Open Policy Agent
What's the difference between input.review and input.request? #107
-
|
When looking at Kubernetes admission controller policies, you'll sometimes see them using |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
As this question comes up every now and then, I'm posting it here with the answer for posterity. OPA Gatekeeper modifies the incoming request from the Kubernetes API server before it is provided to your policy. When doing so, it changes When using "regular" OPA for admission control, as described in the OPA docs, your policies will see the So to summarize:
|
Beta Was this translation helpful? Give feedback.
As this question comes up every now and then, I'm posting it here with the answer for posterity.
OPA Gatekeeper modifies the incoming request from the Kubernetes API server before it is provided to your policy. When doing so, it changes
input.requestto beinput.reviewand it also populatesinput.parametersbased on parameters provided by the constraint template.When using "regular" OPA for admission control, as described in the OPA docs, your policies will see the
inputexactly as it is provided by the Kubernetes API server. In that format the request object will be found underinput.request.So to summarize:
input.reviewinput.request