Skip to content

Commit

Permalink
Merge pull request #49280 from CaoShuFeng/RequestReceived
Browse files Browse the repository at this point in the history 
Automatic merge from submit-queue

Provide a way to omit Event stages in audit policy

This provide a way to omit some stages for each audit policy rule.
    
For example:

    ```
      apiVersion: audit.k8s.io/v1beta1
      kind: Policy
      - level: Metadata
        resources:
           - group: "rbac.authorization.k8s.io"
             resources: ["roles"]
        omitStages:
          - "RequestReceived"
    ```
    
RequestReceived stage will not be emitted to audit backends with previous config.


**Release note**:

```
None
```
#
  • Loading branch information
Kubernetes Submit Queue authored Sep 4, 2017
2 parents ffed1d3 + b50acbd commit 9d29ce1
Show file tree
Hide file tree
Showing 21 changed files with 552 additions and 232 deletions.
4 changes: 4 additions & 0 deletions staging/src/k8s.io/apiserver/pkg/apis/audit/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,10 @@ type PolicyRule struct {
// "/healthz*" - Log all health checks
// +optional
NonResourceURLs []string

// OmitStages specify events generated in which stages will not be emitted to backend.
// An empty list means no restrictions will apply.
OmitStages []Stage
}

// GroupResources represents resource kinds in an API group.
Expand Down
194 changes: 123 additions & 71 deletions staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1/generated.pb.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1/generated.proto
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,10 @@ type PolicyRule struct {
// "/healthz*" - Log all health checks
// +optional
NonResourceURLs []string `json:"nonResourceURLs,omitempty" protobuf:"bytes,7,rep,name=nonResourceURLs"`

// OmitStages specify events generated in which stages will not be emitted to backend.
// An empty list means no restrictions will apply.
OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,8,rep,name=omitStages"`
}

// GroupResources represents resource kinds in an API group.
Expand Down
2 changes: 2 additions & 0 deletions staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1/zz_generated.conversion.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -264,6 +264,7 @@ func autoConvert_v1alpha1_PolicyRule_To_audit_PolicyRule(in *PolicyRule, out *au
out.Resources = *(*[]audit.GroupResources)(unsafe.Pointer(&in.Resources))
out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces))
out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs))
out.OmitStages = *(*[]audit.Stage)(unsafe.Pointer(&in.OmitStages))
return nil
}

Expand All @@ -280,6 +281,7 @@ func autoConvert_audit_PolicyRule_To_v1alpha1_PolicyRule(in *audit.PolicyRule, o
out.Resources = *(*[]GroupResources)(unsafe.Pointer(&in.Resources))
out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces))
out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs))
out.OmitStages = *(*[]Stage)(unsafe.Pointer(&in.OmitStages))
return nil
}

Expand Down
5 changes: 5 additions & 0 deletions staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1/zz_generated.deepcopy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,11 @@ func (in *PolicyRule) DeepCopyInto(out *PolicyRule) {
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.OmitStages != nil {
in, out := &in.OmitStages, &out.OmitStages
*out = make([]Stage, len(*in))
copy(*out, *in)
}
return
}

Expand Down
Loading

0 comments on commit 9d29ce1

Please sign in to comment.