4, 0x4d, 0x07, 0x8d, 0xc3, 0x94, 0x05, 0x65, 0x74, 0x5b, 0x7f,
0xd4, 0xc0, 0x9d, 0xd2, 0x85, 0x12, 0x11, 0x67, 0x82, 0xfc, 0x2f, 0x27, 0xea, 0x1e, 0x68, 0xe0,
0xd9, 0x8c, 0x9f, 0x90, 0xf4, 0x4a, 0x35, 0x8b, 0x26, 0xf6, 0x52, 0x37, 0xca, 0xe2, 0xf0, 0x08,
0xd4, 0x85, 0xc4, 0x32, 0x11, 0xe6, 0xe2, 0xdc, 0xbf, 0xd9, 0x7a, 0x3d, 0xd3, 0x98, 0x54, 0x30,
0x44, 0x44, 0x32, 0x93, 0xc8, 0xf0, 0xc0, 0x1e, 0xd8, 0x88, 0xb0, 0x1c, 0x4d, 0xf4, 0x55, 0xd9,
0x0c, 0xec, 0xf5, 0xaa, 0xb7, 0x71, 0xa4, 0x1c, 0x28, 0xf5, 0xc3, 0x5d, 0x60, 0xeb, 0x87, 0xe7,
0xcb, 0x28, 0x5b, 0x8c, 0xae, 0x1a, 0xd1, 0x51, 0xe6, 0x3c, 0x2f, 0x1b, 0xa8, 0x48, 0x86, 0xbf,
0x5a, 0xa0, 0x83, 0x93, 0x90, 0xca, 0x3d, 0xc6, 0xb8, 0xc4, 0xe9, 0x54, 0xea, 0xfd, 0xea, 0xa0,
0xb5, 0xf3, 0xd8, 0xbb, 0xe6, 0x23, 0xe8, 0x5d, 0x92, 0xd8, 0xdb, 0xbb, 0x40, 0xf1, 0x84, 0xc9,
0x78, 0x19, 0x38, 0x46, 0xa3, 0xce, 0xc5, 0x30, 0xba, 0x54, 0x13, 0x0e, 0x40, 0xf3, 0x04, 0xc7,
0x8c, 0xb2, 0xb1, 0x70, 0x1a, 0xfd, 0xaa, 0x5a, 0x6d, 0xb5, 0x19, 0xdf, 0x19, 0x1f, 0xca, 0xa3,
0xdd, 0x2f, 0xc1, 0x07, 0x57, 0x96, 0x83, 0x1d, 0x50, 0x9d, 0x92, 0x65, 0x3a, 0x67, 0xa4, 0x1e,
0xe1, 0xfb, 0x60, 0x63, 0x81, 0x67, 0x09, 0xd1, 0x33, 0xb3, 0x51, 0x6a, 0x3c, 0xba, 0xb5, 0x6b,
0x6d, 0xfd, 0x69, 0x81, 0x76, 0xe9, 0x6f, 0x2c, 0x28, 0x39, 0x81, 0x47, 0xa0, 0x61, 0xee, 0x8d,
0xe6, 0x68, 0xed, 0xdc, 0xbb, 0x89, 0x02, 0x1a, 0x10, 0xb4, 0xd4, 0xab, 0x90, 0xdd, 0xc1, 0x8c,
0x46, 0x9d, 0x86, 0xd8, 0x48, 0x64, 0x3e, 0x6e, 0x9f, 0xdc, 0x5c, 0xd4, 0x54, 0x80, 0xcc, 0x42,
0x39, 0x53, 0x30, 0x38, 0x3d, 0x73, 0x2b, 0xaf, 0xce, 0xdc, 0xca, 0xeb, 0x33, 0xb7, 0xf2, 0xcb,
0xda, 0xb5, 0x4e, 0xd7, 0xae, 0xf5, 0x6a, 0xed, 0x5a, 0xaf, 0xd7, 0xae, 0xf5, 0xd7, 0xda, 0xb5,
0x7e, 0xfb, 0xdb, 0xad, 0x7c, 0x7f, 0x6b, 0xb1, 0xfd, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x62,
0xcb, 0x64, 0xf1, 0x09, 0x09, 0x00, 0x00,
}
func (m *AdmissionRequest) Marshal() (dAtA []byte, err error) {
@ -370,6 +371,15 @@ func (m *AdmissionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
_ = i
var l int
_ = l
if len(m.Warnings) > 0 {
for iNdEx := len(m.Warnings) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Warnings[iNdEx])
copy(dAtA[i:], m.Warnings[iNdEx])
i = encodeVarintGenerated(dAtA, i, uint64(len(m.Warnings[iNdEx])))
i--
dAtA[i] = 0x3a
}
}
if len(m.AuditAnnotations) > 0 {
keysForAuditAnnotations := make([]string, 0, len(m.AuditAnnotations))
for k := range m.AuditAnnotations {
@ -567,6 +577,12 @@ func (m *AdmissionResponse) Size() (n int) {
n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize))
}
}
if len(m.Warnings) > 0 {
for _, s := range m.Warnings {
l = len(s)
n += 1 + l + sovGenerated(uint64(l))
}
}
return n
}
@ -638,6 +654,7 @@ func (this *AdmissionResponse) String() string {
`Patch:` + valueToStringGenerated(this.Patch) + `,`,
`PatchType:` + valueToStringGenerated(this.PatchType) + `,`,
`AuditAnnotations:` + mapStringForAuditAnnotations + `,`,
`Warnings:` + fmt.Sprintf("%v", this.Warnings) + `,`,
`}`,
}, "")
return s
@ -1508,6 +1525,38 @@ func (m *AdmissionResponse) Unmarshal(dAtA []byte) error {
}
m.AuditAnnotations[mapkey] = mapvalue
iNdEx = postIndex
case 7:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Warnings", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthGenerated
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthGenerated
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Warnings = append(m.Warnings, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])

View File

@ -145,6 +145,13 @@ message AdmissionResponse {
// the admission webhook to add additional context to the audit log for this request.
// +optional
map<string, string> auditAnnotations = 6;
// warnings is a list of warning messages to return to the requesting API client.
// Warning messages describe a problem the client making the API request should correct or be aware of.
// Limit warnings to 120 characters if possible.
// Warnings over 256 characters and large numbers of warnings may be truncated.
// +optional
repeated string warnings = 7;
}
// AdmissionReview describes an admission review request/response.

