kubernetes
diff --git a/‎go.mod‎
Lines changed: 5 additions & 3 deletions b/‎go.mod‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎go.sum‎
Lines changed: 6 additions & 6 deletions b/‎go.sum‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎pkg/apis/audit/types.go‎
Lines changed: 11 additions & 0 deletions b/‎pkg/apis/audit/types.go‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎pkg/apis/audit/v1/generated.pb.go‎
Lines changed: 188 additions & 0 deletions b/‎pkg/apis/audit/v1/generated.pb.go‎
Lines changed: 188 additions & 0 deletions
diff --git a/‎pkg/apis/audit/v1/generated.proto‎
Lines changed: 11 additions & 0 deletions b/‎pkg/apis/audit/v1/generated.proto‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎pkg/apis/audit/v1/generated.protomessage.pb.go‎
Lines changed: 2 additions & 0 deletions b/‎pkg/apis/audit/v1/generated.protomessage.pb.go‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎pkg/apis/audit/v1/types.go‎
Lines changed: 10 additions & 0 deletions b/‎pkg/apis/audit/v1/types.go‎
Lines changed: 10 additions & 0 deletions
@@ -48,9 +48,9 @@ require (
 gopkg.in/evanphx/json-patch.v4 v4.13.0
 gopkg.in/go-jose/go-jose.v2 v2.6.3
 gopkg.in/natefinch/lumberjack.v2 v2.2.1
-k8s.io/api v0.0.0-20251101152117-8b150d50efc9
-k8s.io/apimachinery v0.0.0-20251101151749-05faff5a672c
-k8s.io/client-go v0.0.0-20251103194327-6f5c1adc653d
+k8s.io/api v0.0.0-20251105002758-78deebe13046
+k8s.io/apimachinery v0.0.0-20251104194212-729c13d7df38
+k8s.io/client-go v0.0.0-20251105003230-5aa3ca7f2ac5
 k8s.io/component-base v0.0.0-20251101153715-0c7fa86d2ef3
 k8s.io/klog/v2 v2.130.1
 k8s.io/kms v0.0.0-20251031154137-67fac28309db
@@ -123,3 +123,5 @@ require (
 gopkg.in/inf.v0 v0.9.1 // indirect
 gopkg.in/yaml.v3 v3.0.1 // indirect
 )
+
+replace k8s.io/api => k8s.io/api v0.0.0-20251105002758-60b622f4f36b
@@ -299,12 +299,12 @@ gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYs
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.0.0-20251101152117-8b150d50efc9 h1:P1VJ0Cta+1g3ZOAduWfXlwivtOut0RkvBLl2U6IKJIk=
-k8s.io/api v0.0.0-20251101152117-8b150d50efc9/go.mod h1:KCNAyXzKdz0tzxA8m4XMnxPRckvU84IskGAh7Qf/5wE=
-k8s.io/apimachinery v0.0.0-20251101151749-05faff5a672c h1:s4JMRNZUE03qLV8X6sQaP94dfl0HG+dQcSBnYYY+28g=
-k8s.io/apimachinery v0.0.0-20251101151749-05faff5a672c/go.mod h1:dR9KPaf5L0t2p9jZg/wCGB4b3ma2sXZ2zdNqILs+Sak=
-k8s.io/client-go v0.0.0-20251103194327-6f5c1adc653d h1:XT0xyDV32YoL7HGeSosDNnbOJ2PK7tZsOId030YgeNU=
-k8s.io/client-go v0.0.0-20251103194327-6f5c1adc653d/go.mod h1:x5bqc6UixzIl5pYceAWeJOBZOUoZoghDVHHokZarYXk=
+k8s.io/api v0.0.0-20251105002758-60b622f4f36b h1:kQIH9+m06rrUrGSlYZfgU4NVTT1MXFxDczGsNAndlQA=
+k8s.io/api v0.0.0-20251105002758-60b622f4f36b/go.mod h1:WAtHXlm214kKcYg1bP2G5eefhLoi/NCF6sxUeTjUXMs=
+k8s.io/apimachinery v0.0.0-20251104194212-729c13d7df38 h1:5jRAlNQwmLaPNhf9mfhacvZKFF8fE4nfULiBul0PrGM=
+k8s.io/apimachinery v0.0.0-20251104194212-729c13d7df38/go.mod h1:dR9KPaf5L0t2p9jZg/wCGB4b3ma2sXZ2zdNqILs+Sak=
+k8s.io/client-go v0.0.0-20251105003230-5aa3ca7f2ac5 h1:zfG89yYdzEweXvymwXD810niLOIvcKD0qq67yJVKxbQ=
+k8s.io/client-go v0.0.0-20251105003230-5aa3ca7f2ac5/go.mod h1:0nAtsAwkk8yBzjuzDlbrxZghpDWfhA2alzTAVP+GyyM=
 k8s.io/component-base v0.0.0-20251101153715-0c7fa86d2ef3 h1:LSl5cFypu2A5v/GO96gWryJRrythlDlQOBX/XtXyq04=
 k8s.io/component-base v0.0.0-20251101153715-0c7fa86d2ef3/go.mod h1:Hg4vHzdLBfaiC57ocfXXPqSKTvLogos0Z5t/YAezWgU=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 
@@ -97,6 +97,10 @@ type Event struct {
 // Impersonated user information.
 // +optional
 ImpersonatedUser *authnv1.UserInfo
+// AuthenticationMetadata contains details about how the request was authenticated.
+// +optional
+AuthenticationMetadata *AuthenticationMetadata
+
 // Source IPs, from where the request originated and intermediate proxies.
 // The source IPs are listed from (in order):
 // 1. X-Forwarded-For request header IPs
@@ -147,6 +151,13 @@ type Event struct {
 Annotations map[string]string
 }
 
+type AuthenticationMetadata struct {
+// ImpersonationConstraint is the verb associated with the constrained impersonation mode that was used to authorize
+// the ImpersonatedUser associated with this audit event. It is only set when constrained impersonation was used.
+// +optional
+ImpersonationConstraint string
+}
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // EventList is a list of audit Events.
 
@@ -90,6 +90,9 @@ type Event struct {
 // Impersonated user information.
 // +optional
 ImpersonatedUser *authnv1.UserInfo `json:"impersonatedUser,omitempty" protobuf:"bytes,7,opt,name=impersonatedUser"`
+// AuthenticationMetadata contains details about how the request was authenticated.
+// +optional
+AuthenticationMetadata *AuthenticationMetadata `json:"authenticationMetadata,omitempty" protobuf:"bytes,17,opt,name=authenticationMetadata"`
 // Source IPs, from where the request originated and intermediate proxies.
 // The source IPs are listed from (in order):
 // 1. X-Forwarded-For request header IPs
@@ -142,6 +145,13 @@ type Event struct {
 Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,15,rep,name=annotations"`
 }
 
+type AuthenticationMetadata struct {
+// ImpersonationConstraint is the verb associated with the constrained impersonation mode that was used to authorize
+// the ImpersonatedUser associated with this audit event. It is only set when constrained impersonation was used.
+// +optional
+ImpersonationConstraint string `json:"impersonationConstraint,omitempty" protobuf:"bytes,1,opt,name=impersonationConstraint"`
+}
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // EventList is a list of audit Events.