apiserver: k8s.io/apiserver/pkg/apis/audit/v1alpha1 Index | Files

package v1alpha1

import "k8s.io/apiserver/pkg/apis/audit/v1alpha1"

Index

Package Files

conversion.go doc.go generated.pb.go register.go types.go zz_generated.conversion.go zz_generated.deepcopy.go zz_generated.defaults.go

Constants

const (
    // The stage for events generated as soon as the audit handler receives the request, and before it
    // is delegated down the handler chain.
    StageRequestReceived = "RequestReceived"
    // The stage for events generated once the response headers are sent, but before the response body
    // is sent. This stage is only generated for long-running requests (e.g. watch).
    StageResponseStarted = "ResponseStarted"
    // The stage for events generated once the response body has been completed, and no more bytes
    // will be sent.
    StageResponseComplete = "ResponseComplete"
    // The stage for events generated when a panic occurred.
    StagePanic = "Panic"
)

Valid audit stages.

const GroupName = "audit.k8s.io"

GroupName is the group name use in this package

const (
    // Header to hold the audit ID as the request is propagated through the serving hierarchy. The
    // Audit-ID header should be set by the first server to receive the request (e.g. the federation
    // server or kube-aggregator).
    //
    // Audit ID is also returned to client by http response header.
    // It's not guaranteed Audit-Id http header is sent for all requests. When kube-apiserver didn't
    // audit the events according to the audit policy, no Audit-ID is returned. Also, for request to
    // pods/exec, pods/attach, pods/proxy, kube-apiserver works like a proxy and redirect the request
    // to kubelet node, users will only get http headers sent from kubelet node, so no Audit-ID is
    // sent when users run command like "kubectl exec" or "kubectl attach".
    HeaderAuditID = "Audit-ID"
)

Header keys used by the audit system.

Variables

var (
    ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling")
    ErrIntOverflowGenerated   = fmt.Errorf("proto: integer overflow")
)
var (
    SchemeBuilder runtime.SchemeBuilder

    AddToScheme = localSchemeBuilder.AddToScheme
)
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

SchemeGroupVersion is group version used to register these objects

func Convert_audit_EventList_To_v1alpha1_EventList Uses

func Convert_audit_EventList_To_v1alpha1_EventList(in *audit.EventList, out *EventList, s conversion.Scope) error

Convert_audit_EventList_To_v1alpha1_EventList is an autogenerated conversion function.

func Convert_audit_Event_To_v1alpha1_Event Uses

func Convert_audit_Event_To_v1alpha1_Event(in *audit.Event, out *Event, s conversion.Scope) error

func Convert_audit_GroupResources_To_v1alpha1_GroupResources Uses

func Convert_audit_GroupResources_To_v1alpha1_GroupResources(in *audit.GroupResources, out *GroupResources, s conversion.Scope) error

Convert_audit_GroupResources_To_v1alpha1_GroupResources is an autogenerated conversion function.

func Convert_audit_ObjectReference_To_v1alpha1_ObjectReference Uses

func Convert_audit_ObjectReference_To_v1alpha1_ObjectReference(in *audit.ObjectReference, out *ObjectReference, s conversion.Scope) error

func Convert_audit_PolicyList_To_v1alpha1_PolicyList Uses

func Convert_audit_PolicyList_To_v1alpha1_PolicyList(in *audit.PolicyList, out *PolicyList, s conversion.Scope) error

Convert_audit_PolicyList_To_v1alpha1_PolicyList is an autogenerated conversion function.

func Convert_audit_PolicyRule_To_v1alpha1_PolicyRule Uses

func Convert_audit_PolicyRule_To_v1alpha1_PolicyRule(in *audit.PolicyRule, out *PolicyRule, s conversion.Scope) error

Convert_audit_PolicyRule_To_v1alpha1_PolicyRule is an autogenerated conversion function.

func Convert_audit_Policy_To_v1alpha1_Policy Uses

func Convert_audit_Policy_To_v1alpha1_Policy(in *audit.Policy, out *Policy, s conversion.Scope) error