View File

@ -140,6 +140,13 @@ type AdmissionResponse struct {
// the admission webhook to add additional context to the audit log for this request.
// +optional
AuditAnnotations map[string]string `json:"auditAnnotations,omitempty" protobuf:"bytes,6,opt,name=auditAnnotations"`
// warnings is a list of warning messages to return to the requesting API client.
// Warning messages describe a problem the client making the API request should correct or be aware of.
// Limit warnings to 120 characters if possible.
// Warnings over 256 characters and large numbers of warnings may be truncated.
// +optional
Warnings []string `json:"warnings,omitempty" protobuf:"bytes,7,rep,name=warnings"`
}
// PatchType is the type of patch being used to represent the mutated object

View File

@ -58,6 +58,7 @@ var map_AdmissionResponse = map[string]string{
"patch": "The patch body. Currently we only support \"JSONPatch\" which implements RFC 6902.",
"patchType": "The type of Patch. Currently we only allow \"JSONPatch\".",
"auditAnnotations": "AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by the admission webhook to add additional context to the audit log for this request.",
"warnings": "warnings is a list of warning messages to return to the requesting API client. Warning messages describe a problem the client making the API request should correct or be aware of. Limit warnings to 120 characters if possible. Warnings over 256 characters and large numbers of warnings may be truncated.",
}
func (AdmissionResponse) SwaggerDoc() map[string]string {

View File

@ -87,6 +87,11 @@ func (in *AdmissionResponse) DeepCopyInto(out *AdmissionResponse) {
(*out)[key] = val
}
}
if in.Warnings != nil {
in, out := &in.Warnings, &out.Warnings
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}

