apiserver: k8s.io/apiserver/pkg/apis/audit/v1 Index | Files

package v1

import "k8s.io/apiserver/pkg/apis/audit/v1"

Index

Package Files

doc.go generated.pb.go register.go types.go zz_generated.conversion.go zz_generated.deepcopy.go zz_generated.defaults.go

Constants

const (
    // The stage for events generated as soon as the audit handler receives the request, and before it
    // is delegated down the handler chain.
    StageRequestReceived = "RequestReceived"
    // The stage for events generated once the response headers are sent, but before the response body
    // is sent. This stage is only generated for long-running requests (e.g. watch).
    StageResponseStarted = "ResponseStarted"
    // The stage for events generated once the response body has been completed, and no more bytes
    // will be sent.
    StageResponseComplete = "ResponseComplete"
    // The stage for events generated when a panic occurred.
    StagePanic = "Panic"
)

Valid audit stages.

const GroupName = "audit.k8s.io"

GroupName is the group name use in this package

const (
    // Header to hold the audit ID as the request is propagated through the serving hierarchy. The
    // Audit-ID header should be set by the first server to receive the request (e.g. the federation
    // server or kube-aggregator).
    HeaderAuditID = "Audit-ID"
)

Header keys used by the audit system.

Variables

var (
    ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling")
    ErrIntOverflowGenerated   = fmt.Errorf("proto: integer overflow")
)
var (
    SchemeBuilder runtime.SchemeBuilder

    AddToScheme = localSchemeBuilder.AddToScheme
)
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"}

SchemeGroupVersion is group version used to register these objects

func Convert_audit_EventList_To_v1_EventList Uses

func Convert_audit_EventList_To_v1_EventList(in *audit.EventList, out *EventList, s conversion.Scope) error

Convert_audit_EventList_To_v1_EventList is an autogenerated conversion function.

func Convert_audit_Event_To_v1_Event Uses

func Convert_audit_Event_To_v1_Event(in *audit.Event, out *Event, s conversion.Scope) error

Convert_audit_Event_To_v1_Event is an autogenerated conversion function.

func Convert_audit_GroupResources_To_v1_GroupResources Uses

func Convert_audit_GroupResources_To_v1_GroupResources(in *audit.GroupResources, out *GroupResources, s conversion.Scope) error

Convert_audit_GroupResources_To_v1_GroupResources is an autogenerated conversion function.

func Convert_audit_ObjectReference_To_v1_ObjectReference Uses

func Convert_audit_ObjectReference_To_v1_ObjectReference(in *audit.ObjectReference, out *ObjectReference, s conversion.Scope) error

Convert_audit_ObjectReference_To_v1_ObjectReference is an autogenerated conversion function.

func Convert_audit_PolicyList_To_v1_PolicyList Uses

func Convert_audit_PolicyList_To_v1_PolicyList(in *audit.PolicyList, out *PolicyList, s conversion.Scope) error

Convert_audit_PolicyList_To_v1_PolicyList is an autogenerated conversion function.

func Convert_audit_PolicyRule_To_v1_PolicyRule Uses

func Convert_audit_PolicyRule_To_v1_PolicyRule(in *audit.PolicyRule, out *PolicyRule, s conversion.Scope) error

Convert_audit_PolicyRule_To_v1_PolicyRule is an autogenerated conversion function.

func Convert_audit_Policy_To_v1_Policy Uses

func Convert_audit_Policy_To_v1_Policy(in *audit.Policy, out *Policy, s conversion.Scope) error

Convert_audit_Policy_To_v1_Policy is an autogenerated conversion function.

func Convert_v1_EventList_To_audit_EventList Uses

func Convert_v1_EventList_To_audit_EventList(in *EventList, out *audit.EventList, s conversion.Scope) error

Convert_v1_EventList_To_audit_EventList is an autogenerated conversion function.

func Convert_v1_Event_To_audit_Event Uses

func Convert_v1_Event_To_audit_Event(in *Event, out *audit.Event, s conversion.Scope) error

