v1alpha1

package
v1.8.0-alpha.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 2, 2017 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

+groupName=audit.k8s.io

Index

Constants

View Source 
const (
	// The stage for events generated as soon as the audit handler receives the request, and before it
	// is delegated down the handler chain.
	StageRequestReceived = "RequestReceived"
	// The stage for events generated once the response headers are sent, but before the response body
	// is sent. This stage is only generated for long-running requests (e.g. watch).
	StageResponseStarted = "ResponseStarted"
	// The stage for events generated once the response body has been completed, and no more bytes
	// will be sent.
	StageResponseComplete = "ResponseComplete"
	// The stage for events generated when a panic occured.
	StagePanic = "Panic"
)

Valid audit stages.

View Source 
const GroupName = "audit.k8s.io"

GroupName is the group name use in this package

View Source 
const (
	// Header to hold the audit ID as the request is propagated through the serving hierarchy. The
	// Audit-ID header should be set by the first server to receive the request (e.g. the federation
	// server or kube-aggregator).
	HeaderAuditID = "Audit-ID"
)

Header keys used by the audit system.

Variables

View Source 
var (
	SchemeBuilder runtime.SchemeBuilder

	AddToScheme = localSchemeBuilder.AddToScheme
)
View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

SchemeGroupVersion is group version used to register these objects

Functions

func Convert_audit_EventList_To_v1alpha1_EventList 

func Convert_audit_EventList_To_v1alpha1_EventList(in *audit.EventList, out *EventList, s conversion.Scope) error

Convert_audit_EventList_To_v1alpha1_EventList is an autogenerated conversion function.

func Convert_audit_Event_To_v1alpha1_Event 

func Convert_audit_Event_To_v1alpha1_Event(in *audit.Event, out *Event, s conversion.Scope) error

Convert_audit_Event_To_v1alpha1_Event is an autogenerated conversion function.

func Convert_audit_GroupResources_To_v1alpha1_GroupResources 

func Convert_audit_GroupResources_To_v1alpha1_GroupResources(in *audit.GroupResources, out *GroupResources, s conversion.Scope) error

Convert_audit_GroupResources_To_v1alpha1_GroupResources is an autogenerated conversion function.

func Convert_audit_ObjectReference_To_v1alpha1_ObjectReference 

func Convert_audit_ObjectReference_To_v1alpha1_ObjectReference(in *audit.ObjectReference, out *ObjectReference, s conversion.Scope) error

Convert_audit_ObjectReference_To_v1alpha1_ObjectReference is an autogenerated conversion function.

func Convert_audit_PolicyList_To_v1alpha1_PolicyList 

func Convert_audit_PolicyList_To_v1alpha1_PolicyList(in *audit.PolicyList, out *PolicyList, s conversion.Scope) error

Convert_audit_PolicyList_To_v1alpha1_PolicyList is an autogenerated conversion function.

func Convert_audit_PolicyRule_To_v1alpha1_PolicyRule 

func Convert_audit_PolicyRule_To_v1alpha1_PolicyRule(in *audit.PolicyRule, out *PolicyRule, s conversion.Scope) error

Convert_audit_PolicyRule_To_v1alpha1_PolicyRule is an autogenerated conversion function.

func Convert_audit_Policy_To_v1alpha1_Policy 

func Convert_audit_Policy_To_v1alpha1_Policy(in *audit.Policy, out *Policy, s conversion.Scope) error

Convert_audit_Policy_To_v1alpha1_Policy is an autogenerated conversion function.

func Convert_v1alpha1_EventList_To_audit_EventList 

func Convert_v1alpha1_EventList_To_audit_EventList(in *EventList, out *audit.EventList, s conversion.Scope) error

Convert_v1alpha1_EventList_To_audit_EventList is an autogenerated conversion function.

func Convert_v1alpha1_Event_To_audit_Event 

func Convert_v1alpha1_Event_To_audit_Event(in *Event, out *audit.Event, s conversion.Scope) error

Convert_v1alpha1_Event_To_audit_Event is an autogenerated conversion function.

