Documentation

Overview

    Package v1alpha1 is a generated protocol buffer package.

    It is generated from these files:

    k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/apis/audit/v1alpha1/generated.proto
    

    It has these top-level messages:

    Event
    EventList
    GroupResources
    ObjectReference
    Policy
    PolicyList
    PolicyRule
    

    Index

    Constants

    View Source
    const (
    	// The stage for events generated as soon as the audit handler receives the request, and before it
    	// is delegated down the handler chain.
    	StageRequestReceived = "RequestReceived"
    	// The stage for events generated once the response headers are sent, but before the response body
    	// is sent. This stage is only generated for long-running requests (e.g. watch).
    	StageResponseStarted = "ResponseStarted"
    	// The stage for events generated once the response body has been completed, and no more bytes
    	// will be sent.
    	StageResponseComplete = "ResponseComplete"
    	// The stage for events generated when a panic occurred.
    	StagePanic = "Panic"
    )

      Valid audit stages.

      View Source
      const GroupName = "audit.k8s.io"

        GroupName is the group name use in this package

        View Source
        const (
        	// Header to hold the audit ID as the request is propagated through the serving hierarchy. The
        	// Audit-ID header should be set by the first server to receive the request (e.g. the federation
        	// server or kube-aggregator).
        	//
        	// Audit ID is also returned to client by http response header.
        	// It's not guaranteed Audit-Id http header is sent for all requests. When kube-apiserver didn't
        	// audit the events according to the audit policy, no Audit-ID is returned. Also, for request to
        	// pods/exec, pods/attach, pods/proxy, kube-apiserver works like a proxy and redirect the request
        	// to kubelet node, users will only get http headers sent from kubelet node, so no Audit-ID is
        	// sent when users run command like "kubectl exec" or "kubectl attach".
        	HeaderAuditID = "Audit-ID"
        )

          Header keys used by the audit system.

          Variables

          View Source
          var (
          	ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling")
          	ErrIntOverflowGenerated   = fmt.Errorf("proto: integer overflow")
          )
          View Source
          var (
          	SchemeBuilder runtime.SchemeBuilder
          
          	AddToScheme = localSchemeBuilder.AddToScheme
          )
          View Source
          var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

            SchemeGroupVersion is group version used to register these objects

            Functions

            func Convert_audit_EventList_To_v1alpha1_EventList

            func Convert_audit_EventList_To_v1alpha1_EventList(in *audit.EventList, out *EventList, s conversion.Scope) error

              Convert_audit_EventList_To_v1alpha1_EventList is an autogenerated conversion function.

              func Convert_audit_Event_To_v1alpha1_Event

              func Convert_audit_Event_To_v1alpha1_Event(in *audit.Event, out *Event, s conversion.Scope) error

              func Convert_audit_GroupResources_To_v1alpha1_GroupResources

              func Convert_audit_GroupResources_To_v1alpha1_GroupResources(in *audit.GroupResources, out *GroupResources, s conversion.Scope) error

                Convert_audit_GroupResources_To_v1alpha1_GroupResources is an autogenerated conversion function.

                func Convert_audit_ObjectReference_To_v1alpha1_ObjectReference

                func Convert_audit_ObjectReference_To_v1alpha1_ObjectReference(in *audit.ObjectReference, out *ObjectReference, s conversion.Scope) error

                func Convert_audit_PolicyList_To_v1alpha1_PolicyList

                func Convert_audit_PolicyList_To_v1alpha1_PolicyList(in *audit.PolicyList, out *PolicyList, s conversion.Scope) error

                  Convert_audit_PolicyList_To_v1alpha1_PolicyList is an autogenerated conversion function.

                  func Convert_audit_PolicyRule_To_v1alpha1_PolicyRule

                  func Convert_audit_PolicyRule_To_v1alpha1_PolicyRule(in *audit.PolicyRule, out *PolicyRule, s conversion.Scope) error

                    Convert_audit_PolicyRule_To_v1alpha1_PolicyRule is an autogenerated conversion function.

                    func Convert_audit_Policy_To_v1alpha1_Policy

                    func Convert_audit_Policy_To_v1alpha1_Policy(in *audit.Policy, out *Policy, s conversion.Scope) error

                      Convert_audit_Policy_To_v1alpha1_Policy is an autogenerated conversion function.

                      func Convert_v1alpha1_EventList_To_audit_EventList

                      func Convert_v1alpha1_EventList_To_audit_EventList(in *EventList, out *audit.EventList, s conversion.Scope) error

                        Convert_v1alpha1_EventList_To_audit_EventList is an autogenerated conversion function.

