Documentation
¶
Index ¶
- Variables
- type Plugin
- func (e *Plugin) DecodeEvent(evt sdk.EventReader) (*fastjson.Value, error)
- func (e *Plugin) DecodeReader(evtNum uint64, reader io.ReadSeeker) (*fastjson.Value, error)
- func (k *Plugin) Extract(req sdk.ExtractRequest, evt sdk.EventReader) error
- func (e *Plugin) ExtractFromEvent(req sdk.ExtractRequest, evt sdk.EventReader) error
- func (e *Plugin) ExtractFromJSON(req sdk.ExtractRequest, jsonValue *fastjson.Value) error
- func (k *Plugin) Fields() []sdk.FieldEntry
- func (k *Plugin) Info() *plugins.Info
- func (k *Plugin) Init(cfg string) error
- func (p *Plugin) InitSchema() *sdk.SchemaInfo
- func (k *Plugin) Open(params string) (source.Instance, error)
- func (k *Plugin) OpenReader(r io.ReadCloser) (source.Instance, error)
- func (k *Plugin) OpenWebServer(address, endpoint string, ssl bool) (source.Instance, error)
- func (k *Plugin) ParseAuditEventsJSON(value *fastjson.Value) ([]*source.PushEvent, error)
- func (k *Plugin) ParseAuditEventsPayload(payload []byte) ([]*source.PushEvent, error)
- func (k *Plugin) String(evt sdk.EventReader) (string, error)
- type PluginConfig
Constants ¶
This section is empty.
Variables ¶
var ( // ErrExtractNotAvailable indicates that the requested field cannot be // extracted from a certain event due to some value not being available // inside the event. ErrExtractNotAvailable = fmt.Errorf("field not available") // // ErrExtractWrongType indicates that the requested field cannot be // extracted from a certain event due to some value having an unexpected // type inside the event. ErrExtractWrongType = fmt.Errorf("wrong type conversion") // // ErrExtractBrokenJSON indicates that the requested field cannot be // extracted from a certain event due to the internal JSON prepresentaiton // being broken or badly formatted ErrExtractBrokenJSON = fmt.Errorf("broken JSON data") // // ErrExtractUnsupportedType indicates that the requested field cannot be // extracted from a certain event due to its field type being not supported ErrExtractUnsupportedType = fmt.Errorf("type not supported") )
Functions ¶
This section is empty.
Types ¶
type Plugin ¶
type Plugin struct {
plugins.BasePlugin
Config PluginConfig
// contains filtered or unexported fields
}
Plugin implements extractor.Plugin and extracts K8S Audit fields from K8S Audit events. The event data is expected to be a JSON that in the form that is provided by K8S Audit webhook (see https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#webhook-backend). The ExtractFromEvent method can be used to easily process an ExtractRequest. If the Audit Event data is nested inside another JSON object, you can use a combination of the Decode/DecodeEvent and ExtractFromJSON convenience methods. Plugin relies on the fastjson package for performant manipulation of JSON data.
func (*Plugin) DecodeEvent ¶
DecodeEvent parses a JSON value from a sdk.EventReader
func (*Plugin) DecodeReader ¶
Decode parses a JSON value from an io.ReadSeeker
func (*Plugin) Extract ¶
func (k *Plugin) Extract(req sdk.ExtractRequest, evt sdk.EventReader) error
func (*Plugin) ExtractFromEvent ¶
func (e *Plugin) ExtractFromEvent(req sdk.ExtractRequest, evt sdk.EventReader) error
ExtractFromEvent processes a sdk.ExtractRequest and extracts a field by reading data from a sdk.EventReader
func (*Plugin) ExtractFromJSON ¶
ExtractFromJSON processes a sdk.ExtractRequest and extracts a field by reading data from a jsonValue *fastjson.Value
func (*Plugin) Fields ¶
func (k *Plugin) Fields() []sdk.FieldEntry
Fields returns the list of extractor fields exported for K8S Audit events.
func (*Plugin) InitSchema ¶
func (p *Plugin) InitSchema() *sdk.SchemaInfo
func (*Plugin) OpenReader ¶
OpenReader opens a source.Instance event stream that reads K8S Audit Events from a io.ReadCloser. Each Event is a JSON object encoded with JSONL notation (see: https://jsonlines.org/).
func (*Plugin) OpenWebServer ¶
OpenWebServer opens a source.Instance event stream that receives K8S Audit Events by starting a server and listening for JSON webhooks. The expected JSON format is the one of K8S API Server webhook backend (see: https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/#webhook-backend).
func (*Plugin) ParseAuditEventsJSON ¶
ParseAuditEventsJSON is the same as ParseAuditEventsPayload, but takes a pre-parsed JSON as input. The JSON representation is the one of the fastjson library.
func (*Plugin) ParseAuditEventsPayload ¶
ParseAuditEventsPayload parses a byte slice representing a JSON payload that contains one or more K8S Audit Events. If the payload is parsed correctly, returns the slice containing all the events parsed and a nil error. A nil slice and a non-nil error is returned in case the parsing fails.
Even if a nil error is returned, each of the events of the returned slice can still contain an error (source.PushEvent.Err is non-nil). The reason is that if a single event is corrupted, this function still attempts to parse the rest of the events in the payload.
type PluginConfig ¶
type PluginConfig struct {
SSLCertificate string `` /* 198-byte string literal not displayed */
UseAsync bool `` /* 162-byte string literal not displayed */
MaxEventSize uint64 `` /* 145-byte string literal not displayed */
WebhookMaxBatchSize uint64 `` /* 177-byte string literal not displayed */
}
func (*PluginConfig) Reset ¶
func (k *PluginConfig) Reset()
Resets sets the configuration to its default values
Source Files