apiserver

Commit Graph

Author	SHA1	Message	Date
Tim Allclair	919e9045fa	Combine RequestAuditConfig with RequestAuditConfigWithLevel Kubernetes-commit: 1a1ca5173ea0f6b06a74d4a26e694cff521a2f8e	2022-11-02 15:23:48 -07:00
kidddddddddddddddddddddd	0547548a94	strict decode policy first Kubernetes-commit: 5dcfaae7b90c4838e488eace376e05c9e807f23b	2022-11-02 16:17:52 +08:00
Tim Allclair	9c0ce32da0	Delete dead audit code Kubernetes-commit: e7f0fd7cf705f2745b6e10e5846c776a9095445d	2022-07-13 17:22:26 -07:00
carlory	871a4b7200	remove audit.k8s.io/v1[alpha\|beta]1 versions Kubernetes-commit: fcc282f9f2050aaa4007d6f0444b0f4972925fea	2022-02-13 13:23:49 +08:00
Abu Kashem	7afcd94ea2	apiserver: evaluate OmitManagedFields Kubernetes-commit: 7ea7c2029feb6e7ef2a50ecd179953812f45abbf	2021-10-06 16:16:38 -04:00
Abu Kashem	0e3e7334bb	apiserver: refactor PolicyRuleEvaluator to return a struct Kubernetes-commit: a748fdc6775c63b52a1a963e2332ac774890d2a9	2021-09-20 17:44:11 -04:00
Abu Kashem	450b7e8f12	rename audit Checker interface Kubernetes-commit: 27f150351475adaef416bd893403e7066b70d33a	2021-03-24 13:07:21 -04:00
Monis Khan	bd0605a728	audit: make stage consts use correct type Signed-off-by: Monis Khan <mok@vmware.com> Kubernetes-commit: 84ac2398da2be7810d311c4bc9f7358618ed193b	2021-04-09 12:29:20 -04:00
carlory	146083d06b	deprecate audit.k8s.io/v1[alpha\|beta]1 versions Kubernetes-commit: cad9c245b84fd16cbb5bf240622af07ce7bc3585	2021-02-08 11:22:29 +08:00
lala123912	cebcef9fb1	staging/src/k8s.io/apiserver/pkg/audit/policy/reader.go migrate logs to structured logging Kubernetes-commit: eb8f8368bc33a46c0ec595e3f015979420b49a5c	2021-01-21 11:43:30 +08:00
Stephen Solka	5f7ddf0f68	prefer NoError/Error over Nil/NotNil Kubernetes-commit: 203679cc6105ea490e75af1efa83497b771d7d36	2020-07-18 20:23:35 -04:00
David Eads	9fd9fcfad5	remove-api Kubernetes-commit: e857adbdfdba795ceca870f194d8d8a296bbdc21	2020-05-27 14:27:08 -04:00
Davanum Srinivas	5879417a28	switch over k/k to use klog v2 Signed-off-by: Davanum Srinivas <davanum@gmail.com> Kubernetes-commit: 442a69c3bdf6fe8e525b05887e57d89db1e2f3a5	2020-04-17 15:25:06 -04:00
Guangming Wang	ab9ec5ee43	fix: replace TrimLeft with TrimPrefix and TrimRight with TrimSuffix Kubernetes-commit: 51b7ef2c87e3321668fedecbbc02c1a16357033d	2019-12-02 21:27:15 +08:00
Patrick Barker	9fd62b6f47	adds dynamic audit configuration Kubernetes-commit: eb89d3dddd3792b0a6cd724e64bbbc11d6c15380	2018-10-18 21:34:17 -05:00
Davanum Srinivas	2710b17b80	Move from glog to klog - Move from the old github.com/golang/glog to k8s.io/klog - klog as explicit InitFlags() so we add them as necessary - we update the other repositories that we vendor that made a similar change from glog to klog * github.com/kubernetes/repo-infra * k8s.io/gengo/ * k8s.io/kube-openapi/ * github.com/google/cadvisor - Entirely remove all references to glog - Fix some tests by explicit InitFlags in their init() methods Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135 Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c	2018-11-09 13:49:10 -05:00
Patrick Barker	f3b69c3f89	adds dynamic audit plugins Kubernetes-commit: 8eb2150689159bd011aec189cf77e5b15fbcb22b	2018-10-18 21:34:02 -05:00
David Eads	3aa496e8ef	allow audit policy to be loaded from any byte source Kubernetes-commit: 5d46ff41d85a825d508d8c9ec32b90a27de18350	2018-09-13 14:25:16 -04:00
Cao Shufeng	b40373204e	use Audit v1 api and add it to some unit tests Kubernetes-commit: 716dc87a1095027f9ab08ee59abfffab1d15ec29	2018-07-27 14:06:29 +08:00
Kubernetes Publisher	627fa76a8b	sync: initially remove files BUILD /BUILD BUILD.bazel /BUILD.bazel	2018-03-15 09:38:17 +00:00
Jeff Grafton	1ab12b2dc8	Autogenerated: hack/update-bazel.sh Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e	2018-02-16 13:43:01 -08:00
Cao Shufeng	01b15f1056	fix invalid match rules for advanced audit policy When users or groups are set in a rule, this rule should not match attribute with unauthorized request where user and group are nil. Kubernetes-commit: 9a7acaae1d5015886cc7c3bc46fc3d973045dc2a	2018-02-06 14:05:57 +08:00