                        func Convert_v1alpha1_Event_To_audit_Event

                        func Convert_v1alpha1_Event_To_audit_Event(in *Event, out *audit.Event, s conversion.Scope) error

                        func Convert_v1alpha1_GroupResources_To_audit_GroupResources

                        func Convert_v1alpha1_GroupResources_To_audit_GroupResources(in *GroupResources, out *audit.GroupResources, s conversion.Scope) error

                          Convert_v1alpha1_GroupResources_To_audit_GroupResources is an autogenerated conversion function.

                          func Convert_v1alpha1_ObjectReference_To_audit_ObjectReference

                          func Convert_v1alpha1_ObjectReference_To_audit_ObjectReference(in *ObjectReference, out *audit.ObjectReference, s conversion.Scope) error

                          func Convert_v1alpha1_PolicyList_To_audit_PolicyList

                          func Convert_v1alpha1_PolicyList_To_audit_PolicyList(in *PolicyList, out *audit.PolicyList, s conversion.Scope) error

                            Convert_v1alpha1_PolicyList_To_audit_PolicyList is an autogenerated conversion function.

                            func Convert_v1alpha1_PolicyRule_To_audit_PolicyRule

                            func Convert_v1alpha1_PolicyRule_To_audit_PolicyRule(in *PolicyRule, out *audit.PolicyRule, s conversion.Scope) error

                              Convert_v1alpha1_PolicyRule_To_audit_PolicyRule is an autogenerated conversion function.

                              func Convert_v1alpha1_Policy_To_audit_Policy

                              func Convert_v1alpha1_Policy_To_audit_Policy(in *Policy, out *audit.Policy, s conversion.Scope) error

                                Convert_v1alpha1_Policy_To_audit_Policy is an autogenerated conversion function.

                                func RegisterConversions

                                func RegisterConversions(s *runtime.Scheme) error

                                  RegisterConversions adds conversion functions to the given scheme. Public to allow building arbitrary schemes.

                                  func RegisterDefaults

                                  func RegisterDefaults(scheme *runtime.Scheme) error

                                    RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.

                                    func Resource

                                    func Resource(resource string) schema.GroupResource

                                      Resource takes an unqualified resource and returns a Group qualified GroupResource

                                      Types

                                      type Event

                                      type Event struct {
                                      	metav1.TypeMeta `json:",inline"`
                                      	// ObjectMeta is included for interoperability with API infrastructure.
                                      	// +optional
                                      	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
                                      
                                      	// AuditLevel at which event was generated
                                      	Level Level `json:"level" protobuf:"bytes,2,opt,name=level,casttype=Level"`
                                      
                                      	// Time the request reached the apiserver.
                                      	Timestamp metav1.Time `json:"timestamp" protobuf:"bytes,3,opt,name=timestamp"`
                                      	// Unique audit ID, generated for each request.
                                      	AuditID types.UID `json:"auditID" protobuf:"bytes,4,opt,name=auditID,casttype=k8s.io/apimachinery/pkg/types.UID"`
                                      	// Stage of the request handling when this event instance was generated.
                                      	Stage Stage `json:"stage" protobuf:"bytes,5,opt,name=stage,casttype=Stage"`
                                      
