2a8bc69060
Initialize the AuditEvent with the AuditContext ( #113611 )
...
* Initialize the AuditEvent with the AuditContext
* Squash: Address PR feedback
* Squash: address PR feedback
Kubernetes-commit: 2b03f04ce589a57cf80b2153c7e5056c53c374d3
2023-07-03 18:28:13 +00:00
1431da0154
Replace uses of diff.ObjectDiff with cmp.Diff
...
ObjectDiff is already a shim over cmp.Diff, so no actual output or
behavior changes
Kubernetes-commit: 29c0b73d640b6e50c4f2dfeee7b07ca66a530dbd
2023-03-23 11:29:01 -07:00
919e9045fa
Combine RequestAuditConfig with RequestAuditConfigWithLevel
...
Kubernetes-commit: 1a1ca5173ea0f6b06a74d4a26e694cff521a2f8e
2022-11-02 15:23:48 -07:00
0547548a94
strict decode policy first
...
Kubernetes-commit: 5dcfaae7b90c4838e488eace376e05c9e807f23b
2022-11-02 16:17:52 +08:00
bd7c7f52c2
Consolidate AuditContext
...
Kubernetes-commit: f1d684b7b60b39b7dc1eb4156307c593f0ba74e1
2022-07-12 11:53:57 -07:00
8a252ba686
More useful audit error logs
...
Kubernetes-commit: 8924d0e8b6d185eef8794f9144c321e2f4a0adae
2022-08-04 15:17:13 -07:00
9c0ce32da0
Delete dead audit code
...
Kubernetes-commit: e7f0fd7cf705f2745b6e10e5846c776a9095445d
2022-07-13 17:22:26 -07:00
91c6c18439
Fix issue that Audit Server could not correctly encode DeleteOption
...
Kubernetes-commit: 286a67d78c5be2b9ee39ed9fe26aa5a232058832
2022-05-18 20:23:16 +08:00
8becd60e02
fix audit union loop variables in closures
...
Kubernetes-commit: 85b027e6fa90dafac5d68d3ba41fd0dc4c53cbf1
2022-05-20 17:38:26 +08:00
828212b872
Avoid log spam in servers without auditing enabled
...
Kubernetes-commit: f23b9a500272c4c6ffaf2a577762f9e2e4370494
2022-03-31 01:50:24 -04:00
1e36b0a9fb
Don't add audit annotations directly to the audit event
...
Kubernetes-commit: bdebc62d49293a0fbbd7e0d95bfd94b1ce21015c
2022-03-28 11:38:38 -07:00
95587e321e
Audit annotations mutex
...
Kubernetes-commit: c3a68d5de83116289799571de57ace47cd950364
2022-03-28 17:21:14 +00:00
5258d09ebc
Delete dead code
...
Kubernetes-commit: d2f53a08567b763003bea6e9c45b688e604b8aff
2022-03-28 11:51:59 -07:00
871a4b7200
remove audit.k8s.io/v1[alpha|beta]1 versions
...
Kubernetes-commit: fcc282f9f2050aaa4007d6f0444b0f4972925fea
2022-02-13 13:23:49 +08:00
ba2b9977b2
Issue 105353: Add messages+details to audit logs response ( #105415 )
...
Kubernetes-commit: 016b96ca3896d27b37c5b2d6e223fb3320a0fdec
2022-02-23 17:53:33 -08:00
56a3a30ae1
Check in OWNERS modified by update-yamlfmt.sh
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: 9405e9b55ebcd461f161859a698b949ea3bde31d
2021-12-09 21:31:26 -05:00
fea88b8efd
drop managed fields from audit entries
...
drop the managed fields of the objects from the audit entries when we
are logging request and response bodies.
Kubernetes-commit: bbc59348318c29199e23b27981fb56436ac68705
2020-10-12 13:18:59 -04:00
7afcd94ea2
apiserver: evaluate OmitManagedFields
...
Kubernetes-commit: 7ea7c2029feb6e7ef2a50ecd179953812f45abbf
2021-10-06 16:16:38 -04:00
0e3e7334bb
apiserver: refactor PolicyRuleEvaluator to return a struct
...
Kubernetes-commit: a748fdc6775c63b52a1a963e2332ac774890d2a9
2021-09-20 17:44:11 -04:00
d53acfe201
apiserver: store (event, evaluated policy) pair in request context
...