Convert_audit_Policy_To_v1alpha1_Policy is an autogenerated conversion function.

func Convert_v1alpha1_EventList_To_audit_EventList Uses

func Convert_v1alpha1_EventList_To_audit_EventList(in *EventList, out *audit.EventList, s conversion.Scope) error

Convert_v1alpha1_EventList_To_audit_EventList is an autogenerated conversion function.

func Convert_v1alpha1_Event_To_audit_Event Uses

func Convert_v1alpha1_Event_To_audit_Event(in *Event, out *audit.Event, s conversion.Scope) error

func Convert_v1alpha1_GroupResources_To_audit_GroupResources Uses

func Convert_v1alpha1_GroupResources_To_audit_GroupResources(in *GroupResources, out *audit.GroupResources, s conversion.Scope) error

Convert_v1alpha1_GroupResources_To_audit_GroupResources is an autogenerated conversion function.

func Convert_v1alpha1_ObjectReference_To_audit_ObjectReference Uses

func Convert_v1alpha1_ObjectReference_To_audit_ObjectReference(in *ObjectReference, out *audit.ObjectReference, s conversion.Scope) error

func Convert_v1alpha1_PolicyList_To_audit_PolicyList Uses

func Convert_v1alpha1_PolicyList_To_audit_PolicyList(in *PolicyList, out *audit.PolicyList, s conversion.Scope) error

Convert_v1alpha1_PolicyList_To_audit_PolicyList is an autogenerated conversion function.

func Convert_v1alpha1_PolicyRule_To_audit_PolicyRule Uses

func Convert_v1alpha1_PolicyRule_To_audit_PolicyRule(in *PolicyRule, out *audit.PolicyRule, s conversion.Scope) error

Convert_v1alpha1_PolicyRule_To_audit_PolicyRule is an autogenerated conversion function.

func Convert_v1alpha1_Policy_To_audit_Policy Uses

func Convert_v1alpha1_Policy_To_audit_Policy(in *Policy, out *audit.Policy, s conversion.Scope) error

Convert_v1alpha1_Policy_To_audit_Policy is an autogenerated conversion function.

func RegisterConversions Uses

func RegisterConversions(s *runtime.Scheme) error

RegisterConversions adds conversion functions to the given scheme. Public to allow building arbitrary schemes.

func RegisterDefaults Uses

func RegisterDefaults(scheme *runtime.Scheme) error

RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.

func Resource Uses

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

type Event Uses

type Event struct {
    metav1.TypeMeta `json:",inline"`
    // ObjectMeta is included for interoperability with API infrastructure.
    // +optional
    metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    // AuditLevel at which event was generated
    Level Level `json:"level" protobuf:"bytes,2,opt,name=level,casttype=Level"`

    // Time the request reached the apiserver.
    Timestamp metav1.Time `json:"timestamp" protobuf:"bytes,3,opt,name=timestamp"`
    // Unique audit ID, generated for each request.
    AuditID types.UID `json:"auditID" protobuf:"bytes,4,opt,name=auditID,casttype=k8s.io/apimachinery/pkg/types.UID"`
    // Stage of the request handling when this event instance was generated.
    Stage Stage `json:"stage" protobuf:"bytes,5,opt,name=stage,casttype=Stage"`