Convert_v1_Event_To_audit_Event is an autogenerated conversion function.

func Convert_v1_GroupResources_To_audit_GroupResources Uses

func Convert_v1_GroupResources_To_audit_GroupResources(in *GroupResources, out *audit.GroupResources, s conversion.Scope) error

Convert_v1_GroupResources_To_audit_GroupResources is an autogenerated conversion function.

func Convert_v1_ObjectReference_To_audit_ObjectReference Uses

func Convert_v1_ObjectReference_To_audit_ObjectReference(in *ObjectReference, out *audit.ObjectReference, s conversion.Scope) error

Convert_v1_ObjectReference_To_audit_ObjectReference is an autogenerated conversion function.

func Convert_v1_PolicyList_To_audit_PolicyList Uses

func Convert_v1_PolicyList_To_audit_PolicyList(in *PolicyList, out *audit.PolicyList, s conversion.Scope) error

Convert_v1_PolicyList_To_audit_PolicyList is an autogenerated conversion function.

func Convert_v1_PolicyRule_To_audit_PolicyRule Uses

func Convert_v1_PolicyRule_To_audit_PolicyRule(in *PolicyRule, out *audit.PolicyRule, s conversion.Scope) error

Convert_v1_PolicyRule_To_audit_PolicyRule is an autogenerated conversion function.

func Convert_v1_Policy_To_audit_Policy Uses

func Convert_v1_Policy_To_audit_Policy(in *Policy, out *audit.Policy, s conversion.Scope) error

Convert_v1_Policy_To_audit_Policy is an autogenerated conversion function.

func RegisterConversions Uses

func RegisterConversions(s *runtime.Scheme) error

RegisterConversions adds conversion functions to the given scheme. Public to allow building arbitrary schemes.

func RegisterDefaults Uses

func RegisterDefaults(scheme *runtime.Scheme) error

RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.

func Resource Uses

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

type Event Uses

type Event struct {
    metav1.TypeMeta `json:",inline"`

    // AuditLevel at which event was generated
    Level Level `json:"level" protobuf:"bytes,1,opt,name=level,casttype=Level"`

    // Unique audit ID, generated for each request.
    AuditID types.UID `json:"auditID" protobuf:"bytes,2,opt,name=auditID,casttype=k8s.io/apimachinery/pkg/types.UID"`
    // Stage of the request handling when this event instance was generated.
    Stage Stage `json:"stage" protobuf:"bytes,3,opt,name=stage,casttype=Stage"`

    // RequestURI is the request URI as sent by the client to a server.
    RequestURI string `json:"requestURI" protobuf:"bytes,4,opt,name=requestURI"`
    // Verb is the kubernetes verb associated with the request.
    // For non-resource requests, this is the lower-cased HTTP method.
    Verb string `json:"verb" protobuf:"bytes,5,opt,name=verb"`
    // Authenticated user information.
    User authnv1.UserInfo `json:"user" protobuf:"bytes,6,opt,name=user"`
    // Impersonated user information.
    // +optional
    ImpersonatedUser *authnv1.UserInfo `json:"impersonatedUser,omitempty" protobuf:"bytes,7,opt,name=impersonatedUser"`
    // Source IPs, from where the request originated and intermediate proxies.
    // +optional
    SourceIPs []string `json:"sourceIPs,omitempty" protobuf:"bytes,8,rep,name=sourceIPs"`
    // UserAgent records the user agent string reported by the client.
    // Note that the UserAgent is provided by the client, and must not be trusted.
    // +optional
    UserAgent string `json:"userAgent,omitempty" protobuf:"bytes,16,opt,name=userAgent"`
    // Object reference this request is targeted at.
    // Does not apply for List-type requests, or non-resource requests.
    // +optional
    ObjectRef *ObjectReference `json:"objectRef,omitempty" protobuf:"bytes,9,opt,name=objectRef"`
    // The response status, populated even when the ResponseObject is not a Status type.
    // For successful responses, this will only include the Code and StatusSuccess.
    // For non-status type error responses, this will be auto-populated with the error Message.
    // +optional
    ResponseStatus *metav1.Status `json:"responseStatus,omitempty" protobuf:"bytes,10,opt,name=responseStatus"`

