Documentation ¶
Overview ¶
+groupName=audit.k8s.io
Index ¶
- Constants
- Variables
- func Convert_audit_EventList_To_v1alpha1_EventList(in *audit.EventList, out *EventList, s conversion.Scope) error
- func Convert_audit_Event_To_v1alpha1_Event(in *audit.Event, out *Event, s conversion.Scope) error
- func Convert_audit_GroupResources_To_v1alpha1_GroupResources(in *audit.GroupResources, out *GroupResources, s conversion.Scope) error
- func Convert_audit_ObjectReference_To_v1alpha1_ObjectReference(in *audit.ObjectReference, out *ObjectReference, s conversion.Scope) error
- func Convert_audit_PolicyList_To_v1alpha1_PolicyList(in *audit.PolicyList, out *PolicyList, s conversion.Scope) error
- func Convert_audit_PolicyRule_To_v1alpha1_PolicyRule(in *audit.PolicyRule, out *PolicyRule, s conversion.Scope) error
- func Convert_audit_Policy_To_v1alpha1_Policy(in *audit.Policy, out *Policy, s conversion.Scope) error
- func Convert_v1alpha1_EventList_To_audit_EventList(in *EventList, out *audit.EventList, s conversion.Scope) error
- func Convert_v1alpha1_Event_To_audit_Event(in *Event, out *audit.Event, s conversion.Scope) error
- func Convert_v1alpha1_GroupResources_To_audit_GroupResources(in *GroupResources, out *audit.GroupResources, s conversion.Scope) error
- func Convert_v1alpha1_ObjectReference_To_audit_ObjectReference(in *ObjectReference, out *audit.ObjectReference, s conversion.Scope) error
- func Convert_v1alpha1_PolicyList_To_audit_PolicyList(in *PolicyList, out *audit.PolicyList, s conversion.Scope) error
- func Convert_v1alpha1_PolicyRule_To_audit_PolicyRule(in *PolicyRule, out *audit.PolicyRule, s conversion.Scope) error
- func Convert_v1alpha1_Policy_To_audit_Policy(in *Policy, out *audit.Policy, s conversion.Scope) error
- func DeepCopy_v1alpha1_Event(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1alpha1_EventList(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1alpha1_GroupResources(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1alpha1_ObjectReference(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1alpha1_Policy(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1alpha1_PolicyList(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1alpha1_PolicyRule(in interface{}, out interface{}, c *conversion.Cloner) error
- func RegisterConversions(scheme *runtime.Scheme) error
- func RegisterDeepCopies(scheme *runtime.Scheme) error
- func Resource(resource string) schema.GroupResource
- type Event
- type EventList
- type GroupResources
- type Level
- type ObjectReference
- type Policy
- type PolicyList
- type PolicyRule
- type Stage
Constants ¶
const ( // The stage for events generated as soon as the audit handler receives the request, and before it // is delegated down the handler chain. StageRequestReceived = "RequestReceived" // The stage for events generated once the response headers are sent, but before the response body // is sent. This stage is only generated for long-running requests (e.g. watch). StageResponseStarted = "ResponseStarted" // The stage for events generated once the response body has been completed, and no more bytes // will be sent. StageResponseComplete = "ResponseComplete" // The stage for events generated when a panic occured. StagePanic = "Panic" )
Valid audit stages.
const GroupName = "audit.k8s.io"
GroupName is the group name use in this package
const ( // Header to hold the audit ID as the request is propagated through the serving hierarchy. The // Audit-ID header should be set by the first server to receive the request (e.g. the federation // server or kube-aggregator). HeaderAuditID = "Audit-ID" )
Header keys used by the audit system.
Variables ¶
var ( SchemeBuilder runtime.SchemeBuilder AddToScheme = localSchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func Convert_audit_EventList_To_v1alpha1_EventList ¶
func Convert_audit_EventList_To_v1alpha1_EventList(in *audit.EventList, out *EventList, s conversion.Scope) error
Convert_audit_EventList_To_v1alpha1_EventList is an autogenerated conversion function.
func Convert_audit_Event_To_v1alpha1_Event ¶
Convert_audit_Event_To_v1alpha1_Event is an autogenerated conversion function.