View File

@ -143,64 +143,65 @@ func init() {
}
var fileDescriptor_b87c2352de86eab9 = []byte{
// 902 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0x4f, 0x6f, 0x1b, 0x45,
0x14, 0xf7, 0xd6, 0x8e, 0xed, 0x1d, 0x87, 0xda, 0x9d, 0x82, 0xb4, 0xb2, 0xd0, 0xda, 0xe4, 0x80,
0x82, 0xd4, 0xcc, 0x92, 0x08, 0xaa, 0xa8, 0xe2, 0x92, 0x25, 0x11, 0x0a, 0x48, 0x4d, 0x34, 0xad,
0x51, 0xe1, 0x80, 0x34, 0xf6, 0x4e, 0xed, 0xc5, 0xf6, 0xcc, 0xb2, 0x33, 0xeb, 0xe0, 0x1b, 0xe2,
0xca, 0x85, 0x6f, 0xc0, 0x87, 0xe1, 0x92, 0x63, 0x8f, 0x3d, 0x59, 0xc4, 0x7c, 0x8b, 0x9c, 0xd0,
0xcc, 0xce, 0x7a, 0xb7, 0x76, 0x02, 0xfd, 0xc3, 0xc9, 0xf3, 0xfe, 0xfc, 0x7e, 0xef, 0xf9, 0xf7,
0x76, 0xde, 0x80, 0x93, 0xf1, 0xa1, 0x40, 0x21, 0xf7, 0xc6, 0x49, 0x9f, 0xc6, 0x8c, 0x4a, 0x2a,
0xbc, 0x19, 0x65, 0x01, 0x8f, 0x3d, 0x13, 0x20, 0x51, 0xe8, 0x91, 0x60, 0x1a, 0x0a, 0x11, 0x72,
0xe6, 0xcd, 0xf6, 0xfb, 0x54, 0x92, 0x7d, 0x6f, 0x48, 0x19, 0x8d, 0x89, 0xa4, 0x01, 0x8a, 0x62,
0x2e, 0x39, 0xfc, 0x30, 0xcd, 0x46, 0x24, 0x0a, 0xd1, 0x2a, 0x1b, 0x99, 0xec, 0xf6, 0xde, 0x30,
0x94, 0xa3, 0xa4, 0x8f, 0x06, 0x7c, 0xea, 0x0d, 0xf9, 0x90, 0x7b, 0x1a, 0xd4, 0x4f, 0x9e, 0x6b,
0x4b, 0x1b, 0xfa, 0x94, 0x92, 0xb5, 0x1f, 0x14, 0x4b, 0x27, 0x72, 0x44, 0x99, 0x0c, 0x07, 0x44,
0xa6, 0xf5, 0xd7, 0x4b, 0xb7, 0x3f, 0xcb, 0xb3, 0xa7, 0x64, 0x30, 0x0a, 0x19, 0x8d, 0xe7, 0x5e,
0x34, 0x1e, 0x2a, 0x87, 0xf0, 0xa6, 0x54, 0x92, 0x9b, 0x50, 0xde, 0x6d, 0xa8, 0x38, 0x61, 0x32,
0x9c, 0xd2, 0x0d, 0xc0, 0xc3, 0xff, 0x02, 0x88, 0xc1, 0x88, 0x4e, 0xc9, 0x3a, 0x6e, 0xe7, 0x0f,
0x1b, 0xb4, 0x8e, 0x32, 0x45, 0x30, 0xfd, 0x29, 0xa1, 0x42, 0x42, 0x1f, 0x94, 0x93, 0x30, 0x70,
0xac, 0xae, 0xb5, 0x6b, 0xfb, 0x9f, 0x5e, 0x2e, 0x3a, 0xa5, 0xe5, 0xa2, 0x53, 0xee, 0x9d, 0x1e,
0x5f, 0x2f, 0x3a, 0x1f, 0xdd, 0x56, 0x48, 0xce, 0x23, 0x2a, 0x50, 0xef, 0xf4, 0x18, 0x2b, 0x30,
0x7c, 0x06, 0x2a, 0xe3, 0x90, 0x05, 0xce, 0x9d, 0xae, 0xb5, 0xdb, 0x38, 0x78, 0x88, 0xf2, 0x09,
0xac, 0x60, 0x28, 0x1a, 0x0f, 0x95, 0x43, 0x20, 0x25, 0x03, 0x9a, 0xed, 0xa3, 0xaf, 0x62, 0x9e,
0x44, 0xdf, 0xd2, 0x58, 0x35, 0xf3, 0x4d, 0xc8, 0x02, 0x7f, 0xdb, 0x14, 0xaf, 0x28, 0x0b, 0x6b,
0x46, 0x38, 0x02, 0xf5, 0x98, 0x0a, 0x9e, 0xc4, 0x03, 0xea, 0x94, 0x35, 0xfb, 0xa3, 0x37, 0x67,
0xc7, 0x86, 0xc1, 0x6f, 0x99, 0x0a, 0xf5, 0xcc, 0x83, 0x57, 0xec, 0xf0, 0x73, 0xd0, 0x10, 0x49,
0x3f, 0x0b, 0x38, 0x15, 0xad, 0xc7, 0x7d, 0x03, 0x68, 0x3c, 0xc9, 0x43, 0xb8, 0x98, 0x07, 0x43,
0xd0, 0x88, 0x53, 0x25, 0x55, 0xd7, 0xce, 0x7b, 0xef, 0xa4, 0x40, 0x53, 0x95, 0xc2, 0x39, 0x1d,
0x2e, 0x72, 0xc3, 0x39, 0x68, 0x1a, 0x73, 0xd5, 0xe5, 0xdd, 0x77, 0x96, 0xe4, 0xfe, 0x72, 0xd1,
0x69, 0xe2, 0x57, 0x69, 0xf1, 0x7a, 0x1d, 0xf8, 0x35, 0x80, 0xc6, 0x55, 0x10, 0xc2, 0x69, 0x6a,
0x8d, 0xda, 0x46, 0x23, 0x88, 0x37, 0x32, 0xf0, 0x0d, 0x28, 0xd8, 0x05, 0x15, 0x46, 0xa6, 0xd4,
0xd9, 0xd2, 0xe8, 0xd5, 0xd0, 0x1f, 0x93, 0x29, 0xc5, 0x3a, 0x02, 0x3d, 0x60, 0xab, 0x5f, 0x11,
0x91, 0x01, 0x75, 0xaa, 0x3a, 0xed, 0x9e, 0x49, 0xb3, 0x1f, 0x67, 0x01, 0x9c, 0xe7, 0xc0, 0x2f,
0x80, 0xcd, 0x23, 0xf5, 0xa9, 0x87, 0x9c, 0x39, 0x35, 0x0d, 0x70, 0x33, 0xc0, 0x59, 0x16, 0xb8,
0x2e, 0x1a, 0x38, 0x07, 0xc0, 0xa7, 0xa0, 0x9e, 0x08, 0x1a, 0x9f, 0xb2, 0xe7, 0xdc, 0xa9, 0x6b,
0x41, 0x3f, 0x46, 0xc5, 0x1d, 0xf2, 0xca, 0xb5, 0x57, 0x42, 0xf6, 0x4c, 0x76, 0xfe, 0x3d, 0x65,
0x1e, 0xbc, 0x62, 0x82, 0x3d, 0x50, 0xe5, 0xfd, 0x1f, 0xe9, 0x40, 0x3a, 0xb6, 0xe6, 0xdc, 0xbb,
0x75, 0x48, 0xe6, 0xd6, 0x22, 0x4c, 0x2e, 0x4e, 0x7e, 0x96, 0x94, 0xa9, 0xf9, 0xf8, 0x77, 0x0d,
0x75, 0xf5, 0x4c, 0x93, 0x60, 0x43, 0x06, 0x7f, 0x00, 0x36, 0x9f, 0x04, 0xa9, 0xd3, 0x01, 0x6f,
0xc3, 0xbc, 0x92, 0xf2, 0x2c, 0xe3, 0xc1, 0x39, 0x25, 0xdc, 0x01, 0xd5, 0x20, 0x9e, 0xe3, 0x84,
0x39, 0x8d, 0xae, 0xb5, 0x5b, 0xf7, 0x81, 0xea, 0xe1, 0x58, 0x7b, 0xb0, 0x89, 0xc0, 0x67, 0xa0,
0xc6, 0x23, 0x25, 0x86, 0x70, 0xb6, 0xdf, 0xa6, 0x83, 0xa6, 0xe9, 0xa0, 0x76, 0x96, 0xb2, 0xe0,
0x8c, 0x6e, 0xe7, 0xd7, 0x0a, 0xb8, 0x57, 0xd8, 0x50, 0x22, 0xe2, 0x4c, 0xd0, 0xff, 0x65, 0x45,
0x7d, 0x02, 0x6a, 0x64, 0x32, 0xe1, 0x17, 0x34, 0xdd, 0x52, 0xf5, 0xbc, 0x89, 0xa3, 0xd4, 0x8d,
0xb3, 0x38, 0x3c, 0x07, 0x55, 0x21, 0x89, 0x4c, 0x84, 0xd9, 0x38, 0x0f, 0x5e, 0xef, 0x7a, 0x3d,
0xd1, 0x98, 0x54, 0x30, 0x4c, 0x45, 0x32, 0x91, 0xd8, 0xf0, 0xc0, 0x0e, 0xd8, 0x8a, 0x88, 0x1c,