                                      	// RequestURI is the request URI as sent by the client to a server.
                                      	RequestURI string `json:"requestURI" protobuf:"bytes,6,opt,name=requestURI"`
                                      	// Verb is the kubernetes verb associated with the request.
                                      	// For non-resource requests, this is the lower-cased HTTP method.
                                      	Verb string `json:"verb" protobuf:"bytes,7,opt,name=verb"`
                                      	// Authenticated user information.
                                      	User authnv1.UserInfo `json:"user" protobuf:"bytes,8,opt,name=user"`
                                      	// Impersonated user information.
                                      	// +optional
                                      	ImpersonatedUser *authnv1.UserInfo `json:"impersonatedUser,omitempty" protobuf:"bytes,9,opt,name=impersonatedUser"`
                                      	// Source IPs, from where the request originated and intermediate proxies.
                                      	// +optional
                                      	SourceIPs []string `json:"sourceIPs,omitempty" protobuf:"bytes,10,rep,name=sourceIPs"`
                                      	// UserAgent records the user agent string reported by the client.
                                      	// Note that the UserAgent is provided by the client, and must not be trusted.
                                      	// +optional
                                      	UserAgent string `json:"userAgent,omitempty" protobuf:"bytes,18,opt,name=userAgent"`
                                      	// Object reference this request is targeted at.
                                      	// Does not apply for List-type requests, or non-resource requests.
                                      	// +optional
                                      	ObjectRef *ObjectReference `json:"objectRef,omitempty" protobuf:"bytes,11,opt,name=objectRef"`
                                      	// The response status, populated even when the ResponseObject is not a Status type.
                                      	// For successful responses, this will only include the Code and StatusSuccess.
                                      	// For non-status type error responses, this will be auto-populated with the error Message.
                                      	// +optional
                                      	ResponseStatus *metav1.Status `json:"responseStatus,omitempty" protobuf:"bytes,12,opt,name=responseStatus"`
                                      
                                      	// API object from the request, in JSON format. The RequestObject is recorded as-is in the request
                                      	// (possibly re-encoded as JSON), prior to version conversion, defaulting, admission or
                                      	// merging. It is an external versioned object type, and may not be a valid object on its own.
                                      	// Omitted for non-resource requests.  Only logged at Request Level and higher.
                                      	// +optional
                                      	RequestObject *runtime.Unknown `json:"requestObject,omitempty" protobuf:"bytes,13,opt,name=requestObject"`
                                      	// API object returned in the response, in JSON. The ResponseObject is recorded after conversion
                                      	// to the external type, and serialized as JSON.  Omitted for non-resource requests.  Only logged
                                      	// at Response Level.
                                      	// +optional
                                      	ResponseObject *runtime.Unknown `json:"responseObject,omitempty" protobuf:"bytes,14,opt,name=responseObject"`
                                      	// Time the request reached the apiserver.
                                      	// +optional
                                      	RequestReceivedTimestamp metav1.MicroTime `json:"requestReceivedTimestamp" protobuf:"bytes,15,opt,name=requestReceivedTimestamp"`
                                      	// Time the request reached current audit stage.
                                      	// +optional
                                      	StageTimestamp metav1.MicroTime `json:"stageTimestamp" protobuf:"bytes,16,opt,name=stageTimestamp"`
                                      
                                      	// Annotations is an unstructured key value map stored with an audit event that may be set by
                                      	// plugins invoked in the request serving chain, including authentication, authorization and
                                      	// admission plugins. Note that these annotations are for the audit event, and do not correspond
                                      	// to the metadata.annotations of the submitted object. Keys should uniquely identify the informing
                                      	// component to avoid name collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values
                                      	// should be short. Annotations are included in the Metadata level.
                                      	// +optional
                                      	Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,17,rep,name=annotations"`
                                      }

                                        Event captures all the information that can be included in an API audit log.

                                        func (*Event) DeepCopy

                                        func (in *Event) DeepCopy() *Event

                                          DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Event.