    // API object from the request, in JSON format. The RequestObject is recorded as-is in the request
    // (possibly re-encoded as JSON), prior to version conversion, defaulting, admission or
    // merging. It is an external versioned object type, and may not be a valid object on its own.
    // Omitted for non-resource requests.  Only logged at Request Level and higher.
    // +optional
    RequestObject *runtime.Unknown `json:"requestObject,omitempty" protobuf:"bytes,11,opt,name=requestObject"`
    // API object returned in the response, in JSON. The ResponseObject is recorded after conversion
    // to the external type, and serialized as JSON.  Omitted for non-resource requests.  Only logged
    // at Response Level.
    // +optional
    ResponseObject *runtime.Unknown `json:"responseObject,omitempty" protobuf:"bytes,12,opt,name=responseObject"`
    // Time the request reached the apiserver.
    // +optional
    RequestReceivedTimestamp metav1.MicroTime `json:"requestReceivedTimestamp" protobuf:"bytes,13,opt,name=requestReceivedTimestamp"`
    // Time the request reached current audit stage.
    // +optional
    StageTimestamp metav1.MicroTime `json:"stageTimestamp" protobuf:"bytes,14,opt,name=stageTimestamp"`

    // Annotations is an unstructured key value map stored with an audit event that may be set by
    // plugins invoked in the request serving chain, including authentication, authorization and
    // admission plugins. Note that these annotations are for the audit event, and do not correspond
    // to the metadata.annotations of the submitted object. Keys should uniquely identify the informing
    // component to avoid name collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values
    // should be short. Annotations are included in the Metadata level.
    // +optional
    Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,15,rep,name=annotations"`
}

Event captures all the information that can be included in an API audit log.

func (*Event) DeepCopy Uses

func (in *Event) DeepCopy() *Event

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Event.

func (*Event) DeepCopyInto Uses

func (in *Event) DeepCopyInto(out *Event)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Event) DeepCopyObject Uses

func (in *Event) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Event) Descriptor Uses

func (*Event) Descriptor() ([]byte, []int)

func (*Event) Marshal Uses

func (m *Event) Marshal() (dAtA []byte, err error)

func (*Event) MarshalTo Uses

func (m *Event) MarshalTo(dAtA []byte) (int, error)

func (*Event) MarshalToSizedBuffer Uses

func (m *Event) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Event) ProtoMessage Uses

func (*Event) ProtoMessage()

func (*Event) Reset Uses

func (m *Event) Reset()

func (*Event) Size Uses

func (m *Event) Size() (n int)

func (*Event) String Uses

func (this *Event) String() string

func (*Event) Unmarshal Uses

func (m *Event) Unmarshal(dAtA []byte) error

func (*Event) XXX_DiscardUnknown Uses

func (m *Event) XXX_DiscardUnknown()

func (*Event) XXX_Marshal Uses

func (m *Event) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Event) XXX_Merge Uses

func (m *Event) XXX_Merge(src proto.Message)

func (*Event) XXX_Size Uses

func (m *Event) XXX_Size() int

func (*Event) XXX_Unmarshal Uses

func (m *Event) XXX_Unmarshal(b []byte) error

type EventList Uses

type EventList struct {
    metav1.TypeMeta `json:",inline"`
    // +optional
    metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    Items []Event `json:"items" protobuf:"bytes,2,rep,name=items"`
}

EventList is a list of audit Events.

func (*EventList) DeepCopy Uses

func (in *EventList) DeepCopy() *EventList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventList.