Kubernetes-commit: 8be823b0b0270e1b979b3d4c6e683e1daa0f2e01
2021-09-20 17:43:16 -04:00
450b7e8f12
rename audit Checker interface
...
Kubernetes-commit: 27f150351475adaef416bd893403e7066b70d33a
2021-03-24 13:07:21 -04:00
dd5fc094cd
Use objGV instead of gvk.GroupVersion
...
Kubernetes-commit: 15c4d579f08335f33555d3cab5eff41c74e671b9
2021-06-02 14:27:30 +08:00
790f5a21a7
Fix auditing failed of request: encoding failed
...
Kubernetes-commit: 329f7d55d1344f728e28ce49728234f9f8f4c5d3
2021-05-17 02:31:08 +08:00
549cbbf8de
fix broken link in some files
...
Kubernetes-commit: b29a5fb0746f772b38da570cd8fdc77396ffca31
2021-04-13 08:43:24 +08:00
e9a1de1bba
add user-agent for audit log format legacy
...
Kubernetes-commit: 358b33519cdcb3561b41a665558306967cc1d1b9
2021-02-25 20:23:51 +08:00
bd0605a728
audit: make stage consts use correct type
...
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: 84ac2398da2be7810d311c4bc9f7358618ed193b
2021-04-09 12:29:20 -04:00
f1a76db888
apiserver: manage audit ID associated with a request
...
Manage the audit ID early in the request handling logic so that it can
be used by different layers to improve correlation.
- If the caller does not specify a value for Audit-ID in the request
header, we generate a new audit ID
- If a user specified Audit-ID is too large, we truncate it
- We echo the Audit-ID value to the caller via the response
Header 'Audit-ID'
Kubernetes-commit: 31653bacb9b979ee2f878ebece7e25f79d3f9aa6
2021-03-02 19:22:39 -05:00
146083d06b
deprecate audit.k8s.io/v1[alpha|beta]1 versions
...
Kubernetes-commit: cad9c245b84fd16cbb5bf240622af07ce7bc3585
2021-02-08 11:22:29 +08:00
dfad5032fb
Fix ALPHA stability level reference link
...
Kubernetes-commit: e01a21469b9719f7d0e84021c032cd8f0016b5d2
2021-01-31 15:37:07 -08:00
6f3753addf
add context to metric in apiserver/audit
...
Kubernetes-commit: 4ba3f1a982227a30b083f6359e76a616e9eabfd1
2021-01-20 12:04:41 -08:00
cebcef9fb1
staging/src/k8s.io/apiserver/pkg/audit/policy/reader.go migrate logs to structured logging
...
Kubernetes-commit: eb8f8368bc33a46c0ec595e3f015979420b49a5c
2021-01-21 11:43:30 +08:00
50cce843c9
Take into account latency incurred in server filters
...
apiserver_request_duration_seconds does not take into account the
time a request spends in the server filters. If a filter takes longer
then the latency incurred will not be reflected in the apiserver
latency metrics.
For example, the amount of time a request spends in priority and
fairness machineries or in shuffle queues will not be accounted for.
- Add a server filter that attaches request received timestamp to the
request context very early in in the handler chain (as soon as
net/http hands over control to us).
- Use the above received timestamp in the apiserver latency metrics
apiserver_request_duration_seconds.
- Use the above received timestamp in the audit layer to set
RequestReceivedTimestamp.
Kubernetes-commit: d74ab9e1a4929be208d4529fd12b76d3fcd5d546
2020-09-18 16:46:07 -04:00
5f7ddf0f68
prefer NoError/Error over Nil/NotNil
...
Kubernetes-commit: 203679cc6105ea490e75af1efa83497b771d7d36
2020-07-18 20:23:35 -04:00
9fd9fcfad5
remove-api
...
Kubernetes-commit: e857adbdfdba795ceca870f194d8d8a296bbdc21
2020-05-27 14:27:08 -04:00
5879417a28
switch over k/k to use klog v2
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: 442a69c3bdf6fe8e525b05887e57d89db1e2f3a5
2020-04-17 15:25:06 -04:00
1873d19869
Allow handlers early in the request chain to set audit annotations
...
This change adds the generic ability for request handlers that run
before WithAudit to set annotations in the audit.Event.Annotations
map.