                                          func (*Event) DeepCopyInto

                                          func (in *Event) DeepCopyInto(out *Event)

                                            DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                            func (*Event) DeepCopyObject

                                            func (in *Event) DeepCopyObject() runtime.Object

                                              DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                              func (*Event) Descriptor

                                              func (*Event) Descriptor() ([]byte, []int)

                                              func (*Event) Marshal

                                              func (m *Event) Marshal() (dAtA []byte, err error)

                                              func (*Event) MarshalTo

                                              func (m *Event) MarshalTo(dAtA []byte) (int, error)

                                              func (*Event) ProtoMessage

                                              func (*Event) ProtoMessage()

                                              func (*Event) Reset

                                              func (m *Event) Reset()

                                              func (*Event) Size

                                              func (m *Event) Size() (n int)

                                              func (*Event) String

                                              func (this *Event) String() string

                                              func (*Event) Unmarshal

                                              func (m *Event) Unmarshal(dAtA []byte) error

                                              type EventList

                                              type EventList struct {
                                              	metav1.TypeMeta `json:",inline"`
                                              	// +optional
                                              	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
                                              
                                              	Items []Event `json:"items" protobuf:"bytes,2,rep,name=items"`
                                              }

                                                EventList is a list of audit Events.

                                                func (*EventList) DeepCopy

                                                func (in *EventList) DeepCopy() *EventList

                                                  DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventList.

                                                  func (*EventList) DeepCopyInto

                                                  func (in *EventList) DeepCopyInto(out *EventList)

                                                    DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                    func (*EventList) DeepCopyObject

                                                    func (in *EventList) DeepCopyObject() runtime.Object

                                                      DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                      func (*EventList) Descriptor

                                                      func (*EventList) Descriptor() ([]byte, []int)

                                                      func (*EventList) Marshal

                                                      func (m *EventList) Marshal() (dAtA []byte, err error)

                                                      func (*EventList) MarshalTo

                                                      func (m *EventList) MarshalTo(dAtA []byte) (int, error)

                                                      func (*EventList) ProtoMessage

                                                      func (*EventList) ProtoMessage()

                                                      func (*EventList) Reset

                                                      func (m *EventList) Reset()

                                                      func (*EventList) Size

                                                      func (m *EventList) Size() (n int)

                                                      func (*EventList) String

                                                      func (this *EventList) String() string

                                                      func (*EventList) Unmarshal

                                                      func (m *EventList) Unmarshal(dAtA []byte) error

                                                      type GroupResources

                                                      type GroupResources struct {
                                                      	// Group is the name of the API group that contains the resources.
                                                      	// The empty string represents the core API group.
                                                      	// +optional
                                                      	Group string `json:"group,omitempty" protobuf:"bytes,1,opt,name=group"`
                                                      	// Resources is a list of resources this rule applies to.
                                                      	//
                                                      	// For example:
                                                      	// 'pods' matches pods.
                                                      	// 'pods/log' matches the log subresource of pods.
                                                      	// '*' matches all resources and their subresources.
                                                      	// 'pods/*' matches all subresources of pods.
                                                      	// '*/scale' matches all scale subresources.
                                                      	//
                                                      	// If wildcard is present, the validation rule will ensure resources do not
                                                      	// overlap with each other.
                                                      	//
                                                      	// An empty list implies all resources and subresources in this API groups apply.
                                                      	// +optional
                                                      	Resources []string `json:"resources,omitempty" protobuf:"bytes,2,rep,name=resources"`
                                                      	// ResourceNames is a list of resource instance names that the policy matches.
                                                      	// Using this field requires Resources to be specified.
                                                      	// An empty list implies that every instance of the resource is matched.
                                                      	// +optional
                                                      	ResourceNames []string `json:"resourceNames,omitempty" protobuf:"bytes,3,rep,name=resourceNames"`
                                                      }

                                                        GroupResources represents resource kinds in an API group.

                                                        func (*GroupResources) DeepCopy

                                                        func (in *GroupResources) DeepCopy() *GroupResources

                                                          DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupResources.

