Merge pull request #82490 from liggitt/userinfo-conversion

Userinfo conversion

Kubernetes-commit: 46ce88b9961c6e82d7b94a92ab7bbb65c857983a

pkg/apis/audit/types.go

@@ -17,6 +17,7 @@ limitations under the License.
 package audit
 
 import (
+	authnv1 "k8s.io/api/authentication/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
@@ -92,10 +93,10 @@ type Event struct {
 	// For non-resource requests, this is the lower-cased HTTP method.
 	Verb string
 	// Authenticated user information.
-	User UserInfo
+	User authnv1.UserInfo
 	// Impersonated user information.
 	// +optional
-	ImpersonatedUser *UserInfo
+	ImpersonatedUser *authnv1.UserInfo
 	// Source IPs, from where the request originated and intermediate proxies.
 	// +optional
 	SourceIPs []string
@@ -283,21 +284,3 @@ type ObjectReference struct {
 	// +optional
 	Subresource string
 }
-
-// UserInfo holds the information about the user needed to implement the
-// user.Info interface.
-type UserInfo struct {
-	// The name that uniquely identifies this user among all active users.
-	Username string
-	// A unique value that identifies this user across time. If this user is
-	// deleted and another user by the same name is added, they will have
-	// different UIDs.
-	UID string
-	// The names of groups this user is a part of.
-	Groups []string
-	// Any additional information provided by the authenticator.
-	Extra map[string]ExtraValue
-}
-
-// ExtraValue masks the value so protobuf can generate
-type ExtraValue []string

pkg/apis/audit/v1/zz_generated.conversion.go

@@ -117,11 +117,8 @@ func autoConvert_v1_Event_To_audit_Event(in *Event, out *audit.Event, s conversi
 	out.Stage = audit.Stage(in.Stage)
 	out.RequestURI = in.RequestURI
 	out.Verb = in.Verb
-	// TODO: Inefficient conversion - can we improve it?
-	if err := s.Convert(&in.User, &out.User, 0); err != nil {
-		return err
-	}
-	out.ImpersonatedUser = (*audit.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
+	out.User = in.User
+	out.ImpersonatedUser = (*authenticationv1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
 	out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
 	out.UserAgent = in.UserAgent
 	out.ObjectRef = (*audit.ObjectReference)(unsafe.Pointer(in.ObjectRef))
@@ -145,10 +142,7 @@ func autoConvert_audit_Event_To_v1_Event(in *audit.Event, out *Event, s conversi
 	out.Stage = Stage(in.Stage)
 	out.RequestURI = in.RequestURI
 	out.Verb = in.Verb
-	// TODO: Inefficient conversion - can we improve it?
-	if err := s.Convert(&in.User, &out.User, 0); err != nil {
-		return err
-	}
+	out.User = in.User
 	out.ImpersonatedUser = (*authenticationv1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
 	out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
 	out.UserAgent = in.UserAgent

pkg/apis/audit/v1alpha1/zz_generated.conversion.go

@@ -23,8 +23,8 @@ package v1alpha1
 import (
 	unsafe "unsafe"
 
-	authenticationv1 "k8s.io/api/authentication/v1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	v1 "k8s.io/api/authentication/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	conversion "k8s.io/apimachinery/pkg/conversion"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	types "k8s.io/apimachinery/pkg/types"
@@ -139,11 +139,8 @@ func autoConvert_v1alpha1_Event_To_audit_Event(in *Event, out *audit.Event, s co
 	out.Stage = audit.Stage(in.Stage)
 	out.RequestURI = in.RequestURI
 	out.Verb = in.Verb
-	// TODO: Inefficient conversion - can we improve it?
-	if err := s.Convert(&in.User, &out.User, 0); err != nil {
-		return err
-	}
-	out.ImpersonatedUser = (*audit.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
+	out.User = in.User
+	out.ImpersonatedUser = (*v1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
 	out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
 	out.UserAgent = in.UserAgent
 	if in.ObjectRef != nil {
@@ -155,7 +152,7 @@ func autoConvert_v1alpha1_Event_To_audit_Event(in *Event, out *audit.Event, s co
 	} else {
 		out.ObjectRef = nil
 	}
-	out.ResponseStatus = (*v1.Status)(unsafe.Pointer(in.ResponseStatus))
+	out.ResponseStatus = (*metav1.Status)(unsafe.Pointer(in.ResponseStatus))
 	out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject))
 	out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject))
 	out.RequestReceivedTimestamp = in.RequestReceivedTimestamp
@@ -170,11 +167,8 @@ func autoConvert_audit_Event_To_v1alpha1_Event(in *audit.Event, out *Event, s co
 	out.Stage = Stage(in.Stage)
 	out.RequestURI = in.RequestURI
 	out.Verb = in.Verb
-	// TODO: Inefficient conversion - can we improve it?
-	if err := s.Convert(&in.User, &out.User, 0); err != nil {
-		return err
-	}
-	out.ImpersonatedUser = (*authenticationv1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
+	out.User = in.User
+	out.ImpersonatedUser = (*v1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
 	out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
 	out.UserAgent = in.UserAgent
 	if in.ObjectRef != nil {
@@ -186,7 +180,7 @@ func autoConvert_audit_Event_To_v1alpha1_Event(in *audit.Event, out *Event, s co
 	} else {
 		out.ObjectRef = nil
 	}
-	out.ResponseStatus = (*v1.Status)(unsafe.Pointer(in.ResponseStatus))
+	out.ResponseStatus = (*metav1.Status)(unsafe.Pointer(in.ResponseStatus))
 	out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject))
 	out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject))
 	out.RequestReceivedTimestamp = in.RequestReceivedTimestamp