func Convert_v1alpha1_GroupResources_To_audit_GroupResources 

func Convert_v1alpha1_GroupResources_To_audit_GroupResources(in *GroupResources, out *audit.GroupResources, s conversion.Scope) error

Convert_v1alpha1_GroupResources_To_audit_GroupResources is an autogenerated conversion function.

func Convert_v1alpha1_ObjectReference_To_audit_ObjectReference 

func Convert_v1alpha1_ObjectReference_To_audit_ObjectReference(in *ObjectReference, out *audit.ObjectReference, s conversion.Scope) error

Convert_v1alpha1_ObjectReference_To_audit_ObjectReference is an autogenerated conversion function.

func Convert_v1alpha1_PolicyList_To_audit_PolicyList 

func Convert_v1alpha1_PolicyList_To_audit_PolicyList(in *PolicyList, out *audit.PolicyList, s conversion.Scope) error

Convert_v1alpha1_PolicyList_To_audit_PolicyList is an autogenerated conversion function.

func Convert_v1alpha1_PolicyRule_To_audit_PolicyRule 

func Convert_v1alpha1_PolicyRule_To_audit_PolicyRule(in *PolicyRule, out *audit.PolicyRule, s conversion.Scope) error

Convert_v1alpha1_PolicyRule_To_audit_PolicyRule is an autogenerated conversion function.

func Convert_v1alpha1_Policy_To_audit_Policy 

func Convert_v1alpha1_Policy_To_audit_Policy(in *Policy, out *audit.Policy, s conversion.Scope) error

Convert_v1alpha1_Policy_To_audit_Policy is an autogenerated conversion function.

func DeepCopy_v1alpha1_Event 

func DeepCopy_v1alpha1_Event(in interface{}, out interface{}, c *conversion.Cloner) error

DeepCopy_v1alpha1_Event is an autogenerated deepcopy function.

func DeepCopy_v1alpha1_EventList 

func DeepCopy_v1alpha1_EventList(in interface{}, out interface{}, c *conversion.Cloner) error

DeepCopy_v1alpha1_EventList is an autogenerated deepcopy function.

func DeepCopy_v1alpha1_GroupResources 

func DeepCopy_v1alpha1_GroupResources(in interface{}, out interface{}, c *conversion.Cloner) error

DeepCopy_v1alpha1_GroupResources is an autogenerated deepcopy function.

func DeepCopy_v1alpha1_ObjectReference 

func DeepCopy_v1alpha1_ObjectReference(in interface{}, out interface{}, c *conversion.Cloner) error

DeepCopy_v1alpha1_ObjectReference is an autogenerated deepcopy function.

func DeepCopy_v1alpha1_Policy 

func DeepCopy_v1alpha1_Policy(in interface{}, out interface{}, c *conversion.Cloner) error

DeepCopy_v1alpha1_Policy is an autogenerated deepcopy function.

func DeepCopy_v1alpha1_PolicyList 

func DeepCopy_v1alpha1_PolicyList(in interface{}, out interface{}, c *conversion.Cloner) error

DeepCopy_v1alpha1_PolicyList is an autogenerated deepcopy function.

func DeepCopy_v1alpha1_PolicyRule 

func DeepCopy_v1alpha1_PolicyRule(in interface{}, out interface{}, c *conversion.Cloner) error

DeepCopy_v1alpha1_PolicyRule is an autogenerated deepcopy function.

func RegisterConversions 

func RegisterConversions(scheme *runtime.Scheme) error

RegisterConversions adds conversion functions to the given scheme. Public to allow building arbitrary schemes.

func RegisterDeepCopies 

func RegisterDeepCopies(scheme *runtime.Scheme) error

RegisterDeepCopies adds deep-copy functions to the given scheme. Public to allow building arbitrary schemes.