                                                          func (*GroupResources) DeepCopyInto

                                                          func (in *GroupResources) DeepCopyInto(out *GroupResources)

                                                            DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                            func (*GroupResources) Descriptor

                                                            func (*GroupResources) Descriptor() ([]byte, []int)

                                                            func (*GroupResources) Marshal

                                                            func (m *GroupResources) Marshal() (dAtA []byte, err error)

                                                            func (*GroupResources) MarshalTo

                                                            func (m *GroupResources) MarshalTo(dAtA []byte) (int, error)

                                                            func (*GroupResources) ProtoMessage

                                                            func (*GroupResources) ProtoMessage()

                                                            func (*GroupResources) Reset

                                                            func (m *GroupResources) Reset()

                                                            func (*GroupResources) Size

                                                            func (m *GroupResources) Size() (n int)

                                                            func (*GroupResources) String

                                                            func (this *GroupResources) String() string

                                                            func (*GroupResources) Unmarshal

                                                            func (m *GroupResources) Unmarshal(dAtA []byte) error

                                                            type Level

                                                            type Level string

                                                              Level defines the amount of information logged during auditing

                                                              const (
                                                              	// LevelNone disables auditing
                                                              	LevelNone Level = "None"
                                                              	// LevelMetadata provides the basic level of auditing.
                                                              	LevelMetadata Level = "Metadata"
                                                              	// LevelRequest provides Metadata level of auditing, and additionally
                                                              	// logs the request object (does not apply for non-resource requests).
                                                              	LevelRequest Level = "Request"
                                                              	// LevelRequestResponse provides Request level of auditing, and additionally
                                                              	// logs the response object (does not apply for non-resource requests).
                                                              	LevelRequestResponse Level = "RequestResponse"
                                                              )

                                                                Valid audit levels

                                                                type ObjectReference

                                                                type ObjectReference struct {
                                                                	// +optional
                                                                	Resource string `json:"resource,omitempty" protobuf:"bytes,1,opt,name=resource"`
                                                                	// +optional
                                                                	Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,opt,name=namespace"`
                                                                	// +optional
                                                                	Name string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"`
                                                                	// +optional
                                                                	UID types.UID `json:"uid,omitempty" protobuf:"bytes,4,opt,name=uid,casttype=k8s.io/apimachinery/pkg/types.UID"`
                                                                	// +optional
                                                                	APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,5,opt,name=apiVersion"`
                                                                	// +optional
                                                                	ResourceVersion string `json:"resourceVersion,omitempty" protobuf:"bytes,6,opt,name=resourceVersion"`
                                                                	// +optional
                                                                	Subresource string `json:"subresource,omitempty" protobuf:"bytes,7,opt,name=subresource"`
                                                                }

                                                                  ObjectReference contains enough information to let you inspect or modify the referred object.

                                                                  func (*ObjectReference) DeepCopy

                                                                  func (in *ObjectReference) DeepCopy() *ObjectReference

                                                                    DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference.

                                                                    func (*ObjectReference) DeepCopyInto

                                                                    func (in *ObjectReference) DeepCopyInto(out *ObjectReference)

                                                                      DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                      func (*ObjectReference) Descriptor

                                                                      func (*ObjectReference) Descriptor() ([]byte, []int)

                                                                      func (*ObjectReference) Marshal

                                                                      func (m *ObjectReference) Marshal() (dAtA []byte, err error)

                                                                      func (*ObjectReference) MarshalTo

                                                                      func (m *ObjectReference) MarshalTo(dAtA []byte) (int, error)

                                                                      func (*ObjectReference) ProtoMessage

                                                                      func (*ObjectReference) ProtoMessage()

                                                                      func (*ObjectReference) Reset

                                                                      func (m *ObjectReference) Reset()

                                                                      func (*ObjectReference) Size

                                                                      func (m *ObjectReference) Size() (n int)

                                                                      func (*ObjectReference) String

                                                                      func (this *ObjectReference) String() string

                                                                      func (*ObjectReference) Unmarshal

                                                                      func (m *ObjectReference) Unmarshal(dAtA []byte) error

                                                                      type Policy

                                                                      type Policy struct {
                                                                      	metav1.TypeMeta `json:",inline"`
                                                                      	// ObjectMeta is included for interoperability with API infrastructure.
                                                                      	// +optional
                                                                      	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
                                                                      
