Documentation ¶
Index ¶
- Constants
- Variables
- func Convert_audit_EventList_To_v1alpha1_EventList(in *audit.EventList, out *EventList, s conversion.Scope) error
- func Convert_audit_Event_To_v1alpha1_Event(in *audit.Event, out *Event, s conversion.Scope) error
- func Convert_audit_GroupResources_To_v1alpha1_GroupResources(in *audit.GroupResources, out *GroupResources, s conversion.Scope) error
- func Convert_audit_ObjectReference_To_v1alpha1_ObjectReference(in *audit.ObjectReference, out *ObjectReference, s conversion.Scope) error
- func Convert_audit_PolicyList_To_v1alpha1_PolicyList(in *audit.PolicyList, out *PolicyList, s conversion.Scope) error
- func Convert_audit_PolicyRule_To_v1alpha1_PolicyRule(in *audit.PolicyRule, out *PolicyRule, s conversion.Scope) error
- func Convert_audit_Policy_To_v1alpha1_Policy(in *audit.Policy, out *Policy, s conversion.Scope) error
- func Convert_v1alpha1_EventList_To_audit_EventList(in *EventList, out *audit.EventList, s conversion.Scope) error
- func Convert_v1alpha1_Event_To_audit_Event(in *Event, out *audit.Event, s conversion.Scope) error
- func Convert_v1alpha1_GroupResources_To_audit_GroupResources(in *GroupResources, out *audit.GroupResources, s conversion.Scope) error
- func Convert_v1alpha1_ObjectReference_To_audit_ObjectReference(in *ObjectReference, out *audit.ObjectReference, s conversion.Scope) error
- func Convert_v1alpha1_PolicyList_To_audit_PolicyList(in *PolicyList, out *audit.PolicyList, s conversion.Scope) error
- func Convert_v1alpha1_PolicyRule_To_audit_PolicyRule(in *PolicyRule, out *audit.PolicyRule, s conversion.Scope) error
- func Convert_v1alpha1_Policy_To_audit_Policy(in *Policy, out *audit.Policy, s conversion.Scope) error
- func RegisterConversions(s *runtime.Scheme) error
- func RegisterDefaults(scheme *runtime.Scheme) error
- func Resource(resource string) schema.GroupResource
- type Event
- func (in *Event) APILifecycleDeprecated() (major, minor int)
- func (in *Event) APILifecycleIntroduced() (major, minor int)
- func (in *Event) APILifecycleRemoved() (major, minor int)
- func (in *Event) APILifecycleReplacement() schema.GroupVersionKind
- func (in *Event) DeepCopy() *Event
- func (in *Event) DeepCopyInto(out *Event)
- func (in *Event) DeepCopyObject() runtime.Object
- func (*Event) Descriptor() ([]byte, []int)
- func (m *Event) Marshal() (dAtA []byte, err error)
- func (m *Event) MarshalTo(dAtA []byte) (int, error)
- func (m *Event) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*Event) ProtoMessage()
- func (m *Event) Reset()
- func (m *Event) Size() (n int)
- func (this *Event) String() string
- func (m *Event) Unmarshal(dAtA []byte) error
- func (m *Event) XXX_DiscardUnknown()
- func (m *Event) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Event) XXX_Merge(src proto.Message)
- func (m *Event) XXX_Size() int
- func (m *Event) XXX_Unmarshal(b []byte) error
- type EventList
- func (in *EventList) APILifecycleDeprecated() (major, minor int)
- func (in *EventList) APILifecycleIntroduced() (major, minor int)
- func (in *EventList) APILifecycleRemoved() (major, minor int)
- func (in *EventList) APILifecycleReplacement() schema.GroupVersionKind
- func (in *EventList) DeepCopy() *EventList
- func (in *EventList) DeepCopyInto(out *EventList)
- func (in *EventList) DeepCopyObject() runtime.Object
- func (*EventList) Descriptor() ([]byte, []int)
- func (m *EventList) Marshal() (dAtA []byte, err error)
- func (m *EventList) MarshalTo(dAtA []byte) (int, error)
- func (m *EventList) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*EventList) ProtoMessage()
- func (m *EventList) Reset()
- func (m *EventList) Size() (n int)
- func (this *EventList) String() string
- func (m *EventList) Unmarshal(dAtA []byte) error
- func (m *EventList) XXX_DiscardUnknown()
- func (m *EventList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *EventList) XXX_Merge(src proto.Message)
- func (m *EventList) XXX_Size() int
- func (m *EventList) XXX_Unmarshal(b []byte) error
- type GroupResources
- func (in *GroupResources) DeepCopy() *GroupResources