    // RequestURI is the request URI as sent by the client to a server.
    RequestURI string `json:"requestURI" protobuf:"bytes,6,opt,name=requestURI"`
    // Verb is the kubernetes verb associated with the request.
    // For non-resource requests, this is the lower-cased HTTP method.
    Verb string `json:"verb" protobuf:"bytes,7,opt,name=verb"`
    // Authenticated user information.
    User authnv1.UserInfo `json:"user" protobuf:"bytes,8,opt,name=user"`
    // Impersonated user information.
    // +optional
    ImpersonatedUser *authnv1.UserInfo `json:"impersonatedUser,omitempty" protobuf:"bytes,9,opt,name=impersonatedUser"`
    // Source IPs, from where the request originated and intermediate proxies.
    // +optional
    SourceIPs []string `json:"sourceIPs,omitempty" protobuf:"bytes,10,rep,name=sourceIPs"`
    // UserAgent records the user agent string reported by the client.
    // Note that the UserAgent is provided by the client, and must not be trusted.
    // +optional
    UserAgent string `json:"userAgent,omitempty" protobuf:"bytes,18,opt,name=userAgent"`
    // Object reference this request is targeted at.
    // Does not apply for List-type requests, or non-resource requests.
    // +optional
    ObjectRef *ObjectReference `json:"objectRef,omitempty" protobuf:"bytes,11,opt,name=objectRef"`
    // The response status, populated even when the ResponseObject is not a Status type.
    // For successful responses, this will only include the Code and StatusSuccess.
    // For non-status type error responses, this will be auto-populated with the error Message.
    // +optional
    ResponseStatus *metav1.Status `json:"responseStatus,omitempty" protobuf:"bytes,12,opt,name=responseStatus"`

    // API object from the request, in JSON format. The RequestObject is recorded as-is in the request
    // (possibly re-encoded as JSON), prior to version conversion, defaulting, admission or
    // merging. It is an external versioned object type, and may not be a valid object on its own.
    // Omitted for non-resource requests.  Only logged at Request Level and higher.
    // +optional
    RequestObject *runtime.Unknown `json:"requestObject,omitempty" protobuf:"bytes,13,opt,name=requestObject"`
    // API object returned in the response, in JSON. The ResponseObject is recorded after conversion
    // to the external type, and serialized as JSON.  Omitted for non-resource requests.  Only logged
    // at Response Level.
    // +optional
    ResponseObject *runtime.Unknown `json:"responseObject,omitempty" protobuf:"bytes,14,opt,name=responseObject"`
    // Time the request reached the apiserver.
    // +optional
    RequestReceivedTimestamp metav1.MicroTime `json:"requestReceivedTimestamp" protobuf:"bytes,15,opt,name=requestReceivedTimestamp"`
    // Time the request reached current audit stage.
    // +optional
    StageTimestamp metav1.MicroTime `json:"stageTimestamp" protobuf:"bytes,16,opt,name=stageTimestamp"`

    // Annotations is an unstructured key value map stored with an audit event that may be set by
    // plugins invoked in the request serving chain, including authentication, authorization and
    // admission plugins. Note that these annotations are for the audit event, and do not correspond
    // to the metadata.annotations of the submitted object. Keys should uniquely identify the informing
    // component to avoid name collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values
    // should be short. Annotations are included in the Metadata level.
    // +optional
    Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,17,rep,name=annotations"`
}

Event captures all the information that can be included in an API audit log.

func (*Event) DeepCopy Uses

func (in *Event) DeepCopy() *Event

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Event.

func (*Event) DeepCopyInto Uses

func (in *Event) DeepCopyInto(out *Event)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Event) DeepCopyObject Uses

func (in *Event) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Event) Descriptor Uses

func (*Event) Descriptor() ([]byte, []int)

func (*Event) Marshal Uses

func (m *Event) Marshal() (dAtA []byte, err error)

func (*Event) MarshalTo Uses

func (m *Event) MarshalTo(dAtA []byte) (int, error)

func (*Event) MarshalToSizedBuffer Uses

func (m *Event) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Event) ProtoMessage Uses

func (*Event) ProtoMessage()

func (*Event) Reset Uses

func (m *Event) Reset()

func (*Event) Size Uses

func (m *Event) Size() (n int)

func (*Event) String Uses

func (this *Event) String() string

func (*Event) Unmarshal Uses

func (m *Event) Unmarshal(dAtA []byte) error

func (*Event) XXX_DiscardUnknown Uses

func (m *Event) XXX_DiscardUnknown()

func (*Event) XXX_Marshal Uses

func (m *Event) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Event) XXX_Merge Uses

func (m *Event) XXX_Merge(src proto.Message)

func (*Event) XXX_Size Uses

func (m *Event) XXX_Size() int

func (*Event) XXX_Unmarshal Uses

func (m *Event) XXX_Unmarshal(b []byte) error

type EventList Uses

type EventList struct {
    metav1.TypeMeta `json:",inline"`
    // +optional
    metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    Items []Event `json:"items" protobuf:"bytes,2,rep,name=items"`
}