func (*EventList) DeepCopyInto Uses

func (in *EventList) DeepCopyInto(out *EventList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EventList) DeepCopyObject Uses

func (in *EventList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*EventList) Descriptor Uses

func (*EventList) Descriptor() ([]byte, []int)

func (*EventList) Marshal Uses

func (m *EventList) Marshal() (dAtA []byte, err error)

func (*EventList) MarshalTo Uses

func (m *EventList) MarshalTo(dAtA []byte) (int, error)

func (*EventList) MarshalToSizedBuffer Uses

func (m *EventList) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*EventList) ProtoMessage Uses

func (*EventList) ProtoMessage()

func (*EventList) Reset Uses

func (m *EventList) Reset()

func (*EventList) Size Uses

func (m *EventList) Size() (n int)

func (*EventList) String Uses

func (this *EventList) String() string

func (*EventList) Unmarshal Uses

func (m *EventList) Unmarshal(dAtA []byte) error

func (*EventList) XXX_DiscardUnknown Uses

func (m *EventList) XXX_DiscardUnknown()

func (*EventList) XXX_Marshal Uses

func (m *EventList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EventList) XXX_Merge Uses

func (m *EventList) XXX_Merge(src proto.Message)

func (*EventList) XXX_Size Uses

func (m *EventList) XXX_Size() int

func (*EventList) XXX_Unmarshal Uses

func (m *EventList) XXX_Unmarshal(b []byte) error

type GroupResources Uses

type GroupResources struct {
    // Group is the name of the API group that contains the resources.
    // The empty string represents the core API group.
    // +optional
    Group string `json:"group,omitempty" protobuf:"bytes,1,opt,name=group"`
    // Resources is a list of resources this rule applies to.
    //
    // For example:
    // 'pods' matches pods.
    // 'pods/log' matches the log subresource of pods.
    // '*' matches all resources and their subresources.
    // 'pods/*' matches all subresources of pods.
    // '*/scale' matches all scale subresources.
    //
    // If wildcard is present, the validation rule will ensure resources do not
    // overlap with each other.
    //
    // An empty list implies all resources and subresources in this API groups apply.
    // +optional
    Resources []string `json:"resources,omitempty" protobuf:"bytes,2,rep,name=resources"`
    // ResourceNames is a list of resource instance names that the policy matches.
    // Using this field requires Resources to be specified.
    // An empty list implies that every instance of the resource is matched.
    // +optional
    ResourceNames []string `json:"resourceNames,omitempty" protobuf:"bytes,3,rep,name=resourceNames"`
}

GroupResources represents resource kinds in an API group.

func (*GroupResources) DeepCopy Uses

func (in *GroupResources) DeepCopy() *GroupResources

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupResources.

func (*GroupResources) DeepCopyInto Uses

func (in *GroupResources) DeepCopyInto(out *GroupResources)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GroupResources) Descriptor Uses

func (*GroupResources) Descriptor() ([]byte, []int)

func (*GroupResources) Marshal Uses

func (m *GroupResources) Marshal() (dAtA []byte, err error)

func (*GroupResources) MarshalTo Uses

func (m *GroupResources) MarshalTo(dAtA []byte) (int, error)

func (*GroupResources) MarshalToSizedBuffer Uses

func (m *GroupResources) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GroupResources) ProtoMessage Uses

func (*GroupResources) ProtoMessage()

func (*GroupResources) Reset Uses

func (m *GroupResources) Reset()

func (*GroupResources) Size Uses

func (m *GroupResources) Size() (n int)

func (*GroupResources) String Uses

func (this *GroupResources) String() string

func (*GroupResources) Unmarshal Uses

func (m *GroupResources) Unmarshal(dAtA []byte) error

func (*GroupResources) XXX_DiscardUnknown Uses

func (m *GroupResources) XXX_DiscardUnknown()

func (*GroupResources) XXX_Marshal Uses

func (m *GroupResources) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GroupResources) XXX_Merge Uses

func (m *GroupResources) XXX_Merge(src proto.Message)