0x8c, 0xf4, 0x56, 0xd9, 0xf6, 0xed, 0xe5, 0xa2, 0xb3, 0x75, 0xae, 0x1c, 0x38, 0xf5, 0xc3, 0x43,
0x60, 0xeb, 0xc3, 0xd3, 0x79, 0x94, 0x5d, 0x8c, 0xb6, 0x1a, 0xd1, 0x79, 0xe6, 0xbc, 0x2e, 0x1a,
0x38, 0x4f, 0x86, 0xbf, 0x59, 0xa0, 0x45, 0x92, 0x20, 0x94, 0x47, 0x8c, 0x71, 0x49, 0xd2, 0xa9,
0x54, 0xbb, 0xe5, 0xdd, 0xc6, 0xc1, 0x09, 0xfa, 0xb7, 0x97, 0x10, 0x6d, 0xe8, 0x8c, 0x8e, 0xd6,
0x78, 0x4e, 0x98, 0x8c, 0xe7, 0xbe, 0x63, 0x84, 0x6a, 0xad, 0x87, 0xf1, 0x46, 0xe1, 0xf6, 0x97,
0xe0, 0x83, 0x1b, 0x49, 0x60, 0x0b, 0x94, 0xc7, 0x74, 0x9e, 0x8e, 0x10, 0xab, 0x23, 0x7c, 0x1f,
0x6c, 0xcd, 0xc8, 0x24, 0xa1, 0x7a, 0x1c, 0x36, 0x4e, 0x8d, 0x47, 0x77, 0x0e, 0xad, 0x9d, 0x3f,
0x2d, 0xd0, 0x2c, 0x34, 0x37, 0x0b, 0xe9, 0x05, 0xec, 0x81, 0x9a, 0x59, 0x25, 0x9a, 0xa3, 0x71,
0x80, 0x5e, 0xfb, 0xcf, 0x69, 0x94, 0xdf, 0x50, 0xa3, 0xce, 0xf6, 0x5c, 0xc6, 0x05, 0xbf, 0xd3,
0xcf, 0x8b, 0xfe, 0xf7, 0xe6, 0xf1, 0xf2, 0xde, 0x50, 0x34, 0x7f, 0xdb, 0xbc, 0x27, 0xda, 0xc2,
0x2b, 0x3a, 0x7f, 0xef, 0xf2, 0xca, 0x2d, 0xbd, 0xb8, 0x72, 0x4b, 0x2f, 0xaf, 0xdc, 0xd2, 0x2f,
0x4b, 0xd7, 0xba, 0x5c, 0xba, 0xd6, 0x8b, 0xa5, 0x6b, 0xbd, 0x5c, 0xba, 0xd6, 0x5f, 0x4b, 0xd7,
0xfa, 0xfd, 0x6f, 0xb7, 0xf4, 0x7d, 0xcd, 0x10, 0xff, 0x13, 0x00, 0x00, 0xff, 0xff, 0x8b, 0xd1,
0x27, 0x74, 0xfd, 0x08, 0x00, 0x00,
// 925 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0xcb, 0x6e, 0x23, 0x45,
0x17, 0x76, 0x8f, 0x1d, 0xdb, 0x5d, 0xce, 0x3f, 0xf6, 0xd4, 0xfc, 0x48, 0x2d, 0x0b, 0xb5, 0x4d,
0x16, 0xc8, 0x48, 0x93, 0x6a, 0x12, 0xc1, 0x28, 0x1a, 0xb1, 0x49, 0x93, 0x08, 0x05, 0xa4, 0x49,
0x54, 0x33, 0x86, 0x81, 0x05, 0x52, 0xd9, 0xae, 0xb1, 0x1b, 0xdb, 0x55, 0x4d, 0x57, 0xb5, 0x83,
0x77, 0xec, 0xd9, 0xf0, 0x06, 0xbc, 0x00, 0x6f, 0xc1, 0x26, 0xcb, 0x59, 0xce, 0xca, 0x22, 0xe6,
0x2d, 0xb2, 0x42, 0x55, 0x5d, 0x7d, 0x19, 0x27, 0x81, 0xb9, 0xb0, 0x72, 0x9f, 0xcb, 0xf7, 0x9d,
0xe3, 0xef, 0xf4, 0x39, 0x0d, 0x8e, 0xa7, 0x07, 0x02, 0x05, 0xdc, 0x9b, 0xc6, 0x03, 0x1a, 0x31,
0x2a, 0xa9, 0xf0, 0x16, 0x94, 0x8d, 0x78, 0xe4, 0x99, 0x00, 0x09, 0x03, 0x8f, 0x8c, 0xe6, 0x81,
0x10, 0x01, 0x67, 0xde, 0x62, 0x6f, 0x40, 0x25, 0xd9, 0xf3, 0xc6, 0x94, 0xd1, 0x88, 0x48, 0x3a,
0x42, 0x61, 0xc4, 0x25, 0x87, 0xef, 0x27, 0xd9, 0x88, 0x84, 0x01, 0xca, 0xb2, 0x91, 0xc9, 0x6e,
0xef, 0x8e, 0x03, 0x39, 0x89, 0x07, 0x68, 0xc8, 0xe7, 0xde, 0x98, 0x8f, 0xb9, 0xa7, 0x41, 0x83,
0xf8, 0xb9, 0xb6, 0xb4, 0xa1, 0x9f, 0x12, 0xb2, 0xf6, 0x83, 0x62, 0xe9, 0x58, 0x4e, 0x28, 0x93,
0xc1, 0x90, 0xc8, 0xa4, 0xfe, 0x66, 0xe9, 0xf6, 0x27, 0x79, 0xf6, 0x9c, 0x0c, 0x27, 0x01, 0xa3,
0xd1, 0xd2, 0x0b, 0xa7, 0x63, 0xe5, 0x10, 0xde, 0x9c, 0x4a, 0x72, 0x13, 0xca, 0xbb, 0x0d, 0x15,
0xc5, 0x4c, 0x06, 0x73, 0x7a, 0x0d, 0xf0, 0xf0, 0xdf, 0x00, 0x62, 0x38, 0xa1, 0x73, 0xb2, 0x89,
0xdb, 0xf9, 0xcd, 0x06, 0xad, 0xc3, 0x54, 0x11, 0x4c, 0x7f, 0x8c, 0xa9, 0x90, 0xd0, 0x07, 0xe5,
0x38, 0x18, 0x39, 0x56, 0xd7, 0xea, 0xd9, 0xfe, 0xc7, 0x17, 0xab, 0x4e, 0x69, 0xbd, 0xea, 0x94,
0xfb, 0x27, 0x47, 0x57, 0xab, 0xce, 0x07, 0xb7, 0x15, 0x92, 0xcb, 0x90, 0x0a, 0xd4, 0x3f, 0x39,
0xc2, 0x0a, 0x0c, 0x9f, 0x81, 0xca, 0x34, 0x60, 0x23, 0xe7, 0x4e, 0xd7, 0xea, 0x35, 0xf6, 0x1f,
0xa2, 0x7c, 0x02, 0x19, 0x0c, 0x85, 0xd3, 0xb1, 0x72, 0x08, 0xa4, 0x64, 0x40, 0x8b, 0x3d, 0xf4,
0x45, 0xc4, 0xe3, 0xf0, 0x6b, 0x1a, 0xa9, 0x66, 0xbe, 0x0a, 0xd8, 0xc8, 0xdf, 0x36, 0xc5, 0x2b,
0xca, 0xc2, 0x9a, 0x11, 0x4e, 0x40, 0x3d, 0xa2, 0x82, 0xc7, 0xd1, 0x90, 0x3a, 0x65, 0xcd, 0xfe,
0xe8, 0xcd, 0xd9, 0xb1, 0x61, 0xf0, 0x5b, 0xa6, 0x42, 0x3d, 0xf5, 0xe0, 0x8c, 0x1d, 0x7e, 0x0a,
0x1a, 0x22, 0x1e, 0xa4, 0x01, 0xa7, 0xa2, 0xf5, 0xb8, 0x6f, 0x00, 0x8d, 0x27, 0x79, 0x08, 0x17,
0xf3, 0x60, 0x00, 0x1a, 0x51, 0xa2, 0xa4, 0xea, 0xda, 0xf9, 0xdf, 0x3b, 0x29, 0xd0, 0x54, 0xa5,
0x70, 0x4e, 0x87, 0x8b, 0xdc, 0x70, 0x09, 0x9a, 0xc6, 0xcc, 0xba, 0xbc, 0xfb, 0xce, 0x92, 0xdc,
0x5f, 0xaf, 0x3a, 0x4d, 0xfc, 0x2a, 0x2d, 0xde, 0xac, 0x03, 0xbf, 0x04, 0xd0, 0xb8, 0x0a, 0x42,
0x38, 0x4d, 0xad, 0x51, 0xdb, 0x68, 0x04, 0xf1, 0xb5, 0x0c, 0x7c, 0x03, 0x0a, 0x76, 0x41, 0x85,
0x91, 0x39, 0x75, 0xb6, 0x34, 0x3a, 0x1b, 0xfa, 0x63, 0x32, 0xa7, 0x58, 0x47, 0xa0, 0x07, 0x6c,
0xf5, 0x2b, 0x42, 0x32, 0xa4, 0x4e, 0x55, 0xa7, 0xdd, 0x33, 0x69, 0xf6, 0xe3, 0x34, 0x80, 0xf3,
0x1c, 0xf8, 0x19, 0xb0, 0x79, 0xa8, 0x5e, 0xf5, 0x80, 0x33, 0xa7, 0xa6, 0x01, 0x6e, 0x0a, 0x38,