EventList is a list of audit Events.

func (*EventList) DeepCopy Uses

func (in *EventList) DeepCopy() *EventList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventList.

func (*EventList) DeepCopyInto Uses

func (in *EventList) DeepCopyInto(out *EventList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EventList) DeepCopyObject Uses

func (in *EventList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*EventList) Descriptor Uses

func (*EventList) Descriptor() ([]byte, []int)

func (*EventList) Marshal Uses

func (m *EventList) Marshal() (dAtA []byte, err error)

func (*EventList) MarshalTo Uses

func (m *EventList) MarshalTo(dAtA []byte) (int, error)

func (*EventList) MarshalToSizedBuffer Uses

func (m *EventList) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*EventList) ProtoMessage Uses

func (*EventList) ProtoMessage()

func (*EventList) Reset Uses

func (m *EventList) Reset()

func (*EventList) Size Uses

func (m *EventList) Size() (n int)

func (*EventList) String Uses

func (this *EventList) String() string

func (*EventList) Unmarshal Uses

func (m *EventList) Unmarshal(dAtA []byte) error

func (*EventList) XXX_DiscardUnknown Uses

func (m *EventList) XXX_DiscardUnknown()

func (*EventList) XXX_Marshal Uses

func (m *EventList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EventList) XXX_Merge Uses

func (m *EventList) XXX_Merge(src proto.Message)

func (*EventList) XXX_Size Uses

func (m *EventList) XXX_Size() int

func (*EventList) XXX_Unmarshal Uses

func (m *EventList) XXX_Unmarshal(b []byte) error

type GroupResources Uses

type GroupResources struct {
    // Group is the name of the API group that contains the resources.
    // The empty string represents the core API group.
    // +optional
    Group string `json:"group,omitempty" protobuf:"bytes,1,opt,name=group"`
    // Resources is a list of resources this rule applies to.
    //
    // For example:
    // 'pods' matches pods.
    // 'pods/log' matches the log subresource of pods.
    // '*' matches all resources and their subresources.
    // 'pods/*' matches all subresources of pods.
    // '*/scale' matches all scale subresources.
    //
    // If wildcard is present, the validation rule will ensure resources do not
    // overlap with each other.
    //
    // An empty list implies all resources and subresources in this API groups apply.
    // +optional
    Resources []string `json:"resources,omitempty" protobuf:"bytes,2,rep,name=resources"`
    // ResourceNames is a list of resource instance names that the policy matches.
    // Using this field requires Resources to be specified.
    // An empty list implies that every instance of the resource is matched.
    // +optional
    ResourceNames []string `json:"resourceNames,omitempty" protobuf:"bytes,3,rep,name=resourceNames"`
}

GroupResources represents resource kinds in an API group.

func (*GroupResources) DeepCopy Uses

func (in *GroupResources) DeepCopy() *GroupResources

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupResources.

func (*GroupResources) DeepCopyInto Uses

func (in *GroupResources) DeepCopyInto(out *GroupResources)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GroupResources) Descriptor Uses

func (*GroupResources) Descriptor() ([]byte, []int)

func (*GroupResources) Marshal Uses

func (m *GroupResources) Marshal() (dAtA []byte, err error)

func (*GroupResources) MarshalTo Uses

func (m *GroupResources) MarshalTo(dAtA []byte) (int, error)

func (*GroupResources) MarshalToSizedBuffer Uses

func (m *GroupResources) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GroupResources) ProtoMessage Uses

func (*GroupResources) ProtoMessage()

func (*GroupResources) Reset Uses

func (m *GroupResources) Reset()

func (*GroupResources) Size Uses

func (m *GroupResources) Size() (n int)