Note that this change does not use this capability yet. Determining
which handlers should set audit annotations and what keys and values
should be used requires further discussion (this data will become
part of our public API).
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: 0bc62112adf270ef4efada37286319c229324c7b
2020-03-19 20:02:37 -04:00
ab9ec5ee43
fix: replace TrimLeft with TrimPrefix and TrimRight with TrimSuffix
...
Kubernetes-commit: 51b7ef2c87e3321668fedecbbc02c1a16357033d
2019-12-02 21:27:15 +08:00
44b9fc84ab
migrate callers to g/g/uuid
...
Kubernetes-commit: a4ca9e6c93e45b4a97e7d04df37362299088f64a
2019-11-04 23:15:20 -08:00
a653e5ab1a
Export UserInfo conversion, use authnv1.UserInfo in audit
...
Kubernetes-commit: 0e787a4b78a849fa66a02126721dd185e7c00955
2019-09-09 08:54:54 -04:00
3e6e1db500
add some documentation around the metrics stability migration changes for clarity
...
Kubernetes-commit: 4e5d906c4d008f914b0ede26ea91533d6343dec5
2019-08-26 19:15:30 -07:00
b9084e350a
migrate kube-apiserver metrics to stability framework
...
Kubernetes-commit: 466980dd747e06e55451301c624eecccfa505123
2019-08-22 15:38:42 -07:00
70c200c6a0
audit & admission: associate annotation with audit level
...
Kubernetes-commit: 318226f3403f56aaf796af3f439c13674aa2b7ab
2019-05-31 15:36:29 -07:00
6c13576bf2
Add port to ServiceResolvers
...
Kubernetes-commit: 11f37d757fc0b710245446c80a8c9578ce2c02f1
2019-03-01 16:32:50 -08:00
f06a9dc218
Add port to ServiceReference of Admission Webhooks, ConversionWebhooks and AuditSync with defaulter and validator
...
Kubernetes-commit: 404e2f7a30626f02b55180bccf6a5f16bcbbfa82
2019-03-01 14:35:42 -08:00
7762f62741
Refactor loops over SupportedMediaTypes() where mediaType is used to match a single SerializerInfo{}
...
We have an existing helper function for this: runtime.SerializerInfoForMediaType()
This is common prep-work for encoding runtime.Objects into JSON/YAML for transmission over the wire or writing to ComponentConfigs.
Kubernetes-commit: 47e52d2981dc2a5c5950042f50688cf24dd92eda
2019-04-04 19:01:01 -06:00
22712db708
make audit metadata work for custom resources
...
Kubernetes-commit: 9d41c0099adc9a9328209075421eb42681bd4b09
2019-02-26 14:37:58 -05:00
2ca48066d7
Audit test utils fix ( #74276 )
...
* changes audit e2e event version scheme; adds internal audit to common audit scheme; removes unneeded comments
* add more detail to audit missing events in e2e/integration tests
* adds version priority to audit scheme; updates comment
Kubernetes-commit: 9e4f8d6fae3a43833dbe9edcefd9170aa97496d7
2019-02-22 01:19:51 -07:00
4c9524b9fb
Updated OWNERS files to include link to docs
...
Kubernetes-commit: b43c04452f3b563473b5c2a765d4ac18cc0ff58f
2019-01-30 20:05:00 +01:00
877329b0f3
Add option to k8s apiserver to reject incoming requests upon audit failure
...
Kubernetes-commit: 7a10f4eda725f55bec9893eb1c03f2402dbcd32f
2018-07-03 14:40:55 +02:00
9fd62b6f47
adds dynamic audit configuration
...
Kubernetes-commit: eb89d3dddd3792b0a6cd724e64bbbc11d6c15380
2018-10-18 21:34:17 -05:00
Tim Allclair
Tim Hockin
kidddddddddddddddddddddd
scott
Jordan Liggitt
carlory
uhari03
Davanum Srinivas
Abu Kashem
njuptlzf
卢振兴10069964
xiaofei.sun
Monis Khan
Jiaxin Shan
yoyinzyc
lala123912
Stephen Solka
David Eads
Guangming Wang
Mike Danese
Han Kang
Haowei Cai
Mehdy Bohlool
leigh capili
Patrick Barker
Roy Lenferink
Daniel Kłobuszewski