func (*GroupResources) XXX_Size Uses

func (m *GroupResources) XXX_Size() int

func (*GroupResources) XXX_Unmarshal Uses

func (m *GroupResources) XXX_Unmarshal(b []byte) error

type Level Uses

type Level string

Level defines the amount of information logged during auditing

const (
    // LevelNone disables auditing
    LevelNone Level = "None"
    // LevelMetadata provides the basic level of auditing.
    LevelMetadata Level = "Metadata"
    // LevelRequest provides Metadata level of auditing, and additionally
    // logs the request object (does not apply for non-resource requests).
    LevelRequest Level = "Request"
    // LevelRequestResponse provides Request level of auditing, and additionally
    // logs the response object (does not apply for non-resource requests).
    LevelRequestResponse Level = "RequestResponse"
)

Valid audit levels

type ObjectReference Uses

type ObjectReference struct {
    // +optional
    Resource string `json:"resource,omitempty" protobuf:"bytes,1,opt,name=resource"`
    // +optional
    Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,opt,name=namespace"`
    // +optional
    Name string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"`
    // +optional
    UID types.UID `json:"uid,omitempty" protobuf:"bytes,4,opt,name=uid,casttype=k8s.io/apimachinery/pkg/types.UID"`
    // APIGroup is the name of the API group that contains the referred object.
    // The empty string represents the core API group.
    // +optional
    APIGroup string `json:"apiGroup,omitempty" protobuf:"bytes,5,opt,name=apiGroup"`
    // APIVersion is the version of the API group that contains the referred object.
    // +optional
    APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,6,opt,name=apiVersion"`
    // +optional
    ResourceVersion string `json:"resourceVersion,omitempty" protobuf:"bytes,7,opt,name=resourceVersion"`
    // +optional
    Subresource string `json:"subresource,omitempty" protobuf:"bytes,8,opt,name=subresource"`
}

ObjectReference contains enough information to let you inspect or modify the referred object.

func (*ObjectReference) DeepCopy Uses

func (in *ObjectReference) DeepCopy() *ObjectReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference.

func (*ObjectReference) DeepCopyInto Uses

func (in *ObjectReference) DeepCopyInto(out *ObjectReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ObjectReference) Descriptor Uses

func (*ObjectReference) Descriptor() ([]byte, []int)

func (*ObjectReference) Marshal Uses

func (m *ObjectReference) Marshal() (dAtA []byte, err error)

func (*ObjectReference) MarshalTo Uses

func (m *ObjectReference) MarshalTo(dAtA []byte) (int, error)

func (*ObjectReference) MarshalToSizedBuffer Uses

func (m *ObjectReference) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ObjectReference) ProtoMessage Uses

func (*ObjectReference) ProtoMessage()

func (*ObjectReference) Reset Uses

func (m *ObjectReference) Reset()

func (*ObjectReference) Size Uses

func (m *ObjectReference) Size() (n int)

func (*ObjectReference) String Uses

func (this *ObjectReference) String() string

func (*ObjectReference) Unmarshal Uses

func (m *ObjectReference) Unmarshal(dAtA []byte) error

func (*ObjectReference) XXX_DiscardUnknown Uses

func (m *ObjectReference) XXX_DiscardUnknown()

func (*ObjectReference) XXX_Marshal Uses

func (m *ObjectReference) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ObjectReference) XXX_Merge Uses

func (m *ObjectReference) XXX_Merge(src proto.Message)

func (*ObjectReference) XXX_Size Uses

func (m *ObjectReference) XXX_Size() int

func (*ObjectReference) XXX_Unmarshal Uses

func (m *ObjectReference) XXX_Unmarshal(b []byte) error

type Policy Uses

type Policy struct {
    metav1.TypeMeta `json:",inline"`
    // ObjectMeta is included for interoperability with API infrastructure.
    // +optional
    metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    // Rules specify the audit Level a request should be recorded at.
    // A request may match multiple rules, in which case the FIRST matching rule is used.
    // The default audit level is None, but can be overridden by a catch-all rule at the end of the list.
    // PolicyRules are strictly ordered.
    Rules []PolicyRule `json:"rules" protobuf:"bytes,2,rep,name=rules"`