pkg/apis/audit/v1beta1/zz_generated.conversion.go

@@ -23,8 +23,8 @@ package v1beta1
 import (
 	unsafe "unsafe"
 
-	authenticationv1 "k8s.io/api/authentication/v1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	v1 "k8s.io/api/authentication/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	conversion "k8s.io/apimachinery/pkg/conversion"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	types "k8s.io/apimachinery/pkg/types"
@@ -129,15 +129,12 @@ func autoConvert_v1beta1_Event_To_audit_Event(in *Event, out *audit.Event, s con
 	out.Stage = audit.Stage(in.Stage)
 	out.RequestURI = in.RequestURI
 	out.Verb = in.Verb
-	// TODO: Inefficient conversion - can we improve it?
-	if err := s.Convert(&in.User, &out.User, 0); err != nil {
-		return err
-	}
-	out.ImpersonatedUser = (*audit.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
+	out.User = in.User
+	out.ImpersonatedUser = (*v1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
 	out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
 	out.UserAgent = in.UserAgent
 	out.ObjectRef = (*audit.ObjectReference)(unsafe.Pointer(in.ObjectRef))
-	out.ResponseStatus = (*v1.Status)(unsafe.Pointer(in.ResponseStatus))
+	out.ResponseStatus = (*metav1.Status)(unsafe.Pointer(in.ResponseStatus))
 	out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject))
 	out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject))
 	out.RequestReceivedTimestamp = in.RequestReceivedTimestamp
@@ -152,15 +149,12 @@ func autoConvert_audit_Event_To_v1beta1_Event(in *audit.Event, out *Event, s con
 	out.Stage = Stage(in.Stage)
 	out.RequestURI = in.RequestURI
 	out.Verb = in.Verb
-	// TODO: Inefficient conversion - can we improve it?
-	if err := s.Convert(&in.User, &out.User, 0); err != nil {
-		return err
-	}
-	out.ImpersonatedUser = (*authenticationv1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
+	out.User = in.User
+	out.ImpersonatedUser = (*v1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
 	out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
 	out.UserAgent = in.UserAgent
 	out.ObjectRef = (*ObjectReference)(unsafe.Pointer(in.ObjectRef))
-	out.ResponseStatus = (*v1.Status)(unsafe.Pointer(in.ResponseStatus))
+	out.ResponseStatus = (*metav1.Status)(unsafe.Pointer(in.ResponseStatus))
 	out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject))
 	out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject))
 	out.RequestReceivedTimestamp = in.RequestReceivedTimestamp

pkg/apis/audit/zz_generated.deepcopy.go

@@ -21,7 +21,8 @@ limitations under the License.
 package audit
 
 import (
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	v1 "k8s.io/api/authentication/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
@@ -32,7 +33,7 @@ func (in *Event) DeepCopyInto(out *Event) {
 	in.User.DeepCopyInto(&out.User)
 	if in.ImpersonatedUser != nil {
 		in, out := &in.ImpersonatedUser, &out.ImpersonatedUser
-		*out = new(UserInfo)
+		*out = new(v1.UserInfo)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.SourceIPs != nil {
@@ -47,7 +48,7 @@ func (in *Event) DeepCopyInto(out *Event) {
 	}
 	if in.ResponseStatus != nil {
 		in, out := &in.ResponseStatus, &out.ResponseStatus
-		*out = new(v1.Status)
+		*out = new(metav1.Status)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.RequestObject != nil {
@@ -123,26 +124,6 @@ func (in *EventList) DeepCopyObject() runtime.Object {
 	return nil
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in ExtraValue) DeepCopyInto(out *ExtraValue) {
-	{
-		in := &in
-		*out = make(ExtraValue, len(*in))
-		copy(*out, *in)
-		return
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue.
-func (in ExtraValue) DeepCopy() ExtraValue {
-	if in == nil {
-		return nil
-	}
-	out := new(ExtraValue)
-	in.DeepCopyInto(out)
-	return *out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *GroupResources) DeepCopyInto(out *GroupResources) {
 	*out = *in
@@ -308,39 +289,3 @@ func (in *PolicyRule) DeepCopy() *PolicyRule {
 	in.DeepCopyInto(out)
 	return out
 }
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *UserInfo) DeepCopyInto(out *UserInfo) {
-	*out = *in
-	if in.Groups != nil {
-		in, out := &in.Groups, &out.Groups
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.Extra != nil {
-		in, out := &in.Extra, &out.Extra
-		*out = make(map[string]ExtraValue, len(*in))
-		for key, val := range *in {
-			var outVal []string
-			if val == nil {
-				(*out)[key] = nil
-			} else {
-				in, out := &val, &outVal
-				*out = make(ExtraValue, len(*in))
-				copy(*out, *in)
-			}
-			(*out)[key] = outVal
-		}
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo.
-func (in *UserInfo) DeepCopy() *UserInfo {
-	if in == nil {
-		return nil
-	}
-	out := new(UserInfo)
-	in.DeepCopyInto(out)
-	return out
-}