func (*GroupResources) String Uses

func (this *GroupResources) String() string

func (*GroupResources) Unmarshal Uses

func (m *GroupResources) Unmarshal(dAtA []byte) error

func (*GroupResources) XXX_DiscardUnknown Uses

func (m *GroupResources) XXX_DiscardUnknown()

func (*GroupResources) XXX_Marshal Uses

func (m *GroupResources) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GroupResources) XXX_Merge Uses

func (m *GroupResources) XXX_Merge(src proto.Message)

func (*GroupResources) XXX_Size Uses

func (m *GroupResources) XXX_Size() int

func (*GroupResources) XXX_Unmarshal Uses

func (m *GroupResources) XXX_Unmarshal(b []byte) error

type Level Uses

type Level string

Level defines the amount of information logged during auditing

const (
    // LevelNone disables auditing
    LevelNone Level = "None"
    // LevelMetadata provides the basic level of auditing.
    LevelMetadata Level = "Metadata"
    // LevelRequest provides Metadata level of auditing, and additionally
    // logs the request object (does not apply for non-resource requests).
    LevelRequest Level = "Request"
    // LevelRequestResponse provides Request level of auditing, and additionally
    // logs the response object (does not apply for non-resource requests).
    LevelRequestResponse Level = "RequestResponse"
)

Valid audit levels

type ObjectReference Uses

type ObjectReference struct {
    // +optional
    Resource string `json:"resource,omitempty" protobuf:"bytes,1,opt,name=resource"`
    // +optional
    Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,opt,name=namespace"`
    // +optional
    Name string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"`
    // +optional
    UID types.UID `json:"uid,omitempty" protobuf:"bytes,4,opt,name=uid,casttype=k8s.io/apimachinery/pkg/types.UID"`
    // +optional
    APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,5,opt,name=apiVersion"`
    // +optional
    ResourceVersion string `json:"resourceVersion,omitempty" protobuf:"bytes,6,opt,name=resourceVersion"`
    // +optional
    Subresource string `json:"subresource,omitempty" protobuf:"bytes,7,opt,name=subresource"`
}

ObjectReference contains enough information to let you inspect or modify the referred object.

func (*ObjectReference) DeepCopy Uses

func (in *ObjectReference) DeepCopy() *ObjectReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference.

func (*ObjectReference) DeepCopyInto Uses

func (in *ObjectReference) DeepCopyInto(out *ObjectReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ObjectReference) Descriptor Uses

func (*ObjectReference) Descriptor() ([]byte, []int)

func (*ObjectReference) Marshal Uses

func (m *ObjectReference) Marshal() (dAtA []byte, err error)

func (*ObjectReference) MarshalTo Uses

func (m *ObjectReference) MarshalTo(dAtA []byte) (int, error)

func (*ObjectReference) MarshalToSizedBuffer Uses

func (m *ObjectReference) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ObjectReference) ProtoMessage Uses

func (*ObjectReference) ProtoMessage()

func (*ObjectReference) Reset Uses

func (m *ObjectReference) Reset()

func (*ObjectReference) Size Uses

func (m *ObjectReference) Size() (n int)

func (*ObjectReference) String Uses

func (this *ObjectReference) String() string

func (*ObjectReference) Unmarshal Uses

func (m *ObjectReference) Unmarshal(dAtA []byte) error

func (*ObjectReference) XXX_DiscardUnknown Uses

func (m *ObjectReference) XXX_DiscardUnknown()

func (*ObjectReference) XXX_Marshal Uses

func (m *ObjectReference) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ObjectReference) XXX_Merge Uses

func (m *ObjectReference) XXX_Merge(src proto.Message)

func (*ObjectReference) XXX_Size Uses

func (m *ObjectReference) XXX_Size() int

func (*ObjectReference) XXX_Unmarshal Uses

func (m *ObjectReference) XXX_Unmarshal(b []byte) error

type Policy Uses

type Policy struct {
    metav1.TypeMeta `json:",inline"`
    // ObjectMeta is included for interoperability with API infrastructure.
    // +optional
    metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    // Rules specify the audit Level a request should be recorded at.
    // A request may match multiple rules, in which case the FIRST matching rule is used.
    // The default audit level is None, but can be overridden by a catch-all rule at the end of the list.
    // PolicyRules are strictly ordered.
    Rules []PolicyRule `json:"rules" protobuf:"bytes,2,rep,name=rules"`