    // OmitStages is a list of stages for which no events are created. Note that this can also
    // be specified per rule in which case the union of both are omitted.
    // +optional
    OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,3,rep,name=omitStages"`
}

Policy defines the configuration of audit logging, and the rules for how different request categories are logged.

func (*Policy) DeepCopy Uses

func (in *Policy) DeepCopy() *Policy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

func (*Policy) DeepCopyInto Uses

func (in *Policy) DeepCopyInto(out *Policy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Policy) DeepCopyObject Uses

func (in *Policy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Policy) Descriptor Uses

func (*Policy) Descriptor() ([]byte, []int)

func (*Policy) Marshal Uses

func (m *Policy) Marshal() (dAtA []byte, err error)

func (*Policy) MarshalTo Uses

func (m *Policy) MarshalTo(dAtA []byte) (int, error)

func (*Policy) MarshalToSizedBuffer Uses

func (m *Policy) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Policy) ProtoMessage Uses

func (*Policy) ProtoMessage()

func (*Policy) Reset Uses

func (m *Policy) Reset()

func (*Policy) Size Uses

func (m *Policy) Size() (n int)

func (*Policy) String Uses

func (this *Policy) String() string

func (*Policy) Unmarshal Uses

func (m *Policy) Unmarshal(dAtA []byte) error

func (*Policy) XXX_DiscardUnknown Uses

func (m *Policy) XXX_DiscardUnknown()

func (*Policy) XXX_Marshal Uses

func (m *Policy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Policy) XXX_Merge Uses

func (m *Policy) XXX_Merge(src proto.Message)

func (*Policy) XXX_Size Uses

func (m *Policy) XXX_Size() int

func (*Policy) XXX_Unmarshal Uses

func (m *Policy) XXX_Unmarshal(b []byte) error

type PolicyList Uses

type PolicyList struct {
    metav1.TypeMeta `json:",inline"`
    // +optional
    metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    Items []Policy `json:"items" protobuf:"bytes,2,rep,name=items"`
}

PolicyList is a list of audit Policies.

func (*PolicyList) DeepCopy Uses

func (in *PolicyList) DeepCopy() *PolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList.

func (*PolicyList) DeepCopyInto Uses

func (in *PolicyList) DeepCopyInto(out *PolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicyList) DeepCopyObject Uses

func (in *PolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PolicyList) Descriptor Uses

func (*PolicyList) Descriptor() ([]byte, []int)

func (*PolicyList) Marshal Uses

func (m *PolicyList) Marshal() (dAtA []byte, err error)

func (*PolicyList) MarshalTo Uses

func (m *PolicyList) MarshalTo(dAtA []byte) (int, error)

func (*PolicyList) MarshalToSizedBuffer Uses

func (m *PolicyList) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PolicyList) ProtoMessage Uses

func (*PolicyList) ProtoMessage()

func (*PolicyList) Reset Uses

func (m *PolicyList) Reset()

func (*PolicyList) Size Uses

func (m *PolicyList) Size() (n int)

func (*PolicyList) String Uses

func (this *PolicyList) String() string

func (*PolicyList) Unmarshal Uses

func (m *PolicyList) Unmarshal(dAtA []byte) error

func (*PolicyList) XXX_DiscardUnknown Uses

func (m *PolicyList) XXX_DiscardUnknown()

func (*PolicyList) XXX_Marshal Uses

func (m *PolicyList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PolicyList) XXX_Merge Uses

func (m *PolicyList) XXX_Merge(src proto.Message)

func (*PolicyList) XXX_Size Uses

func (m *PolicyList) XXX_Size() int

func (*PolicyList) XXX_Unmarshal Uses

func (m *PolicyList) XXX_Unmarshal(b []byte) error

type PolicyRule Uses

type PolicyRule struct {
    // The Level that requests matching this rule are recorded at.
    Level Level `json:"level" protobuf:"bytes,1,opt,name=level,casttype=Level"`