pkg/audit/event/attributes.go

@@ -20,6 +20,7 @@ import (
 	"fmt"
 	"net/url"
 
+	authnv1 "k8s.io/api/authentication/v1"
 	"k8s.io/apiserver/pkg/apis/audit"
 	authuser "k8s.io/apiserver/pkg/authentication/user"
 	"k8s.io/apiserver/pkg/authorization/authorizer"
@@ -126,7 +127,7 @@ func (a *attributes) GetPath() string {
 }
 
 // user represents the event user
-type user audit.UserInfo
+type user authnv1.UserInfo
 
 // GetName returns the user name
 func (u user) GetName() string { return u.Username }

pkg/audit/request.go

@@ -26,6 +26,7 @@ import (
 	"github.com/pborman/uuid"
 	"k8s.io/klog"
 
+	authnv1 "k8s.io/api/authentication/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -68,9 +69,9 @@ func NewEventFromRequest(req *http.Request, level auditinternal.Level, attribs a
 
 	if user := attribs.GetUser(); user != nil {
 		ev.User.Username = user.GetName()
-		ev.User.Extra = map[string]auditinternal.ExtraValue{}
+		ev.User.Extra = map[string]authnv1.ExtraValue{}
 		for k, v := range user.GetExtra() {
-			ev.User.Extra[k] = auditinternal.ExtraValue(v)
+			ev.User.Extra[k] = authnv1.ExtraValue(v)
 		}
 		ev.User.Groups = user.GetGroups()
 		ev.User.UID = user.GetUID()
@@ -95,14 +96,14 @@ func LogImpersonatedUser(ae *auditinternal.Event, user user.Info) {
 	if ae == nil || ae.Level.Less(auditinternal.LevelMetadata) {
 		return
 	}
-	ae.ImpersonatedUser = &auditinternal.UserInfo{
+	ae.ImpersonatedUser = &authnv1.UserInfo{
 		Username: user.GetName(),
 	}
 	ae.ImpersonatedUser.Groups = user.GetGroups()
 	ae.ImpersonatedUser.UID = user.GetUID()
-	ae.ImpersonatedUser.Extra = map[string]auditinternal.ExtraValue{}
+	ae.ImpersonatedUser.Extra = map[string]authnv1.ExtraValue{}
 	for k, v := range user.GetExtra() {
-		ae.ImpersonatedUser.Extra[k] = auditinternal.ExtraValue(v)
+		ae.ImpersonatedUser.Extra[k] = authnv1.ExtraValue(v)
 	}
 }
 

plugin/pkg/audit/dynamic/enforced/enforced_test.go

@@ -21,6 +21,7 @@ import (
 
 	"github.com/stretchr/testify/require"
 
+	authnv1 "k8s.io/api/authentication/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	auditinternal "k8s.io/apiserver/pkg/apis/audit"
 	"k8s.io/apiserver/pkg/audit/policy"
@@ -67,7 +68,7 @@ func TestEnforced(t *testing.T) {
 				Level:      auditinternal.LevelRequestResponse,
 				Stage:      auditinternal.StageResponseComplete,
 				RequestURI: "/apis/extensions/v1beta1",
-				User: auditinternal.UserInfo{
+				User: authnv1.UserInfo{
 					Username: user.Anonymous,
 				},
 				RequestObject:  &runtime.Unknown{Raw: []byte(`test`)},

plugin/pkg/audit/log/backend_test.go

@@ -25,6 +25,7 @@ import (
 
 	"github.com/pborman/uuid"
 
+	authnv1 "k8s.io/api/authentication/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -64,7 +65,7 @@ func TestLogEventsLegacy(t *testing.T) {
 				AuditID:                  types.UID(uuid.NewRandom().String()),
 				Stage:                    auditinternal.StageRequestReceived,
 				Verb:                     "get",
-				User: auditinternal.UserInfo{
+				User: authnv1.UserInfo{
 					Username: "admin",
 					Groups: []string{
 						"system:masters",
@@ -122,7 +123,7 @@ func TestLogEventsJson(t *testing.T) {
 			AuditID:                  types.UID(uuid.NewRandom().String()),
 			Stage:                    auditinternal.StageRequestReceived,
 			Verb:                     "get",
-			User: auditinternal.UserInfo{
+			User: authnv1.UserInfo{
 				Username: "admin",
 				Groups: []string{
 					"system:masters",