apiserver: k8s.io/apiserver/pkg/audit Index | Files | Directories

package audit

import "k8s.io/apiserver/pkg/audit"

TODO: Delete this file if we generate a clientset.

Index

Package Files

context.go format.go metrics.go request.go scheme.go types.go union.go

Variables

var (
    ApiserverAuditDroppedCounter = metrics.NewCounter(
        &metrics.CounterOpts{
            Subsystem: subsystem,
            Name:      "requests_rejected_total",
            Help: "Counter of apiserver requests rejected due to an error " +
                "in audit logging backend.",
            StabilityLevel: metrics.ALPHA,
        },
    )
)

* By default, all the following metrics are defined as falling under * ALPHA stability level https://github.com/kubernetes/enhancements/blob/master/keps/sig-instrumentation/20190404-kubernetes-control-plane-metrics-stability.md#stability-classes) * * Promoting the stability level of the metric is a responsibility of the component owner, since it * involves explicitly acknowledging support for the metric across multiple releases, in accordance with * the metric stability policy.

var Codecs = serializer.NewCodecFactory(Scheme)
var Scheme = runtime.NewScheme()

func AddAuditAnnotation Uses

func AddAuditAnnotation(ctx context.Context, key, value string)

AddAuditAnnotation sets the audit annotation for the given key, value pair. It is safe to call at most parts of request flow that come after WithAuditAnnotations. The notable exception being that this function must not be called via a defer statement (i.e. after ServeHTTP) in a handler that runs before WithAudit as at that point the audit event has already been sent to the audit sink. Handlers that are unaware of their position in the overall request flow should prefer AddAuditAnnotation over LogAnnotation to avoid dropping annotations.

func EventString Uses

func EventString(ev *auditinternal.Event) string

EventString creates a 1-line text representation of an audit event, using a subset of the information in the event struct.

func HandlePluginError Uses

func HandlePluginError(plugin string, err error, impacted ...*auditinternal.Event)

HandlePluginError handles an error that occurred in an audit plugin. This method should only be used if the error may have prevented the audit event from being properly recorded. The events are logged to the debug log.

func LogAnnotation Uses

func LogAnnotation(ae *auditinternal.Event, key, value string)

LogAnnotation fills in the Annotations according to the key value pair.

func LogImpersonatedUser Uses

func LogImpersonatedUser(ae *auditinternal.Event, user user.Info)

LogImpersonatedUser fills in the impersonated user attributes into an audit event.

func LogRequestObject Uses

func LogRequestObject(ae *auditinternal.Event, obj runtime.Object, gvr schema.GroupVersionResource, subresource string, s runtime.NegotiatedSerializer)

LogRequestObject fills in the request object into an audit event. The passed runtime.Object will be converted to the given gv.

func LogRequestPatch Uses

func LogRequestPatch(ae *auditinternal.Event, patch []byte)

LogRequestPatch fills in the given patch as the request object into an audit event.

func LogResponseObject Uses

func LogResponseObject(ae *auditinternal.Event, obj runtime.Object, gv schema.GroupVersion, s runtime.NegotiatedSerializer)

LogResponseObject fills in the response object into an audit event. The passed runtime.Object will be converted to the given gv.

func NewEventFromRequest Uses

func NewEventFromRequest(req *http.Request, level auditinternal.Level, attribs authorizer.Attributes) (*auditinternal.Event, error)

func ObserveEvent Uses

func ObserveEvent()

ObserveEvent updates the relevant prometheus metrics for the generated audit event.

func ObservePolicyLevel Uses

func ObservePolicyLevel(level auditinternal.Level)

ObservePolicyLevel updates the relevant prometheus metrics with the audit level for a request.

func WithAuditAnnotations Uses

func WithAuditAnnotations(parent context.Context) context.Context

WithAuditAnnotations returns a new context that can store audit annotations via the AddAuditAnnotation function. This function is meant to be called from an early request handler to allow all later layers to set audit annotations. This is required to support flows where handlers that come before WithAudit (such as WithAuthentication) wish to set audit annotations.

type Backend Uses

type Backend interface {
    Sink

    // Run will initialize the backend. It must not block, but may run go routines in the background. If
    // stopCh is closed, it is supposed to stop them. Run will be called before the first call to ProcessEvents.
    Run(stopCh <-chan struct{}) error

    // Shutdown will synchronously shut down the backend while making sure that all pending
    // events are delivered. It can be assumed that this method is called after
    // the stopCh channel passed to the Run method has been closed.
    Shutdown()

    // Returns the backend PluginName.
    String() string
}

func Union Uses

func Union(backends ...Backend) Backend

Union returns an audit Backend which logs events to a set of backends. The returned Sink implementation blocks in turn for each call to ProcessEvents.

type Sink Uses

type Sink interface {
    // ProcessEvents handles events. Per audit ID it might be that ProcessEvents is called up to three times.
    // Errors might be logged by the sink itself. If an error should be fatal, leading to an internal
    // error, ProcessEvents is supposed to panic. The event must not be mutated and is reused by the caller
    // after the call returns, i.e. the sink has to make a deepcopy to keep a copy around if necessary.
    // Returns true on success, may return false on error.
    ProcessEvents(events ...*auditinternal.Event) bool
}

Directories

PathSynopsis
event
policy
util

Package audit imports 29 packages (graph) and is imported by 53 packages. Updated 2020-05-30. Refresh now. Tools for package owners.