func Convert_audit_GroupResources_To_v1alpha1_GroupResources ¶
func Convert_audit_GroupResources_To_v1alpha1_GroupResources(in *audit.GroupResources, out *GroupResources, s conversion.Scope) error
Convert_audit_GroupResources_To_v1alpha1_GroupResources is an autogenerated conversion function.
func Convert_audit_ObjectReference_To_v1alpha1_ObjectReference ¶
func Convert_audit_ObjectReference_To_v1alpha1_ObjectReference(in *audit.ObjectReference, out *ObjectReference, s conversion.Scope) error
Convert_audit_ObjectReference_To_v1alpha1_ObjectReference is an autogenerated conversion function.
func Convert_audit_PolicyList_To_v1alpha1_PolicyList ¶
func Convert_audit_PolicyList_To_v1alpha1_PolicyList(in *audit.PolicyList, out *PolicyList, s conversion.Scope) error
Convert_audit_PolicyList_To_v1alpha1_PolicyList is an autogenerated conversion function.
func Convert_audit_PolicyRule_To_v1alpha1_PolicyRule ¶
func Convert_audit_PolicyRule_To_v1alpha1_PolicyRule(in *audit.PolicyRule, out *PolicyRule, s conversion.Scope) error
Convert_audit_PolicyRule_To_v1alpha1_PolicyRule is an autogenerated conversion function.
func Convert_audit_Policy_To_v1alpha1_Policy ¶
func Convert_audit_Policy_To_v1alpha1_Policy(in *audit.Policy, out *Policy, s conversion.Scope) error
Convert_audit_Policy_To_v1alpha1_Policy is an autogenerated conversion function.
func Convert_v1alpha1_EventList_To_audit_EventList ¶
func Convert_v1alpha1_EventList_To_audit_EventList(in *EventList, out *audit.EventList, s conversion.Scope) error
Convert_v1alpha1_EventList_To_audit_EventList is an autogenerated conversion function.
func Convert_v1alpha1_Event_To_audit_Event ¶
Convert_v1alpha1_Event_To_audit_Event is an autogenerated conversion function.
func Convert_v1alpha1_GroupResources_To_audit_GroupResources ¶
func Convert_v1alpha1_GroupResources_To_audit_GroupResources(in *GroupResources, out *audit.GroupResources, s conversion.Scope) error
Convert_v1alpha1_GroupResources_To_audit_GroupResources is an autogenerated conversion function.
func Convert_v1alpha1_ObjectReference_To_audit_ObjectReference ¶
func Convert_v1alpha1_ObjectReference_To_audit_ObjectReference(in *ObjectReference, out *audit.ObjectReference, s conversion.Scope) error
Convert_v1alpha1_ObjectReference_To_audit_ObjectReference is an autogenerated conversion function.
func Convert_v1alpha1_PolicyList_To_audit_PolicyList ¶
func Convert_v1alpha1_PolicyList_To_audit_PolicyList(in *PolicyList, out *audit.PolicyList, s conversion.Scope) error
Convert_v1alpha1_PolicyList_To_audit_PolicyList is an autogenerated conversion function.
func Convert_v1alpha1_PolicyRule_To_audit_PolicyRule ¶
func Convert_v1alpha1_PolicyRule_To_audit_PolicyRule(in *PolicyRule, out *audit.PolicyRule, s conversion.Scope) error
Convert_v1alpha1_PolicyRule_To_audit_PolicyRule is an autogenerated conversion function.
func Convert_v1alpha1_Policy_To_audit_Policy ¶
func Convert_v1alpha1_Policy_To_audit_Policy(in *Policy, out *audit.Policy, s conversion.Scope) error
Convert_v1alpha1_Policy_To_audit_Policy is an autogenerated conversion function.
func DeepCopy_v1alpha1_Event ¶
func DeepCopy_v1alpha1_Event(in interface{}, out interface{}, c *conversion.Cloner) error
DeepCopy_v1alpha1_Event is an autogenerated deepcopy function.
func DeepCopy_v1alpha1_EventList ¶
func DeepCopy_v1alpha1_EventList(in interface{}, out interface{}, c *conversion.Cloner) error
DeepCopy_v1alpha1_EventList is an autogenerated deepcopy function.
func DeepCopy_v1alpha1_GroupResources ¶
func DeepCopy_v1alpha1_GroupResources(in interface{}, out interface{}, c *conversion.Cloner) error
DeepCopy_v1alpha1_GroupResources is an autogenerated deepcopy function.