- func (in *GroupResources) DeepCopyInto(out *GroupResources)
- func (*GroupResources) Descriptor() ([]byte, []int)
- func (m *GroupResources) Marshal() (dAtA []byte, err error)
- func (m *GroupResources) MarshalTo(dAtA []byte) (int, error)
- func (m *GroupResources) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*GroupResources) ProtoMessage()
- func (m *GroupResources) Reset()
- func (m *GroupResources) Size() (n int)
- func (this *GroupResources) String() string
- func (m *GroupResources) Unmarshal(dAtA []byte) error
- func (m *GroupResources) XXX_DiscardUnknown()
- func (m *GroupResources) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *GroupResources) XXX_Merge(src proto.Message)
- func (m *GroupResources) XXX_Size() int
- func (m *GroupResources) XXX_Unmarshal(b []byte) error
- type Level
- type ObjectReference
- func (in *ObjectReference) DeepCopy() *ObjectReference
- func (in *ObjectReference) DeepCopyInto(out *ObjectReference)
- func (*ObjectReference) Descriptor() ([]byte, []int)
- func (m *ObjectReference) Marshal() (dAtA []byte, err error)
- func (m *ObjectReference) MarshalTo(dAtA []byte) (int, error)
- func (m *ObjectReference) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*ObjectReference) ProtoMessage()
- func (m *ObjectReference) Reset()
- func (m *ObjectReference) Size() (n int)
- func (this *ObjectReference) String() string
- func (m *ObjectReference) Unmarshal(dAtA []byte) error
- func (m *ObjectReference) XXX_DiscardUnknown()
- func (m *ObjectReference) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *ObjectReference) XXX_Merge(src proto.Message)
- func (m *ObjectReference) XXX_Size() int
- func (m *ObjectReference) XXX_Unmarshal(b []byte) error
- type Policy
- func (in *Policy) APILifecycleDeprecated() (major, minor int)
- func (in *Policy) APILifecycleIntroduced() (major, minor int)
- func (in *Policy) APILifecycleRemoved() (major, minor int)
- func (in *Policy) APILifecycleReplacement() schema.GroupVersionKind
- func (in *Policy) DeepCopy() *Policy
- func (in *Policy) DeepCopyInto(out *Policy)
- func (in *Policy) DeepCopyObject() runtime.Object
- func (*Policy) Descriptor() ([]byte, []int)
- func (m *Policy) Marshal() (dAtA []byte, err error)
- func (m *Policy) MarshalTo(dAtA []byte) (int, error)
- func (m *Policy) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*Policy) ProtoMessage()
- func (m *Policy) Reset()
- func (m *Policy) Size() (n int)
- func (this *Policy) String() string
- func (m *Policy) Unmarshal(dAtA []byte) error
- func (m *Policy) XXX_DiscardUnknown()
- func (m *Policy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Policy) XXX_Merge(src proto.Message)
- func (m *Policy) XXX_Size() int
- func (m *Policy) XXX_Unmarshal(b []byte) error
- type PolicyList
- func (in *PolicyList) APILifecycleDeprecated() (major, minor int)
- func (in *PolicyList) APILifecycleIntroduced() (major, minor int)
- func (in *PolicyList) APILifecycleRemoved() (major, minor int)
- func (in *PolicyList) APILifecycleReplacement() schema.GroupVersionKind
- func (in *PolicyList) DeepCopy() *PolicyList
- func (in *PolicyList) DeepCopyInto(out *PolicyList)
- func (in *PolicyList) DeepCopyObject() runtime.Object
- func (*PolicyList) Descriptor() ([]byte, []int)
- func (m *PolicyList) Marshal() (dAtA []byte, err error)
- func (m *PolicyList) MarshalTo(dAtA []byte) (int, error)
- func (m *PolicyList) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*PolicyList) ProtoMessage()
- func (m *PolicyList) Reset()
- func (m *PolicyList) Size() (n int)
- func (this *PolicyList) String() string
- func (m *PolicyList) Unmarshal(dAtA []byte) error
- func (m *PolicyList) XXX_DiscardUnknown()
- func (m *PolicyList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *PolicyList) XXX_Merge(src proto.Message)
- func (m *PolicyList) XXX_Size() int
- func (m *PolicyList) XXX_Unmarshal(b []byte) error
- type PolicyRule
- func (in *PolicyRule) DeepCopy() *PolicyRule
- func (in *PolicyRule) DeepCopyInto(out *PolicyRule)
- func (*PolicyRule) Descriptor() ([]byte, []int)
- func (m *PolicyRule) Marshal() (dAtA []byte, err error)