hzxuzhonghu	5dc3326df1	add test case Kubernetes-commit: cc135e985ccde88ac662b33ef81dd71de3ad0520	2017-11-08 16:20:16 +08:00
hzxuzhonghu	a94f246093	audit support wildcard matching subresources Kubernetes-commit: 6e83d88be906c174ab3860eec70f2a4aec0ecb48	2017-11-08 16:03:26 +08:00
Jeff Grafton	c8a97ee31a	Autogenerate BUILD files Kubernetes-commit: efee0704c60a2ee3049268a41535aaee7f661f6c	2017-12-23 13:06:26 -08:00
Cao Shufeng	d3301ca8d8	[advanced audit]add a policy wide omitStage Kubernetes-commit: d75c0f0e21af8229ed3147e9a798441221c03574	2017-10-27 10:01:01 +08:00
Eric Chiang	f3797a6c71	audit policy: reject audit policy files without apiVersion and kind Kubernetes-commit: fa40bc8f18f7c153910d048bbafefc430fe9bd11	2017-10-19 17:27:29 -07:00
Jeff Grafton	f4dbe23125	update BUILD files Kubernetes-commit: aee5f457dbfd70c2d15c33e392dce6a3ca710116	2017-10-12 13:52:10 -07:00
Kubernetes Publisher	d7e7a0ab18	Update the test under audit policy Kubernetes-commit: ea1694eab1a1b251b31ce006cc48594a7eb05add	2017-09-22 11:42:06 +00:00
Chao Wang	221a6a181e	A policy with 0 rules should return an error Kubernetes-commit: 0ad4282fd0b31e1d12b711696efb134bdc2f83cc	2017-09-09 21:44:32 +00:00
Cao Shufeng	4905dd9b0c	Provide a way to omit Event stages in audit policy Updates https://github.com/kubernetes/kubernetes/issues/48561 This provide a way to omit some stages for each audit policy rule. For example: apiVersion: audit.k8s.io/v1beta1 kind: Policy - level: Metadata resources: - group: "rbac.authorization.k8s.io" resources: ["roles"] omitStages: - "RequestReceived" RequestReceived stage will not be emitted to audit backends with previous config. Kubernetes-commit: 47ba91450fbe7d9002bfc9d4a48a73256252821f	2017-09-04 14:03:48 +00:00
Maciej Szulik	677d724b3a	Allow audit to log authorization failures Kubernetes-commit: 9fef244d4ccce0ea8daf37ab86a7af4892d000cf	2017-09-03 14:04:12 +00:00
Eric Chiang	1fa829c7c8	Audit policy v1beta1 now supports matching subresources and resource names. policy: - level: Metadata resources: - group: "" resources ["pods/logs"] - level: None resources: - group: "" resources: ["configmaps"] resourceNames: ["controller-leader"] The top level resource no longer matches the subresource. For example "pods" no longer matches requests to the logs subresource on pods. ```release-note Audit policy supports matching subresources and resource names, but the top level resource no longer matches the subresouce. For example "pods" no longer matches requests to the logs subresource of pods. Use "pods/logs" to match subresources. ``` Kubernetes-commit: 85491f1578b9b97751a332d3b957d874cecf27b3	2017-09-01 16:38:01 +00:00
Cao Shufeng	24b54db39e	run hack/update-all.sh Kubernetes-commit: 0410221c3fec1a54cde05104b92e44e13cddc77a	2017-08-29 13:16:13 +00:00
Cao Shufeng	3468d049a7	upgrade advanced audit to v1beta1 Kubernetes-commit: f4e8b8f1464e588306d5c1c4ffdc1a6cb1e9313b	2017-08-29 13:16:13 +00:00
Jeff Grafton	6c539a43c6	Use buildozer to delete licenses() rules except under third_party/ Kubernetes-commit: a7f49c906df816123e7d4ccbd4cebab411519465	2017-08-29 13:15:24 +00:00
Jeff Grafton	6caa2933ae	Use buildozer to remove deprecated automanaged tags Kubernetes-commit: 33276f06be5e872bf53ca62a095fcf0a6b6c11a8	2017-08-29 13:15:24 +00:00
Jeff Grafton	44942b068a	Run hack/update-bazel.sh to generate BUILD files Kubernetes-commit: 3579017b865ddbc5449d6bba87346f086e4b93ff	2017-08-29 13:13:51 +00:00
Cao Shufeng	df4801fa4e	empty audit policy file is legal configuration Empty audit policy file or policy file contains only comments means using default audit level for all requests. Kubernetes-commit: b6b2a30e830cc362c41ec1014ed9f3ef3535f93b	2017-06-13 20:47:30 +00:00
Tim St. Clair	8ff532a4cb	Implement audit policy logic Kubernetes-commit: a5de309ee261aea15bb1cc12647b32640c2ac196	2017-06-13 20:47:28 +00:00

40 Commits