func DeepCopy_v1alpha1_ObjectReference ¶
func DeepCopy_v1alpha1_ObjectReference(in interface{}, out interface{}, c *conversion.Cloner) error
DeepCopy_v1alpha1_ObjectReference is an autogenerated deepcopy function.
func DeepCopy_v1alpha1_Policy ¶
func DeepCopy_v1alpha1_Policy(in interface{}, out interface{}, c *conversion.Cloner) error
DeepCopy_v1alpha1_Policy is an autogenerated deepcopy function.
func DeepCopy_v1alpha1_PolicyList ¶
func DeepCopy_v1alpha1_PolicyList(in interface{}, out interface{}, c *conversion.Cloner) error
DeepCopy_v1alpha1_PolicyList is an autogenerated deepcopy function.
func DeepCopy_v1alpha1_PolicyRule ¶
func DeepCopy_v1alpha1_PolicyRule(in interface{}, out interface{}, c *conversion.Cloner) error
DeepCopy_v1alpha1_PolicyRule is an autogenerated deepcopy function.
func RegisterConversions ¶
RegisterConversions adds conversion functions to the given scheme. Public to allow building arbitrary schemes.
func RegisterDeepCopies ¶
RegisterDeepCopies adds deep-copy functions to the given scheme. Public to allow building arbitrary schemes.
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type Event ¶
type Event struct { metav1.TypeMeta `json:",inline"` // ObjectMeta is included for interoperability with API infrastructure. // +optional metav1.ObjectMeta `json:"metadata,omitempty"` // AuditLevel at which event was generated Level Level `json:"level"` // Time the request reached the apiserver. Timestamp metav1.Time `json:"timestamp"` // Unique audit ID, generated for each request. AuditID types.UID `json:"auditID"` // Stage of the request handling when this event instance was generated. Stage Stage `json:"stage"` // RequestURI is the request URI as sent by the client to a server. RequestURI string `json:"requestURI"` // Verb is the kubernetes verb associated with the request. // For non-resource requests, this is identical to HttpMethod. Verb string `json:"verb"` // Authenticated user information. User authnv1.UserInfo `json:"user"` // Impersonated user information. // +optional ImpersonatedUser *authnv1.UserInfo `json:"impersonatedUser,omitempty"` // Source IPs, from where the request originated and intermediate proxies. // +optional SourceIPs []string `json:"sourceIPs,omitempty"` // Object reference this request is targeted at. // Does not apply for List-type requests, or non-resource requests. // +optional ObjectRef *ObjectReference `json:"objectRef,omitempty"` // The response status, populated even when the ResponseObject is not a Status type. // For successful responses, this will only include the Code and StatusSuccess. // For non-status type error responses, this will be auto-populated with the error Message. // +optional ResponseStatus *metav1.Status `json:"responseStatus,omitempty"` // API object from the request, in JSON format. The RequestObject is recorded as-is in the request // (possibly re-encoded as JSON), prior to version conversion, defaulting, admission or // merging. It is an external versioned object type, and may not be a valid object on its own. // Omitted for non-resource requests. Only logged at Request Level and higher. // +optional RequestObject *runtime.Unknown `json:"requestObject,omitempty"` // API object returned in the response, in JSON. The ResponseObject is recorded after conversion // to the external type, and serialized as JSON. Omitted for non-resource requests. Only logged // at Response Level. // +optional ResponseObject *runtime.Unknown `json:"responseObject,omitempty"` }
Event captures all the information that can be included in an API audit log.
func (*Event) CodecDecodeSelf ¶
func (*Event) CodecEncodeSelf ¶
type EventList ¶
type EventList struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ListMeta `json:"metadata,omitempty"` Items []Event `json:"items"` }
EventList is a list of audit Events.
func (*EventList) CodecDecodeSelf ¶
func (*EventList) CodecEncodeSelf ¶
type GroupResources ¶
type GroupResources struct { // Group is the name of the API group that contains the resources. // The empty string represents the core API group. // +optional Group string `json:"group,omitempty"` // Resources is a list of resources within the API group. // Any empty list implies every resource kind in the API group. // +optional Resources []string `json:"resources,omitempty"` }
GroupResources represents resource kinds in an API group.