0x4d, 0x03, 0x57, 0x45, 0x03, 0xe7, 0x00, 0xf8, 0x14, 0xd4, 0x63, 0x41, 0xa3, 0x13, 0xf6, 0x9c,
0x3b, 0x75, 0x2d, 0xe8, 0x87, 0xa8, 0x78, 0x43, 0x5e, 0x59, 0x7b, 0x25, 0x64, 0xdf, 0x64, 0xe7,
0xef, 0x53, 0xea, 0xc1, 0x19, 0x13, 0xec, 0x83, 0x2a, 0x1f, 0xfc, 0x40, 0x87, 0xd2, 0xb1, 0x35,
0xe7, 0xee, 0xad, 0x43, 0x32, 0x5b, 0x8b, 0x30, 0x39, 0x3f, 0xfe, 0x49, 0x52, 0xa6, 0xe6, 0xe3,
0xdf, 0x35, 0xd4, 0xd5, 0x53, 0x4d, 0x82, 0x0d, 0x19, 0xfc, 0x1e, 0xd8, 0x7c, 0x36, 0x4a, 0x9c,
0x0e, 0x78, 0x1b, 0xe6, 0x4c, 0xca, 0xd3, 0x94, 0x07, 0xe7, 0x94, 0x70, 0x07, 0x54, 0x47, 0xd1,
0x12, 0xc7, 0xcc, 0x69, 0x74, 0xad, 0x5e, 0xdd, 0x07, 0xaa, 0x87, 0x23, 0xed, 0xc1, 0x26, 0x02,
0x9f, 0x81, 0x1a, 0x0f, 0x95, 0x18, 0xc2, 0xd9, 0x7e, 0x9b, 0x0e, 0x9a, 0xa6, 0x83, 0xda, 0x69,
0xc2, 0x82, 0x53, 0xba, 0x9d, 0xdf, 0x2b, 0xe0, 0x5e, 0xe1, 0x42, 0x89, 0x90, 0x33, 0x41, 0xff,
0x93, 0x13, 0xf5, 0x11, 0xa8, 0x91, 0xd9, 0x8c, 0x9f, 0xd3, 0xe4, 0x4a, 0xd5, 0xf3, 0x26, 0x0e,
0x13, 0x37, 0x4e, 0xe3, 0xf0, 0x0c, 0x54, 0x85, 0x24, 0x32, 0x16, 0xe6, 0xe2, 0x3c, 0x78, 0xbd,
0xf5, 0x7a, 0xa2, 0x31, 0x89, 0x60, 0x98, 0x8a, 0x78, 0x26, 0xb1, 0xe1, 0x81, 0x1d, 0xb0, 0x15,
0x12, 0x39, 0x9c, 0xe8, 0xab, 0xb2, 0xed, 0xdb, 0xeb, 0x55, 0x67, 0xeb, 0x4c, 0x39, 0x70, 0xe2,
0x87, 0x07, 0xc0, 0xd6, 0x0f, 0x4f, 0x97, 0x61, 0xba, 0x18, 0x6d, 0x35, 0xa2, 0xb3, 0xd4, 0x79,
0x55, 0x34, 0x70, 0x9e, 0x0c, 0x7f, 0xb1, 0x40, 0x8b, 0xc4, 0xa3, 0x40, 0x1e, 0x32, 0xc6, 0x25,
0x49, 0xa6, 0x52, 0xed, 0x96, 0x7b, 0x8d, 0xfd, 0x63, 0xf4, 0x4f, 0x5f, 0x42, 0x74, 0x4d, 0x67,
0x74, 0xb8, 0xc1, 0x73, 0xcc, 0x64, 0xb4, 0xf4, 0x1d, 0x23, 0x54, 0x6b, 0x33, 0x8c, 0xaf, 0x15,
0x86, 0x3d, 0x50, 0x3f, 0x27, 0x11, 0x0b, 0xd8, 0x58, 0x38, 0xb5, 0x6e, 0x59, 0xed, 0xb7, 0x5a,
0x8f, 0x6f, 0x8c, 0x0f, 0x67, 0xd1, 0xf6, 0xe7, 0xe0, 0xbd, 0x1b, 0xcb, 0xc1, 0x16, 0x28, 0x4f,
0xe9, 0x32, 0x19, 0x36, 0x56, 0x8f, 0xf0, 0xff, 0x60, 0x6b, 0x41, 0x66, 0x31, 0xd5, 0x83, 0xb3,
0x71, 0x62, 0x3c, 0xba, 0x73, 0x60, 0xed, 0xfc, 0x61, 0x81, 0x66, 0xe1, 0x6f, 0x2c, 0x02, 0x7a,
0x0e, 0xfb, 0xa0, 0x66, 0x8e, 0x8e, 0xe6, 0x68, 0xec, 0xa3, 0xd7, 0x96, 0x41, 0xa3, 0xfc, 0x86,
0x7a, 0x29, 0xd2, 0x8b, 0x98, 0x72, 0xc1, 0x6f, 0xf5, 0x87, 0x48, 0xeb, 0x64, 0x3e, 0x73, 0xde,
0x1b, 0xca, 0x9b, 0x48, 0x91, 0x5a, 0x38, 0xa3, 0xf3, 0x77, 0x2f, 0x2e, 0xdd, 0xd2, 0x8b, 0x4b,
0xb7, 0xf4, 0xf2, 0xd2, 0x2d, 0xfd, 0xbc, 0x76, 0xad, 0x8b, 0xb5, 0x6b, 0xbd, 0x58, 0xbb, 0xd6,
0xcb, 0xb5, 0x6b, 0xfd, 0xb9, 0x76, 0xad, 0x5f, 0xff, 0x72, 0x4b, 0xdf, 0xd5, 0x0c, 0xf1, 0xdf,
0x01, 0x00, 0x00, 0xff, 0xff, 0x6c, 0x23, 0xa1, 0xd9, 0x27, 0x09, 0x00, 0x00,
}
func (m *AdmissionRequest) Marshal() (dAtA []byte, err error) {
@ -370,6 +371,15 @@ func (m *AdmissionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
_ = i
var l int
_ = l
if len(m.Warnings) > 0 {
for iNdEx := len(m.Warnings) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Warnings[iNdEx])
copy(dAtA[i:], m.Warnings[iNdEx])
i = encodeVarintGenerated(dAtA, i, uint64(len(m.Warnings[iNdEx])))
i--
dAtA[i] = 0x3a
}
}
if len(m.AuditAnnotations) > 0 {
keysForAuditAnnotations := make([]string, 0, len(m.AuditAnnotations))
for k := range m.AuditAnnotations {
@ -567,6 +577,12 @@ func (m *AdmissionResponse) Size() (n int) {
n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize))
}
}
if len(m.Warnings) > 0 {
for _, s := range m.Warnings {
l = len(s)
n += 1 + l + sovGenerated(uint64(l))
}
}
return n
}
@ -638,6 +654,7 @@ func (this *AdmissionResponse) String() string {
`Patch:` + valueToStringGenerated(this.Patch) + `,`,
`PatchType:` + valueToStringGenerated(this.PatchType) + `,`,
`AuditAnnotations:` + mapStringForAuditAnnotations + `,`,
`Warnings:` + fmt.Sprintf("%v", this.Warnings) + `,`,
`}`,
}, "")
return s
@ -1508,6 +1525,38 @@ func (m *AdmissionResponse) Unmarshal(dAtA []byte) error {
}
m.AuditAnnotations[mapkey] = mapvalue
iNdEx = postIndex
case 7:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Warnings", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthGenerated
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthGenerated
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Warnings = append(m.Warnings, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])