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type Event 

type Event struct {
	metav1.TypeMeta `json:",inline"`
	// ObjectMeta is included for interoperability with API infrastructure.
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// AuditLevel at which event was generated
	Level Level `json:"level"`

	// Time the request reached the apiserver.
	Timestamp metav1.Time `json:"timestamp"`
	// Unique audit ID, generated for each request.
	AuditID types.UID `json:"auditID"`
	// Stage of the request handling when this event instance was generated.
	Stage Stage `json:"stage"`

	// RequestURI is the request URI as sent by the client to a server.
	RequestURI string `json:"requestURI"`
	// Verb is the kubernetes verb associated with the request.
	// For non-resource requests, this is identical to HttpMethod.
	Verb string `json:"verb"`
	// Authenticated user information.
	User authnv1.UserInfo `json:"user"`
	// Impersonated user information.
	// +optional
	ImpersonatedUser *authnv1.UserInfo `json:"impersonatedUser,omitempty"`
	// Source IPs, from where the request originated and intermediate proxies.
	// +optional
	SourceIPs []string `json:"sourceIPs,omitempty"`
	// Object reference this request is targeted at.
	// Does not apply for List-type requests, or non-resource requests.
	// +optional
	ObjectRef *ObjectReference `json:"objectRef,omitempty"`
	// The response status, populated even when the ResponseObject is not a Status type.
	// For successful responses, this will only include the Code and StatusSuccess.
	// For non-status type error responses, this will be auto-populated with the error Message.
	// +optional
	ResponseStatus *metav1.Status `json:"responseStatus,omitempty"`

	// API object from the request, in JSON format. The RequestObject is recorded as-is in the request
	// (possibly re-encoded as JSON), prior to version conversion, defaulting, admission or
	// merging. It is an external versioned object type, and may not be a valid object on its own.
	// Omitted for non-resource requests.  Only logged at Request Level and higher.
	// +optional
	RequestObject *runtime.Unknown `json:"requestObject,omitempty"`
	// API object returned in the response, in JSON. The ResponseObject is recorded after conversion
	// to the external type, and serialized as JSON.  Omitted for non-resource requests.  Only logged
	// at Response Level.
	// +optional
	ResponseObject *runtime.Unknown `json:"responseObject,omitempty"`
}

Event captures all the information that can be included in an API audit log.

func (*Event) CodecDecodeSelf 

func (x *Event) CodecDecodeSelf(d *codec1978.Decoder)

func (*Event) CodecEncodeSelf 

func (x *Event) CodecEncodeSelf(e *codec1978.Encoder)

type EventList 

type EventList struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ListMeta `json:"metadata,omitempty"`

	Items []Event `json:"items"`
}

EventList is a list of audit Events.

func (*EventList) CodecDecodeSelf 

func (x *EventList) CodecDecodeSelf(d *codec1978.Decoder)

func (*EventList) CodecEncodeSelf 

func (x *EventList) CodecEncodeSelf(e *codec1978.Encoder)

type GroupResources 

type GroupResources struct {
	// Group is the name of the API group that contains the resources.
	// The empty string represents the core API group.
	// +optional
	Group string `json:"group,omitempty"`
	// Resources is a list of resources within the API group.
	// Any empty list implies every resource kind in the API group.
	// +optional
	Resources []string `json:"resources,omitempty"`
}

GroupResources represents resource kinds in an API group.

func (*GroupResources) CodecDecodeSelf 

func (x *GroupResources) CodecDecodeSelf(d *codec1978.Decoder)

func (*GroupResources) CodecEncodeSelf 

func (x *GroupResources) CodecEncodeSelf(e *codec1978.Encoder)

type Level 

type Level string

Level defines the amount of information logged during auditing 

const (
	// LevelNone disables auditing
	LevelNone Level = "None"
	// LevelMetadata provides the basic level of auditing.
	LevelMetadata Level = "Metadata"
	// LevelRequest provides Metadata level of auditing, and additionally
	// logs the request object (does not apply for non-resource requests).
	LevelRequest Level = "Request"
	// LevelRequestResponse provides Request level of auditing, and additionally
	// logs the response object (does not apply for non-resource requests).
	LevelRequestResponse Level = "RequestResponse"
)

