Merge pull request #67386 from CaoShuFeng/audit_annotation_object

Automatic merge from submit-queue (batch tested with PRs 55600, 67386). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. update Annotations description about audit.Event ref: kubernetes/kubernetes#58679 (comment) **What this PR does / why we need it**: **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes # **Special notes for your reviewer**: /assign @liggitt **Release note**: ```release-note NONE ``` Kubernetes-commit: 4c5e6156525b96b72961b86ff5bd82c44ea0cd96
sttts · Sep 5, 2018 · 94da44a · 94da44a
2 parents b63b615 + 4df3ddc
commit 94da44a
Show file tree

Hide file tree

Showing 7 changed files with 28 additions and 21 deletions.
diff --git a/pkg/apis/audit/types.go b/pkg/apis/audit/types.go
@@ -132,9 +132,10 @@ type Event struct {
 
 	// Annotations is an unstructured key value map stored with an audit event that may be set by
 	// plugins invoked in the request serving chain, including authentication, authorization and
-	// admission plugins. Keys should uniquely identify the informing component to avoid name
-	// collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values should be short. Annotations
-	// are included in the Metadata level.
+	// admission plugins. Note that these annotations are for the audit event, and do not correspond
+	// to the metadata.annotations of the submitted object. Keys should uniquely identify the informing
+	// component to avoid name collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values
+	// should be short. Annotations are included in the Metadata level.
 	// +optional
 	Annotations map[string]string
 }

diff --git a/pkg/apis/audit/v1/generated.proto b/pkg/apis/audit/v1/generated.proto
diff --git a/pkg/apis/audit/v1/types.go b/pkg/apis/audit/v1/types.go
@@ -127,9 +127,10 @@ type Event struct {
 
 	// Annotations is an unstructured key value map stored with an audit event that may be set by
 	// plugins invoked in the request serving chain, including authentication, authorization and
-	// admission plugins. Keys should uniquely identify the informing component to avoid name
-	// collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values should be short. Annotations
-	// are included in the Metadata level.
+	// admission plugins. Note that these annotations are for the audit event, and do not correspond
+	// to the metadata.annotations of the submitted object. Keys should uniquely identify the informing
+	// component to avoid name collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values
+	// should be short. Annotations are included in the Metadata level.
 	// +optional
 	Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,15,rep,name=annotations"`
 }

diff --git a/pkg/apis/audit/v1alpha1/generated.proto b/pkg/apis/audit/v1alpha1/generated.proto
diff --git a/pkg/apis/audit/v1alpha1/types.go b/pkg/apis/audit/v1alpha1/types.go
@@ -139,9 +139,10 @@ type Event struct {
 
 	// Annotations is an unstructured key value map stored with an audit event that may be set by
 	// plugins invoked in the request serving chain, including authentication, authorization and
-	// admission plugins. Keys should uniquely identify the informing component to avoid name
-	// collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values should be short. Annotations
-	// are included in the Metadata level.
+	// admission plugins. Note that these annotations are for the audit event, and do not correspond
+	// to the metadata.annotations of the submitted object. Keys should uniquely identify the informing
+	// component to avoid name collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values
+	// should be short. Annotations are included in the Metadata level.
 	// +optional
 	Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,17,rep,name=annotations"`
 }

diff --git a/pkg/apis/audit/v1beta1/generated.proto b/pkg/apis/audit/v1beta1/generated.proto
diff --git a/pkg/apis/audit/v1beta1/types.go b/pkg/apis/audit/v1beta1/types.go
@@ -135,9 +135,10 @@ type Event struct {
 
 	// Annotations is an unstructured key value map stored with an audit event that may be set by
 	// plugins invoked in the request serving chain, including authentication, authorization and
-	// admission plugins. Keys should uniquely identify the informing component to avoid name
-	// collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values should be short. Annotations
-	// are included in the Metadata level.
+	// admission plugins. Note that these annotations are for the audit event, and do not correspond
+	// to the metadata.annotations of the submitted object. Keys should uniquely identify the informing
+	// component to avoid name collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values
+	// should be short. Annotations are included in the Metadata level.
 	// +optional
 	Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,17,rep,name=annotations"`
 }