You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The API Server puts some limitations on the warnings:
- they cannot exceed 256 characters
- the size of all the warnings cannot exceed 4096 characters
- they are returned as HTTP headers, hence not all characters are allowed
Because of these reasons, starting from now, we use the warning struct only to
tell the user whether a member policy was evaluated or not. When it was
evaluated we just tell the outcome (allow/reject).
The details of each policy evaluation are returned as part of the
`AdmissionResponse.status.details.causes`.
Notes: the warning messages are always shown, regardless of the request
being accepted or rejected.
The `AdmissionResponse.status.details.causes` are shown only when the
request is rejected. `kubectl` shows them only when run with verbose
major or equal to 4 (`-v4`).
Policy Server always shows the `causes` inside of its logs when running
in `debug` mode.
The `causes` are always sent as part of the traces emitted by Policy
Server.
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
message:Some(format!("Request rejected by policy {policy_id}. The policy attempted to mutate the request, but it is currently configured to not allow mutations.")),
162
162
code:None,
163
+
..Default::default()
163
164
}),
164
165
// if `allowed_to_mutate` is false, we are in a validating webhook. If we send a patch, k8s will fail because validating webhook do not expect this field
0 commit comments