    // The users (by authenticated user name) this rule applies to.
    // An empty list implies every user.
    // +optional
    Users []string `json:"users,omitempty" protobuf:"bytes,2,rep,name=users"`
    // The user groups this rule applies to. A user is considered matching
    // if it is a member of any of the UserGroups.
    // An empty list implies every user group.
    // +optional
    UserGroups []string `json:"userGroups,omitempty" protobuf:"bytes,3,rep,name=userGroups"`

    // The verbs that match this rule.
    // An empty list implies every verb.
    // +optional
    Verbs []string `json:"verbs,omitempty" protobuf:"bytes,4,rep,name=verbs"`

    // Resources that this rule matches. An empty list implies all kinds in all API groups.
    // +optional
    Resources []GroupResources `json:"resources,omitempty" protobuf:"bytes,5,rep,name=resources"`
    // Namespaces that this rule matches.
    // The empty string "" matches non-namespaced resources.
    // An empty list implies every namespace.
    // +optional
    Namespaces []string `json:"namespaces,omitempty" protobuf:"bytes,6,rep,name=namespaces"`

    // NonResourceURLs is a set of URL paths that should be audited.
    // *s are allowed, but only as the full, final step in the path.
    // Examples:
    //  "/metrics" - Log requests for apiserver metrics
    //  "/healthz*" - Log all health checks
    // +optional
    NonResourceURLs []string `json:"nonResourceURLs,omitempty" protobuf:"bytes,7,rep,name=nonResourceURLs"`

    // OmitStages is a list of stages for which no events are created. Note that this can also
    // be specified policy wide in which case the union of both are omitted.
    // An empty list means no restrictions will apply.
    // +optional
    OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,8,rep,name=omitStages"`
}

PolicyRule maps requests based off metadata to an audit Level. Requests must match the rules of every field (an intersection of rules).

func (*PolicyRule) DeepCopy Uses

func (in *PolicyRule) DeepCopy() *PolicyRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRule.

func (*PolicyRule) DeepCopyInto Uses

func (in *PolicyRule) DeepCopyInto(out *PolicyRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicyRule) Descriptor Uses

func (*PolicyRule) Descriptor() ([]byte, []int)

func (*PolicyRule) Marshal Uses

func (m *PolicyRule) Marshal() (dAtA []byte, err error)

func (*PolicyRule) MarshalTo Uses

func (m *PolicyRule) MarshalTo(dAtA []byte) (int, error)

func (*PolicyRule) MarshalToSizedBuffer Uses

func (m *PolicyRule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PolicyRule) ProtoMessage Uses

func (*PolicyRule) ProtoMessage()

func (*PolicyRule) Reset Uses

func (m *PolicyRule) Reset()

func (*PolicyRule) Size Uses

func (m *PolicyRule) Size() (n int)

func (*PolicyRule) String Uses

func (this *PolicyRule) String() string

func (*PolicyRule) Unmarshal Uses

func (m *PolicyRule) Unmarshal(dAtA []byte) error

func (*PolicyRule) XXX_DiscardUnknown Uses

func (m *PolicyRule) XXX_DiscardUnknown()

func (*PolicyRule) XXX_Marshal Uses

func (m *PolicyRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PolicyRule) XXX_Merge Uses

func (m *PolicyRule) XXX_Merge(src proto.Message)

func (*PolicyRule) XXX_Size Uses

func (m *PolicyRule) XXX_Size() int

func (*PolicyRule) XXX_Unmarshal Uses

func (m *PolicyRule) XXX_Unmarshal(b []byte) error

type Stage Uses

type Stage string

Stage defines the stages in request handling that audit events may be generated.

Package v1 imports 16 packages (graph) and is imported by 60 packages. Updated 2019-09-24. Refresh now. Tools for package owners.