View File

@ -145,6 +145,13 @@ message AdmissionResponse {
// the admission webhook to add additional context to the audit log for this request.
// +optional
map<string, string> auditAnnotations = 6;
// warnings is a list of warning messages to return to the requesting API client.
// Warning messages describe a problem the client making the API request should correct or be aware of.
// Limit warnings to 120 characters if possible.
// Warnings over 256 characters and large numbers of warnings may be truncated.
// +optional
repeated string warnings = 7;
}
// AdmissionReview describes an admission review request/response.

View File

@ -145,6 +145,13 @@ type AdmissionResponse struct {
// the admission webhook to add additional context to the audit log for this request.
// +optional
AuditAnnotations map[string]string `json:"auditAnnotations,omitempty" protobuf:"bytes,6,opt,name=auditAnnotations"`
// warnings is a list of warning messages to return to the requesting API client.
// Warning messages describe a problem the client making the API request should correct or be aware of.
// Limit warnings to 120 characters if possible.
// Warnings over 256 characters and large numbers of warnings may be truncated.
// +optional
Warnings []string `json:"warnings,omitempty" protobuf:"bytes,7,rep,name=warnings"`
}
// PatchType is the type of patch being used to represent the mutated object

View File

@ -58,6 +58,7 @@ var map_AdmissionResponse = map[string]string{
"patch": "The patch body. Currently we only support \"JSONPatch\" which implements RFC 6902.",
"patchType": "The type of Patch. Currently we only allow \"JSONPatch\".",
"auditAnnotations": "AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by the admission webhook to add additional context to the audit log for this request.",
"warnings": "warnings is a list of warning messages to return to the requesting API client. Warning messages describe a problem the client making the API request should correct or be aware of. Limit warnings to 120 characters if possible. Warnings over 256 characters and large numbers of warnings may be truncated.",
}
func (AdmissionResponse) SwaggerDoc() map[string]string {

View File

@ -87,6 +87,11 @@ func (in *AdmissionResponse) DeepCopyInto(out *AdmissionResponse) {
(*out)[key] = val
}
}
if in.Warnings != nil {
in, out := &in.Warnings, &out.Warnings
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}

View File

@ -76,6 +76,9 @@
"patchType": "-Ǐ忄*齧獚敆Ȏțê",
"auditAnnotations": {
"30": "31"
}
},
"warnings": [
"32"
]
}
}

View File

@ -78,3 +78,5 @@ response:
reason: Hr鯹)晿<o,c鮽ort昍řČ扷5Ɨ
status: "23"
uid: 輂]¨&桰]]æȌ殸2爟¼ªov鈶
warnings:
- "32"

View File

@ -76,6 +76,9 @@
"patchType": "-Ǐ忄*齧獚敆Ȏțê",
"auditAnnotations": {
"30": "31"
}
},
"warnings": [
"32"
]
}
}

View File

@ -78,3 +78,5 @@ response:
reason: Hr鯹)晿<o,c鮽ort昍řČ扷5Ɨ
status: "23"
uid: 輂]¨&桰]]æȌ殸2爟¼ªov鈶
warnings:
- "32"

View File

@ -30,6 +30,7 @@ go_library(
"//staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/request:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/webhook:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/warning:go_default_library",
"//vendor/github.com/evanphx/json-patch:go_default_library",
"//vendor/k8s.io/klog/v2:go_default_library",
"//vendor/k8s.io/utils/trace:go_default_library",

View File

@ -43,6 +43,7 @@ import (
webhookrequest "k8s.io/apiserver/pkg/admission/plugin/webhook/request"
auditinternal "k8s.io/apiserver/pkg/apis/audit"
webhookutil "k8s.io/apiserver/pkg/util/webhook"
"k8s.io/apiserver/pkg/warning"
utiltrace "k8s.io/utils/trace"
)
@ -267,6 +268,9 @@ func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *admiss
klog.Warningf("Failed to set admission audit annotation %s to %s for mutating webhook %s: %v", key, v, h.Name, err)
}
}
for _, w := range result.Warnings {
warning.AddWarning(ctx, "", w)
}
if !result.Allowed {
return false, &webhookutil.ErrWebhookRejection{Status: webhookerrors.ToStatusErr(h.Name, result.Result)}