Valid audit levels

func (*Level) CodecDecodeSelf 

func (x *Level) CodecDecodeSelf(d *codec1978.Decoder)

func (Level) CodecEncodeSelf 

func (x Level) CodecEncodeSelf(e *codec1978.Encoder)

type ObjectReference 

type ObjectReference struct {
	// +optional
	Resource string `json:"resource,omitempty"`
	// +optional
	Namespace string `json:"namespace,omitempty"`
	// +optional
	Name string `json:"name,omitempty"`
	// +optional
	UID types.UID `json:"uid,omitempty"`
	// +optional
	APIVersion string `json:"apiVersion,omitempty"`
	// +optional
	ResourceVersion string `json:"resourceVersion,omitempty"`
	// +optional
	Subresource string `json:"subresource,omitempty"`
}

ObjectReference contains enough information to let you inspect or modify the referred object.

func (*ObjectReference) CodecDecodeSelf 

func (x *ObjectReference) CodecDecodeSelf(d *codec1978.Decoder)

func (*ObjectReference) CodecEncodeSelf 

func (x *ObjectReference) CodecEncodeSelf(e *codec1978.Encoder)

type Policy 

type Policy struct {
	metav1.TypeMeta `json:",inline"`
	// ObjectMeta is included for interoperability with API infrastructure.
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Rules specify the audit Level a request should be recorded at.
	// A request may match multiple rules, in which case the FIRST matching rule is used.
	// The default audit level is None, but can be overridden by a catch-all rule at the end of the list.
	// PolicyRules are strictly ordered.
	Rules []PolicyRule `json:"rules"`
}

Policy defines the configuration of audit logging, and the rules for how different request categories are logged.

func (*Policy) CodecDecodeSelf 

func (x *Policy) CodecDecodeSelf(d *codec1978.Decoder)

func (*Policy) CodecEncodeSelf 

func (x *Policy) CodecEncodeSelf(e *codec1978.Encoder)

type PolicyList 

type PolicyList struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ListMeta `json:"metadata,omitempty"`

	Items []Policy `json:"items"`
}

PolicyList is a list of audit Policies.

func (*PolicyList) CodecDecodeSelf 

func (x *PolicyList) CodecDecodeSelf(d *codec1978.Decoder)

func (*PolicyList) CodecEncodeSelf 

func (x *PolicyList) CodecEncodeSelf(e *codec1978.Encoder)

type PolicyRule 

type PolicyRule struct {
	// The Level that requests matching this rule are recorded at.
	Level Level `json:"level"`

	// The users (by authenticated user name) this rule applies to.
	// An empty list implies every user.
	// +optional
	Users []string `json:"users,omitempty"`
	// The user groups this rule applies to. A user is considered matching
	// if it is a member of any of the UserGroups.
	// An empty list implies every user group.
	// +optional
	UserGroups []string `json:"userGroups,omitempty"`

	// The verbs that match this rule.
	// An empty list implies every verb.
	// +optional
	Verbs []string `json:"verbs,omitempty"`

	// Resources that this rule matches. An empty list implies all kinds in all API groups.
	// +optional
	Resources []GroupResources `json:"resources,omitempty"`
	// Namespaces that this rule matches.
	// The empty string "" matches non-namespaced resources.
	// An empty list implies every namespace.
	// +optional
	Namespaces []string `json:"namespaces,omitempty"`

	// NonResourceURLs is a set of URL paths that should be audited.
	// *s are allowed, but only as the full, final step in the path.
	// Examples:
	//  "/metrics" - Log requests for apiserver metrics
	//  "/healthz*" - Log all health checks
	// +optional
	NonResourceURLs []string `json:"nonResourceURLs,omitempty"`
}

PolicyRule maps requests based off metadata to an audit Level. Requests must match the rules of every field (an intersection of rules).

func (*PolicyRule) CodecDecodeSelf 

func (x *PolicyRule) CodecDecodeSelf(d *codec1978.Decoder)

func (*PolicyRule) CodecEncodeSelf 

func (x *PolicyRule) CodecEncodeSelf(e *codec1978.Encoder)

type Stage 

type Stage string

Stage defines the stages in request handling that audit events may be generated.

func (*Stage) CodecDecodeSelf 

func (x *Stage) CodecDecodeSelf(d *codec1978.Decoder)

func (Stage) CodecEncodeSelf 

func (x Stage) CodecEncodeSelf(e *codec1978.Encoder)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.