Documentation

Overview

    TODO: Delete this file if we generate a clientset.

    Index

    Constants

    This section is empty.

    Variables

    View Source
    var (
    	ApiserverAuditDroppedCounter = prometheus.NewCounter(
    		prometheus.CounterOpts{
    			Subsystem: subsystem,
    			Name:      "requests_rejected_total",
    			Help: "Counter of apiserver requests rejected due to an error " +
    				"in audit logging backend.",
    		},
    	)
    )
    View Source
    var Scheme = runtime.NewScheme()

    Functions

    func EventString

    func EventString(ev *auditinternal.Event) string

      EventString creates a 1-line text representation of an audit event, using a subset of the information in the event struct.

      func HandlePluginError

      func HandlePluginError(plugin string, err error, impacted ...*auditinternal.Event)

        HandlePluginError handles an error that occurred in an audit plugin. This method should only be used if the error may have prevented the audit event from being properly recorded. The events are logged to the debug log.

        func LogAnnotation

        func LogAnnotation(ae *auditinternal.Event, key, value string)

          LogAnnotation fills in the Annotations according to the key value pair.

          func LogAnnotations

          func LogAnnotations(ae *auditinternal.Event, annotations map[string]string)

            LogAnnotations fills in the Annotations according to the annotations map.

            func LogImpersonatedUser

            func LogImpersonatedUser(ae *auditinternal.Event, user user.Info)

              LogImpersonatedUser fills in the impersonated user attributes into an audit event.

              func LogRequestObject

              func LogRequestObject(ae *auditinternal.Event, obj runtime.Object, gvr schema.GroupVersionResource, subresource string, s runtime.NegotiatedSerializer)

                LogRequestObject fills in the request object into an audit event. The passed runtime.Object will be converted to the given gv.

                func LogRequestPatch

                func LogRequestPatch(ae *auditinternal.Event, patch []byte)

                  LogRequestPatch fills in the given patch as the request object into an audit event.

                  func LogResponseObject

                    LogResponseObject fills in the response object into an audit event. The passed runtime.Object will be converted to the given gv.

                    func NewEventFromRequest

                    func NewEventFromRequest(req *http.Request, level auditinternal.Level, attribs authorizer.Attributes) (*auditinternal.Event, error)

                    func ObserveEvent

                    func ObserveEvent()

                      ObserveEvent updates the relevant prometheus metrics for the generated audit event.

                      func ObservePolicyLevel

                      func ObservePolicyLevel(level auditinternal.Level)

                        ObservePolicyLevel updates the relevant prometheus metrics with the audit level for a request.

                        Types

                        type Backend

                        type Backend interface {
                        	Sink
                        
                        	// Run will initialize the backend. It must not block, but may run go routines in the background. If
                        	// stopCh is closed, it is supposed to stop them. Run will be called before the first call to ProcessEvents.
                        	Run(stopCh <-chan struct{}) error
                        
                        	// Shutdown will synchronously shut down the backend while making sure that all pending
                        	// events are delivered. It can be assumed that this method is called after
                        	// the stopCh channel passed to the Run method has been closed.
                        	Shutdown()
                        
                        	// Returns the backend PluginName.
                        	String() string
                        }

                        func Union

                        func Union(backends ...Backend) Backend

                          Union returns an audit Backend which logs events to a set of backends. The returned Sink implementation blocks in turn for each call to ProcessEvents.

                          type Sink

                          type Sink interface {
                          	// ProcessEvents handles events. Per audit ID it might be that ProcessEvents is called up to three times.
                          	// Errors might be logged by the sink itself. If an error should be fatal, leading to an internal
                          	// error, ProcessEvents is supposed to panic. The event must not be mutated and is reused by the caller
                          	// after the call returns, i.e. the sink has to make a deepcopy to keep a copy around if necessary.
                          	// Returns true on success, may return false on error.
                          	ProcessEvents(events ...*auditinternal.Event) bool
                          }

                          Directories

                          Path Synopsis