View File

@ -36,6 +36,7 @@ type AdmissionResponse struct {
Patch []byte
PatchType admissionv1.PatchType
Result *metav1.Status
Warnings []string
}
// VerifyAdmissionResponse checks the validity of the provided admission review object, and returns the
@ -93,6 +94,7 @@ func VerifyAdmissionResponse(uid types.UID, mutating bool, review runtime.Object
Patch: patch,
PatchType: patchType,
Result: r.Response.Result,
Warnings: r.Response.Warnings,
}, nil
case *admissionv1beta1.AdmissionReview:
@ -118,6 +120,7 @@ func VerifyAdmissionResponse(uid types.UID, mutating bool, review runtime.Object
Patch: patch,
PatchType: patchType,
Result: r.Response.Result,
Warnings: r.Response.Warnings,
}, nil
default:

View File

@ -23,6 +23,7 @@ go_library(
"//staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/generic:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/request:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/webhook:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/warning:go_default_library",
"//vendor/k8s.io/klog/v2:go_default_library",
"//vendor/k8s.io/utils/trace:go_default_library",
],

View File

@ -33,6 +33,7 @@ import (
"k8s.io/apiserver/pkg/admission/plugin/webhook/generic"
webhookrequest "k8s.io/apiserver/pkg/admission/plugin/webhook/request"
webhookutil "k8s.io/apiserver/pkg/util/webhook"
"k8s.io/apiserver/pkg/warning"
"k8s.io/klog/v2"
utiltrace "k8s.io/utils/trace"
)
@ -227,6 +228,9 @@ func (d *validatingDispatcher) callHook(ctx context.Context, h *v1.ValidatingWeb
klog.Warningf("Failed to set admission audit annotation %s to %s for validating webhook %s: %v", key, v, h.Name, err)
}
}
for _, w := range result.Warnings {
warning.AddWarning(ctx, "", w)
}
if result.Allowed {
return nil
}

View File

@ -17,10 +17,13 @@ limitations under the License.
package filters
import (
"fmt"
"net/http"
"sync"
"unicode/utf8"
"k8s.io/apimachinery/pkg/util/net"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/apiserver/pkg/warning"
)
@ -33,10 +36,34 @@ func WithWarningRecorder(handler http.Handler) http.Handler {
})
}
var (
truncateAtTotalRunes = 4 * 1024
truncateItemRunes = 256
)
type recordedWarning struct {
agent string
text string
}
type recorder struct {
lock sync.Mutex
// lock guards calls to AddWarning from multiple threads
lock sync.Mutex
// recorded tracks whether AddWarning was already called with a given text
recorded map[string]bool
writer http.ResponseWriter
// ordered tracks warnings added so they can be replayed and truncated if needed
ordered []recordedWarning
// written tracks how many runes of text have been added as warning headers
written int
// truncating tracks if we have already exceeded truncateAtTotalRunes and are now truncating warning messages as we add them
truncating bool
// writer is the response writer to add warning headers to
writer http.ResponseWriter
}
func (r *recorder) AddWarning(agent, text string) {
@ -47,6 +74,11 @@ func (r *recorder) AddWarning(agent, text string) {
r.lock.Lock()
defer r.lock.Unlock()
// if we've already exceeded our limit and are already truncating, return early
if r.written >= truncateAtTotalRunes && r.truncating {
return
}
// init if needed
if r.recorded == nil {
r.recorded = map[string]bool{}
@ -57,13 +89,45 @@ func (r *recorder) AddWarning(agent, text string) {
return
}
r.recorded[text] = true
r.ordered = append(r.ordered, recordedWarning{agent: agent, text: text})
// TODO(liggitt): track total message characters written:
// * if this takes us over 4k truncate individual messages to 256 chars and regenerate headers
// * if we're already truncating truncate this message to 256 chars
// * if we're still over 4k omit this message
// truncate on a rune boundary, if needed
textRuneLength := utf8.RuneCountInString(text)
if r.truncating && textRuneLength > truncateItemRunes {
text = string([]rune(text)[:truncateItemRunes])
textRuneLength = truncateItemRunes
}
if header, err := net.NewWarningHeader(299, agent, text); err == nil {
// compute the header
header, err := net.NewWarningHeader(299, agent, text)
if err != nil {
return
}
// if this fits within our limit, or we're already truncating, write and return
if r.written+textRuneLength <= truncateAtTotalRunes || r.truncating {
r.written += textRuneLength
r.writer.Header().Add("Warning", header)
return
}
// otherwise, enable truncation, reset, and replay the existing items as truncated warnings
r.truncating = true
r.written = 0
r.writer.Header().Del("Warning")
utilruntime.HandleError(fmt.Errorf("exceeded max warning header size, truncating"))
for _, w := range r.ordered {
agent := w.agent
text := w.text
textRuneLength := utf8.RuneCountInString(text)
if textRuneLength > truncateItemRunes {
text = string([]rune(text)[:truncateItemRunes])
textRuneLength = truncateItemRunes
}
if header, err := net.NewWarningHeader(299, agent, text); err == nil {
r.written += textRuneLength
r.writer.Header().Add("Warning", header)
}
}
}

View File

@ -98,3 +98,35 @@ func Test_recorder_AddWarning(t *testing.T) {
})
}
}
func TestTruncation(t *testing.T) {
originalTotalRunes, originalItemRunes := truncateAtTotalRunes, truncateItemRunes
truncateAtTotalRunes, truncateItemRunes = 25, 5
defer func() {
truncateAtTotalRunes, truncateItemRunes = originalTotalRunes, originalItemRunes
}()
responseRecorder := httptest.NewRecorder()
warningRecorder := &recorder{writer: responseRecorder}
// add items longer than the individual length
warningRecorder.AddWarning("", "aaaaaaaaaa") // long item
warningRecorder.AddWarning("-", "aaaaaaaaaa") // duplicate item
warningRecorder.AddWarning("", "bb") // short item
warningRecorder.AddWarning("", "ccc") // short item
warningRecorder.AddWarning("", "Iñtërnâtiô") // long item
// check they are preserved
if e, a := []string{`299 - "aaaaaaaaaa"`, `299 - "bb"`, `299 - "ccc"`, `299 - "Iñtërnâtiô"`}, responseRecorder.Header()["Warning"]; !reflect.DeepEqual(e, a) {
t.Errorf("expected\n%#v\ngot\n%#v", e, a)
}
// add an item that exceeds the length and triggers truncation, reducing existing items to 15 runes
warningRecorder.AddWarning("", "e") // triggering item, 16 total
warningRecorder.AddWarning("", "ffffffffff") // long item to get truncated, 21 total
warningRecorder.AddWarning("", "ffffffffff") // duplicate item
warningRecorder.AddWarning("", "gggggggggg") // item to get truncated, 26 total
warningRecorder.AddWarning("", "h") // item to get ignored since we're over our limit
// check that existing items are truncated, and order preserved
if e, a := []string{`299 - "aaaaa"`, `299 - "bb"`, `299 - "ccc"`, `299 - "Iñtër"`, `299 - "e"`, `299 - "fffff"`, `299 - "ggggg"`}, responseRecorder.Header()["Warning"]; !reflect.DeepEqual(e, a) {
t.Errorf("expected\n%#v\ngot\n%#v", e, a)
}
}