                                                                      	// Rules specify the audit Level a request should be recorded at.
                                                                      	// A request may match multiple rules, in which case the FIRST matching rule is used.
                                                                      	// The default audit level is None, but can be overridden by a catch-all rule at the end of the list.
                                                                      	// PolicyRules are strictly ordered.
                                                                      	Rules []PolicyRule `json:"rules" protobuf:"bytes,2,rep,name=rules"`
                                                                      
                                                                      	// OmitStages is a list of stages for which no events are created. Note that this can also
                                                                      	// be specified per rule in which case the union of both are omitted.
                                                                      	// +optional
                                                                      	OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,3,rep,name=omitStages"`
                                                                      }

                                                                        Policy defines the configuration of audit logging, and the rules for how different request categories are logged.

                                                                        func (*Policy) DeepCopy

                                                                        func (in *Policy) DeepCopy() *Policy

                                                                          DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

                                                                          func (*Policy) DeepCopyInto

                                                                          func (in *Policy) DeepCopyInto(out *Policy)

                                                                            DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                            func (*Policy) DeepCopyObject

                                                                            func (in *Policy) DeepCopyObject() runtime.Object

                                                                              DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                              func (*Policy) Descriptor

                                                                              func (*Policy) Descriptor() ([]byte, []int)

                                                                              func (*Policy) Marshal

                                                                              func (m *Policy) Marshal() (dAtA []byte, err error)

                                                                              func (*Policy) MarshalTo

                                                                              func (m *Policy) MarshalTo(dAtA []byte) (int, error)

                                                                              func (*Policy) ProtoMessage

                                                                              func (*Policy) ProtoMessage()

                                                                              func (*Policy) Reset

                                                                              func (m *Policy) Reset()

                                                                              func (*Policy) Size

                                                                              func (m *Policy) Size() (n int)

                                                                              func (*Policy) String

                                                                              func (this *Policy) String() string

                                                                              func (*Policy) Unmarshal

                                                                              func (m *Policy) Unmarshal(dAtA []byte) error

                                                                              type PolicyList

                                                                              type PolicyList struct {
                                                                              	metav1.TypeMeta `json:",inline"`
                                                                              	// +optional
                                                                              	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
                                                                              
                                                                              	Items []Policy `json:"items" protobuf:"bytes,2,rep,name=items"`
                                                                              }

                                                                                PolicyList is a list of audit Policies.

                                                                                func (*PolicyList) DeepCopy

                                                                                func (in *PolicyList) DeepCopy() *PolicyList

                                                                                  DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList.

                                                                                  func (*PolicyList) DeepCopyInto

                                                                                  func (in *PolicyList) DeepCopyInto(out *PolicyList)

                                                                                    DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                    func (*PolicyList) DeepCopyObject

                                                                                    func (in *PolicyList) DeepCopyObject() runtime.Object

                                                                                      DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                                      func (*PolicyList) Descriptor

                                                                                      func (*PolicyList) Descriptor() ([]byte, []int)

                                                                                      func (*PolicyList) Marshal

                                                                                      func (m *PolicyList) Marshal() (dAtA []byte, err error)

                                                                                      func (*PolicyList) MarshalTo

                                                                                      func (m *PolicyList) MarshalTo(dAtA []byte) (int, error)

                                                                                      func (*PolicyList) ProtoMessage

                                                                                      func (*PolicyList) ProtoMessage()

                                                                                      func (*PolicyList) Reset

                                                                                      func (m *PolicyList) Reset()

                                                                                      func (*PolicyList) Size

                                                                                      func (m *PolicyList) Size() (n int)

                                                                                      func (*PolicyList) String

                                                                                      func (this *PolicyList) String() string

                                                                                      func (*PolicyList) Unmarshal

                                                                                      func (m *PolicyList) Unmarshal(dAtA []byte) error

                                                                                      type PolicyRule

                                                                                      type PolicyRule struct {
                                                                                      	// The Level that requests matching this rule are recorded at.
                                                                                      	Level Level `json:"level" protobuf:"bytes,1,opt,name=level,casttype=Level"`
                                                                                      