    // OmitStages is a list of stages for which no events are created. Note that this can also
    // be specified per rule in which case the union of both are omitted.
    // +optional
    OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,3,rep,name=omitStages"`
}

Policy defines the configuration of audit logging, and the rules for how different request categories are logged.

func (*Policy) DeepCopy Uses

func (in *Policy) DeepCopy() *Policy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

func (*Policy) DeepCopyInto Uses

func (in *Policy) DeepCopyInto(out *Policy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Policy) DeepCopyObject Uses

func (in *Policy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Policy) Descriptor Uses

func (*Policy) Descriptor() ([]byte, []int)

func (*Policy) Marshal Uses

func (m *Policy) Marshal() (dAtA []byte, err error)

func (*Policy) MarshalTo Uses

func (m *Policy) MarshalTo(dAtA []byte) (int, error)

func (*Policy) MarshalToSizedBuffer Uses

func (m *Policy) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Policy) ProtoMessage Uses

func (*Policy) ProtoMessage()

func (*Policy) Reset Uses

func (m *Policy) Reset()

func (*Policy) Size Uses

func (m *Policy) Size() (n int)

func (*Policy) String Uses

func (this *Policy) String() string

func (*Policy) Unmarshal Uses

func (m *Policy) Unmarshal(dAtA []byte) error

func (*Policy) XXX_DiscardUnknown Uses

func (m *Policy) XXX_DiscardUnknown()

func (*Policy) XXX_Marshal Uses

func (m *Policy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Policy) XXX_Merge Uses

func (m *Policy) XXX_Merge(src proto.Message)

func (*Policy) XXX_Size Uses

func (m *Policy) XXX_Size() int

func (*Policy) XXX_Unmarshal Uses

func (m *Policy) XXX_Unmarshal(b []byte) error

type PolicyList Uses

type PolicyList struct {
    metav1.TypeMeta `json:",inline"`
    // +optional
    metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

    Items []Policy `json:"items" protobuf:"bytes,2,rep,name=items"`
}

PolicyList is a list of audit Policies.

func (*PolicyList) DeepCopy Uses

func (in *PolicyList) DeepCopy() *PolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList.

func (*PolicyList) DeepCopyInto Uses

func (in *PolicyList) DeepCopyInto(out *PolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicyList) DeepCopyObject Uses

func (in *PolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PolicyList) Descriptor Uses

func (*PolicyList) Descriptor() ([]byte, []int)

func (*PolicyList) Marshal Uses

func (m *PolicyList) Marshal() (dAtA []byte, err error)

func (*PolicyList) MarshalTo Uses

func (m *PolicyList) MarshalTo(dAtA []byte) (int, error)

func (*PolicyList) MarshalToSizedBuffer Uses

func (m *PolicyList) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PolicyList) ProtoMessage Uses

func (*PolicyList) ProtoMessage()

func (*PolicyList) Reset Uses

func (m *PolicyList) Reset()

func (*PolicyList) Size Uses

func (m *PolicyList) Size() (n int)

func (*PolicyList) String Uses

func (this *PolicyList) String() string

func (*PolicyList) Unmarshal Uses

func (m *PolicyList) Unmarshal(dAtA []byte) error

func (*PolicyList) XXX_DiscardUnknown Uses

func (m *PolicyList) XXX_DiscardUnknown()

func (*PolicyList) XXX_Marshal Uses

func (m *PolicyList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PolicyList) XXX_Merge Uses

func (m *PolicyList) XXX_Merge(src proto.Message)

func (*PolicyList) XXX_Size Uses

func (m *PolicyList) XXX_Size() int

func (*PolicyList) XXX_Unmarshal Uses

func (m *PolicyList) XXX_Unmarshal(b []byte) error

type PolicyRule Uses

type PolicyRule struct {
    // The Level that requests matching this rule are recorded at.
    Level Level `json:"level" protobuf:"bytes,1,opt,name=level,casttype=Level"`

