From c739da1f02a85224b15b928522370d9b6fac7cb6 Mon Sep 17 00:00:00 2001 From: xuzhonghu Date: Wed, 6 Jun 2018 10:53:03 +0800 Subject: [PATCH] logging user-agent in audit Kubernetes-commit: d066d547cce64a4f02bb05d718bc53fe71d06ad3 --- pkg/apis/audit/types.go | 4 ++++ pkg/apis/audit/v1alpha1/types.go | 4 ++++ pkg/apis/audit/v1beta1/types.go | 4 ++++ pkg/audit/request.go | 1 + 4 files changed, 13 insertions(+) diff --git a/pkg/apis/audit/types.go b/pkg/apis/audit/types.go index d72505d10..5503ed64e 100644 --- a/pkg/apis/audit/types.go +++ b/pkg/apis/audit/types.go @@ -99,6 +99,10 @@ type Event struct { // Source IPs, from where the request originated and intermediate proxies. // +optional SourceIPs []string + // UserAgent is an optional field that specifies the caller of this request. + // Note that the UserAgent is provided by the client, and must not be trusted. + // +optional + UserAgent string // Object reference this request is targeted at. // Does not apply for List-type requests, or non-resource requests. // +optional diff --git a/pkg/apis/audit/v1alpha1/types.go b/pkg/apis/audit/v1alpha1/types.go index 7e8af12b8..064fc4874 100644 --- a/pkg/apis/audit/v1alpha1/types.go +++ b/pkg/apis/audit/v1alpha1/types.go @@ -105,6 +105,10 @@ type Event struct { // Source IPs, from where the request originated and intermediate proxies. // +optional SourceIPs []string `json:"sourceIPs,omitempty" protobuf:"bytes,10,rep,name=sourceIPs"` + // UserAgent is an optional field that specifies the caller of this request. + // Note that the UserAgent is provided by the client, and must not be trusted. + // +optional + UserAgent string `json:"userAgent,omitempty" protobuf:"bytes,18,opt,name=userAgent"` // Object reference this request is targeted at. // Does not apply for List-type requests, or non-resource requests. // +optional diff --git a/pkg/apis/audit/v1beta1/types.go b/pkg/apis/audit/v1beta1/types.go index 0c3299b4a..27e338cac 100644 --- a/pkg/apis/audit/v1beta1/types.go +++ b/pkg/apis/audit/v1beta1/types.go @@ -101,6 +101,10 @@ type Event struct { // Source IPs, from where the request originated and intermediate proxies. // +optional SourceIPs []string `json:"sourceIPs,omitempty" protobuf:"bytes,10,rep,name=sourceIPs"` + // UserAgent is an optional field that specifies the caller of this request. + // Note that the UserAgent is provided by the client, and must not be trusted. + // +optional + UserAgent string `json:"userAgent,omitempty" protobuf:"bytes,18,opt,name=userAgent"` // Object reference this request is targeted at. // Does not apply for List-type requests, or non-resource requests. // +optional diff --git a/pkg/audit/request.go b/pkg/audit/request.go index 25d6c33eb..f62b0359f 100644 --- a/pkg/audit/request.go +++ b/pkg/audit/request.go @@ -42,6 +42,7 @@ func NewEventFromRequest(req *http.Request, level auditinternal.Level, attribs a RequestReceivedTimestamp: metav1.NewMicroTime(time.Now()), Verb: attribs.GetVerb(), RequestURI: req.URL.RequestURI(), + UserAgent: req.UserAgent(), } ev.Level = level