View File

@ -75,6 +75,7 @@ func convertAdmissionResponseToV1(r *v1beta1.AdmissionResponse) *v1.AdmissionRes
Patch: r.Patch,
PatchType: pt,
Result: r.Result,
Warnings: r.Warnings,
}
}
@ -91,6 +92,7 @@ func convertAdmissionResponseToV1beta1(r *v1.AdmissionResponse) *v1beta1.Admissi
Patch: r.Patch,
PatchType: pt,
Result: r.Result,
Warnings: r.Warnings,
}
}

View File

@ -169,6 +169,8 @@ type holder struct {
t *testing.T
warningHandler *warningHandler
recordGVR metav1.GroupVersionResource
recordOperation string
recordNamespace string
@ -203,6 +205,7 @@ func (h *holder) reset(t *testing.T) {
h.expectOldObject = false
h.expectOptionsGVK = schema.GroupVersionKind{}
h.expectOptions = false
h.warningHandler.reset()
// Set up the recorded map with nil records for all combinations
h.recorded = map[webhookOptions]*admissionRequest{}
@ -231,6 +234,7 @@ func (h *holder) expect(gvr schema.GroupVersionResource, gvk, optionsGVK schema.
h.expectOldObject = oldObject
h.expectOptionsGVK = optionsGVK
h.expectOptions = options
h.warningHandler.reset()
// Set up the recorded map with nil records for all combinations
h.recorded = map[webhookOptions]*admissionRequest{}
@ -314,13 +318,15 @@ func (h *holder) verify(t *testing.T) {
defer h.lock.Unlock()
for options, value := range h.recorded {
if err := h.verifyRequest(options.converted, value); err != nil {
if err := h.verifyRequest(options, value); err != nil {
t.Errorf("version: %v, phase:%v, converted:%v error: %v", options.version, options.phase, options.converted, err)
}
}
}
func (h *holder) verifyRequest(converted bool, request *admissionRequest) error {
func (h *holder) verifyRequest(webhookOptions webhookOptions, request *admissionRequest) error {
converted := webhookOptions.converted
// Check if current resource should be exempted from Admission processing
if admissionExemptResources[gvr(h.recordGVR.Group, h.recordGVR.Version, h.recordGVR.Resource)] {
if request == nil {
@ -357,6 +363,10 @@ func (h *holder) verifyRequest(converted bool, request *admissionRequest) error
return fmt.Errorf("unexpected options: %#v", request.Options.Object)
}
if !h.warningHandler.hasWarning(makeWarning(webhookOptions.version, webhookOptions.phase, webhookOptions.converted)) {
return fmt.Errorf("no warning received from webhook")
}
return nil
}
@ -384,6 +394,34 @@ func (h *holder) verifyOptions(options runtime.Object) error {
return nil
}
type warningHandler struct {
lock sync.Mutex
warnings map[string]bool
}
func (w *warningHandler) reset() {
w.lock.Lock()
defer w.lock.Unlock()
w.warnings = map[string]bool{}
}
func (w *warningHandler) hasWarning(warning string) bool {
w.lock.Lock()
defer w.lock.Unlock()
return w.warnings[warning]
}
func makeWarning(version string, phase string, converted bool) string {
return fmt.Sprintf("%v/%v/%v", version, phase, converted)
}
func (w *warningHandler) HandleWarningHeader(code int, agent string, message string) {
if code != 299 || len(message) == 0 {
return
}
w.lock.Lock()
defer w.lock.Unlock()
w.warnings[message] = true
}
// TestWebhookAdmissionWithWatchCache tests communication between API server and webhook process.
func TestWebhookAdmissionWithWatchCache(t *testing.T) {
testWebhookAdmission(t, true)
@ -399,6 +437,7 @@ func testWebhookAdmission(t *testing.T, watchCache bool) {
// holder communicates expectations to webhooks, and results from webhooks
holder := &holder{
t: t,
warningHandler: &warningHandler{warnings: map[string]bool{}},
gvrToConvertedGVR: map[metav1.GroupVersionResource]metav1.GroupVersionResource{},
gvrToConvertedGVK: map[metav1.GroupVersionResource]schema.GroupVersionKind{},
}
@ -451,6 +490,7 @@ func testWebhookAdmission(t *testing.T, watchCache bool) {
clientConfig := rest.CopyConfig(server.ClientConfig)
clientConfig.Impersonate.UserName = testClientUsername
clientConfig.Impersonate.Groups = []string{"system:masters", "system:authenticated"}
clientConfig.WarningHandler = holder.warningHandler
client, err := clientset.NewForConfig(clientConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
@ -1265,6 +1305,9 @@ func newV1beta1WebhookHandler(t *testing.T, holder *holder, phase string, conver
review.Kind = ""
review.Response.UID = ""
// test plumbing warnings back to the client
review.Response.Warnings = []string{makeWarning("v1beta1", phase, converted)}
// If we're mutating, and have an object, return a patch to exercise conversion
if phase == mutation && len(review.Request.Object.Raw) > 0 {
review.Response.Patch = []byte(`[{"op":"add","path":"/foo","value":"test"}]`)
@ -1355,6 +1398,9 @@ func newV1WebhookHandler(t *testing.T, holder *holder, phase string, converted b
Allowed: true,
UID: review.Request.UID,
Result: &metav1.Status{Message: "admitted"},
// test plumbing warnings back
Warnings: []string{makeWarning("v1", phase, converted)},
}
// If we're mutating, and have an object, return a patch to exercise conversion
if phase == mutation && len(review.Request.Object.Raw) > 0 {