74 lines
2.0 KiB
Go
74 lines
2.0 KiB
Go
/*
|
|
Copyright 2017 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package audit
|
|
|
|
import (
|
|
"fmt"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
auditinternal "k8s.io/apiserver/pkg/apis/audit"
|
|
)
|
|
|
|
// EventString creates a 1-line text representation of an audit event, using a subset of the
|
|
// information in the event struct.
|
|
func EventString(ev *auditinternal.Event) string {
|
|
username := "<none>"
|
|
groups := "<none>"
|
|
if len(ev.User.Username) > 0 {
|
|
username = ev.User.Username
|
|
if len(ev.User.Groups) > 0 {
|
|
groups = auditStringSlice(ev.User.Groups)
|
|
}
|
|
}
|
|
asuser := "<self>"
|
|
asgroups := "<lookup>"
|
|
if ev.ImpersonatedUser != nil {
|
|
asuser = ev.ImpersonatedUser.Username
|
|
if ev.ImpersonatedUser.Groups != nil {
|
|
asgroups = auditStringSlice(ev.ImpersonatedUser.Groups)
|
|
}
|
|
}
|
|
|
|
namespace := "<none>"
|
|
if ev.ObjectRef != nil && len(ev.ObjectRef.Namespace) != 0 {
|
|
namespace = ev.ObjectRef.Namespace
|
|
}
|
|
|
|
response := "<deferred>"
|
|
if ev.ResponseStatus != nil {
|
|
response = strconv.Itoa(int(ev.ResponseStatus.Code))
|
|
}
|
|
|
|
ip := "<unknown>"
|
|
if len(ev.SourceIPs) > 0 {
|
|
ip = ev.SourceIPs[0]
|
|
}
|
|
|
|
return fmt.Sprintf("%s AUDIT: id=%q stage=%q ip=%q method=%q user=%q groups=%q as=%q asgroups=%q namespace=%q uri=%q response=\"%s\"",
|
|
ev.Timestamp.Format(time.RFC3339Nano), ev.AuditID, ev.Stage, ip, ev.Verb, username, groups, asuser, asgroups, namespace, ev.RequestURI, response)
|
|
}
|
|
|
|
func auditStringSlice(inList []string) string {
|
|
quotedElements := make([]string, len(inList))
|
|
for i, in := range inList {
|
|
quotedElements[i] = fmt.Sprintf("%q", in)
|
|
}
|
|
return strings.Join(quotedElements, ",")
|
|
}
|