func (*GroupResources) CodecDecodeSelf ¶
func (x *GroupResources) CodecDecodeSelf(d *codec1978.Decoder)
func (*GroupResources) CodecEncodeSelf ¶
func (x *GroupResources) CodecEncodeSelf(e *codec1978.Encoder)
type Level ¶
type Level string
Level defines the amount of information logged during auditing
const ( // LevelNone disables auditing LevelNone Level = "None" // LevelMetadata provides the basic level of auditing. LevelMetadata Level = "Metadata" // LevelRequest provides Metadata level of auditing, and additionally // logs the request object (does not apply for non-resource requests). LevelRequest Level = "Request" // LevelRequestResponse provides Request level of auditing, and additionally // logs the response object (does not apply for non-resource requests). LevelRequestResponse Level = "RequestResponse" )
Valid audit levels
func (*Level) CodecDecodeSelf ¶
func (Level) CodecEncodeSelf ¶
type ObjectReference ¶
type ObjectReference struct { // +optional Resource string `json:"resource,omitempty"` // +optional Namespace string `json:"namespace,omitempty"` // +optional Name string `json:"name,omitempty"` // +optional UID types.UID `json:"uid,omitempty"` // +optional APIVersion string `json:"apiVersion,omitempty"` // +optional ResourceVersion string `json:"resourceVersion,omitempty"` // +optional Subresource string `json:"subresource,omitempty"` }
ObjectReference contains enough information to let you inspect or modify the referred object.
func (*ObjectReference) CodecDecodeSelf ¶
func (x *ObjectReference) CodecDecodeSelf(d *codec1978.Decoder)
func (*ObjectReference) CodecEncodeSelf ¶
func (x *ObjectReference) CodecEncodeSelf(e *codec1978.Encoder)
type Policy ¶
type Policy struct { metav1.TypeMeta `json:",inline"` // ObjectMeta is included for interoperability with API infrastructure. // +optional metav1.ObjectMeta `json:"metadata,omitempty"` // Rules specify the audit Level a request should be recorded at. // A request may match multiple rules, in which case the FIRST matching rule is used. // The default audit level is None, but can be overridden by a catch-all rule at the end of the list. // PolicyRules are strictly ordered. Rules []PolicyRule `json:"rules"` }
Policy defines the configuration of audit logging, and the rules for how different request categories are logged.
func (*Policy) CodecDecodeSelf ¶
func (*Policy) CodecEncodeSelf ¶
type PolicyList ¶
type PolicyList struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ListMeta `json:"metadata,omitempty"` Items []Policy `json:"items"` }
PolicyList is a list of audit Policies.
func (*PolicyList) CodecDecodeSelf ¶
func (x *PolicyList) CodecDecodeSelf(d *codec1978.Decoder)
func (*PolicyList) CodecEncodeSelf ¶
func (x *PolicyList) CodecEncodeSelf(e *codec1978.Encoder)
type PolicyRule ¶
type PolicyRule struct { // The Level that requests matching this rule are recorded at. Level Level `json:"level"` // The users (by authenticated user name) this rule applies to. // An empty list implies every user. // +optional Users []string `json:"users,omitempty"` // The user groups this rule applies to. A user is considered matching // if it is a member of any of the UserGroups. // An empty list implies every user group. // +optional UserGroups []string `json:"userGroups,omitempty"` // The verbs that match this rule. // An empty list implies every verb. // +optional Verbs []string `json:"verbs,omitempty"` // Resources that this rule matches. An empty list implies all kinds in all API groups. // +optional Resources []GroupResources `json:"resources,omitempty"` // Namespaces that this rule matches. // The empty string "" matches non-namespaced resources. // An empty list implies every namespace. // +optional Namespaces []string `json:"namespaces,omitempty"` // NonResourceURLs is a set of URL paths that should be audited. // *s are allowed, but only as the full, final step in the path. // Examples: // "/metrics" - Log requests for apiserver metrics // "/healthz*" - Log all health checks // +optional NonResourceURLs []string `json:"nonResourceURLs,omitempty"` }
PolicyRule maps requests based off metadata to an audit Level. Requests must match the rules of every field (an intersection of rules).
func (*PolicyRule) CodecDecodeSelf ¶
func (x *PolicyRule) CodecDecodeSelf(d *codec1978.Decoder)
func (*PolicyRule) CodecEncodeSelf ¶
func (x *PolicyRule) CodecEncodeSelf(e *codec1978.Encoder)