    // The users (by authenticated user name) this rule applies to.
    // An empty list implies every user.
    // +optional
    Users []string `json:"users,omitempty" protobuf:"bytes,2,rep,name=users"`
    // The user groups this rule applies to. A user is considered matching
    // if it is a member of any of the UserGroups.
    // An empty list implies every user group.
    // +optional
    UserGroups []string `json:"userGroups,omitempty" protobuf:"bytes,3,rep,name=userGroups"`

    // The verbs that match this rule.
    // An empty list implies every verb.
    // +optional
    Verbs []string `json:"verbs,omitempty" protobuf:"bytes,4,rep,name=verbs"`

    // Resources that this rule matches. An empty list implies all kinds in all API groups.
    // +optional
    Resources []GroupResources `json:"resources,omitempty" protobuf:"bytes,5,rep,name=resources"`
    // Namespaces that this rule matches.
    // The empty string "" matches non-namespaced resources.
    // An empty list implies every namespace.
    // +optional
    Namespaces []string `json:"namespaces,omitempty" protobuf:"bytes,6,rep,name=namespaces"`

    // NonResourceURLs is a set of URL paths that should be audited.
    // *s are allowed, but only as the full, final step in the path.
    // Examples:
    //  "/metrics" - Log requests for apiserver metrics
    //  "/healthz*" - Log all health checks
    // +optional
    NonResourceURLs []string `json:"nonResourceURLs,omitempty" protobuf:"bytes,7,rep,name=nonResourceURLs"`

    // OmitStages is a list of stages for which no events are created. Note that this can also
    // be specified policy wide in which case the union of both are omitted.
    // An empty list means no restrictions will apply.
    // +optional
    OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,8,rep,name=omitStages"`
}

PolicyRule maps requests based off metadata to an audit Level. Requests must match the rules of every field (an intersection of rules).

func (*PolicyRule) DeepCopy Uses

func (in *PolicyRule) DeepCopy() *PolicyRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRule.

func (*PolicyRule) DeepCopyInto Uses

func (in *PolicyRule) DeepCopyInto(out *PolicyRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicyRule) Descriptor Uses

func (*PolicyRule) Descriptor() ([]byte, []int)

func (*PolicyRule) Marshal Uses

func (m *PolicyRule) Marshal() (dAtA []byte, err error)

func (*PolicyRule) MarshalTo Uses

func (m *PolicyRule) MarshalTo(dAtA []byte) (int, error)

func (*PolicyRule) MarshalToSizedBuffer Uses

func (m *PolicyRule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PolicyRule) ProtoMessage Uses

func (*PolicyRule) ProtoMessage()

func (*PolicyRule) Reset Uses

func (m *PolicyRule) Reset()

func (*PolicyRule) Size Uses

func (m *PolicyRule) Size() (n int)

func (*PolicyRule) String Uses

func (this *PolicyRule) String() string

func (*PolicyRule) Unmarshal Uses

func (m *PolicyRule) Unmarshal(dAtA []byte) error

func (*PolicyRule) XXX_DiscardUnknown Uses

func (m *PolicyRule) XXX_DiscardUnknown()

func (*PolicyRule) XXX_Marshal Uses

func (m *PolicyRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PolicyRule) XXX_Merge Uses

func (m *PolicyRule) XXX_Merge(src proto.Message)

func (*PolicyRule) XXX_Size Uses

func (m *PolicyRule) XXX_Size() int

func (*PolicyRule) XXX_Unmarshal Uses

func (m *PolicyRule) XXX_Unmarshal(b []byte) error

type Stage Uses

type Stage string

Stage defines the stages in request handling that audit events may be generated.

Package v1alpha1 imports 16 packages (graph) and is imported by 7 packages. Updated 2019-12-02. Refresh now. Tools for package owners.