                                                                                      	// The users (by authenticated user name) this rule applies to.
                                                                                      	// An empty list implies every user.
                                                                                      	// +optional
                                                                                      	Users []string `json:"users,omitempty" protobuf:"bytes,2,rep,name=users"`
                                                                                      	// The user groups this rule applies to. A user is considered matching
                                                                                      	// if it is a member of any of the UserGroups.
                                                                                      	// An empty list implies every user group.
                                                                                      	// +optional
                                                                                      	UserGroups []string `json:"userGroups,omitempty" protobuf:"bytes,3,rep,name=userGroups"`
                                                                                      
                                                                                      	// The verbs that match this rule.
                                                                                      	// An empty list implies every verb.
                                                                                      	// +optional
                                                                                      	Verbs []string `json:"verbs,omitempty" protobuf:"bytes,4,rep,name=verbs"`
                                                                                      
                                                                                      	// Resources that this rule matches. An empty list implies all kinds in all API groups.
                                                                                      	// +optional
                                                                                      	Resources []GroupResources `json:"resources,omitempty" protobuf:"bytes,5,rep,name=resources"`
                                                                                      	// Namespaces that this rule matches.
                                                                                      	// The empty string "" matches non-namespaced resources.
                                                                                      	// An empty list implies every namespace.
                                                                                      	// +optional
                                                                                      	Namespaces []string `json:"namespaces,omitempty" protobuf:"bytes,6,rep,name=namespaces"`
                                                                                      
                                                                                      	// NonResourceURLs is a set of URL paths that should be audited.
                                                                                      	// *s are allowed, but only as the full, final step in the path.
                                                                                      	// Examples:
                                                                                      	//  "/metrics" - Log requests for apiserver metrics
                                                                                      	//  "/healthz*" - Log all health checks
                                                                                      	// +optional
                                                                                      	NonResourceURLs []string `json:"nonResourceURLs,omitempty" protobuf:"bytes,7,rep,name=nonResourceURLs"`
                                                                                      
                                                                                      	// OmitStages is a list of stages for which no events are created. Note that this can also
                                                                                      	// be specified policy wide in which case the union of both are omitted.
                                                                                      	// An empty list means no restrictions will apply.
                                                                                      	// +optional
                                                                                      	OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,8,rep,name=omitStages"`
                                                                                      }

                                                                                        PolicyRule maps requests based off metadata to an audit Level. Requests must match the rules of every field (an intersection of rules).

                                                                                        func (*PolicyRule) DeepCopy

                                                                                        func (in *PolicyRule) DeepCopy() *PolicyRule

                                                                                          DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRule.

                                                                                          func (*PolicyRule) DeepCopyInto

                                                                                          func (in *PolicyRule) DeepCopyInto(out *PolicyRule)

                                                                                            DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                            func (*PolicyRule) Descriptor

                                                                                            func (*PolicyRule) Descriptor() ([]byte, []int)

                                                                                            func (*PolicyRule) Marshal

                                                                                            func (m *PolicyRule) Marshal() (dAtA []byte, err error)

                                                                                            func (*PolicyRule) MarshalTo

                                                                                            func (m *PolicyRule) MarshalTo(dAtA []byte) (int, error)

                                                                                            func (*PolicyRule) ProtoMessage

                                                                                            func (*PolicyRule) ProtoMessage()

                                                                                            func (*PolicyRule) Reset

                                                                                            func (m *PolicyRule) Reset()

                                                                                            func (*PolicyRule) Size

                                                                                            func (m *PolicyRule) Size() (n int)

                                                                                            func (*PolicyRule) String

                                                                                            func (this *PolicyRule) String() string

                                                                                            func (*PolicyRule) Unmarshal

                                                                                            func (m *PolicyRule) Unmarshal(dAtA []byte) error

                                                                                            type Stage

                                                                                            type Stage string

                                                                                              Stage defines the stages in request handling that audit events may be generated.