- func (m *PolicyRule) MarshalTo(dAtA []byte) (int, error)
- func (m *PolicyRule) MarshalToSizedBuffer(dAtA []byte) (int, error)
- func (*PolicyRule) ProtoMessage()
- func (m *PolicyRule) Reset()
- func (m *PolicyRule) Size() (n int)
- func (this *PolicyRule) String() string
- func (m *PolicyRule) Unmarshal(dAtA []byte) error
- func (m *PolicyRule) XXX_DiscardUnknown()
- func (m *PolicyRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *PolicyRule) XXX_Merge(src proto.Message)
- func (m *PolicyRule) XXX_Size() int
- func (m *PolicyRule) XXX_Unmarshal(b []byte) error
- type Stage
Constants ¶
const GroupName = "audit.k8s.io"
GroupName is the group name use in this package
const ( // Header to hold the audit ID as the request is propagated through the serving hierarchy. The // Audit-ID header should be set by the first server to receive the request (e.g. the federation // server or kube-aggregator). // // Audit ID is also returned to client by http response header. // It's not guaranteed Audit-Id http header is sent for all requests. When kube-apiserver didn't // audit the events according to the audit policy, no Audit-ID is returned. Also, for request to // pods/exec, pods/attach, pods/proxy, kube-apiserver works like a proxy and redirect the request // to kubelet node, users will only get http headers sent from kubelet node, so no Audit-ID is // sent when users run command like "kubectl exec" or "kubectl attach". HeaderAuditID = "Audit-ID" )
Header keys used by the audit system.
Variables ¶
var ( ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") )
var ( SchemeBuilder runtime.SchemeBuilder AddToScheme = localSchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func Convert_audit_EventList_To_v1alpha1_EventList ¶
func Convert_audit_EventList_To_v1alpha1_EventList(in *audit.EventList, out *EventList, s conversion.Scope) error
Convert_audit_EventList_To_v1alpha1_EventList is an autogenerated conversion function.
func Convert_audit_GroupResources_To_v1alpha1_GroupResources ¶
func Convert_audit_GroupResources_To_v1alpha1_GroupResources(in *audit.GroupResources, out *GroupResources, s conversion.Scope) error
Convert_audit_GroupResources_To_v1alpha1_GroupResources is an autogenerated conversion function.
func Convert_audit_ObjectReference_To_v1alpha1_ObjectReference ¶
func Convert_audit_ObjectReference_To_v1alpha1_ObjectReference(in *audit.ObjectReference, out *ObjectReference, s conversion.Scope) error
func Convert_audit_PolicyList_To_v1alpha1_PolicyList ¶
func Convert_audit_PolicyList_To_v1alpha1_PolicyList(in *audit.PolicyList, out *PolicyList, s conversion.Scope) error
Convert_audit_PolicyList_To_v1alpha1_PolicyList is an autogenerated conversion function.
func Convert_audit_PolicyRule_To_v1alpha1_PolicyRule ¶
func Convert_audit_PolicyRule_To_v1alpha1_PolicyRule(in *audit.PolicyRule, out *PolicyRule, s conversion.Scope) error
Convert_audit_PolicyRule_To_v1alpha1_PolicyRule is an autogenerated conversion function.
func Convert_audit_Policy_To_v1alpha1_Policy ¶
func Convert_audit_Policy_To_v1alpha1_Policy(in *audit.Policy, out *Policy, s conversion.Scope) error
Convert_audit_Policy_To_v1alpha1_Policy is an autogenerated conversion function.
func Convert_v1alpha1_EventList_To_audit_EventList ¶
func Convert_v1alpha1_EventList_To_audit_EventList(in *EventList, out *audit.EventList, s conversion.Scope) error
Convert_v1alpha1_EventList_To_audit_EventList is an autogenerated conversion function.
func Convert_v1alpha1_GroupResources_To_audit_GroupResources ¶
func Convert_v1alpha1_GroupResources_To_audit_GroupResources(in *GroupResources, out *audit.GroupResources, s conversion.Scope) error
Convert_v1alpha1_GroupResources_To_audit_GroupResources is an autogenerated conversion function.
func Convert_v1alpha1_ObjectReference_To_audit_ObjectReference ¶
func Convert_v1alpha1_ObjectReference_To_audit_ObjectReference(in *ObjectReference, out *audit.ObjectReference, s conversion.Scope) error
func Convert_v1alpha1_PolicyList_To_audit_PolicyList ¶
func Convert_v1alpha1_PolicyList_To_audit_PolicyList(in *PolicyList, out *audit.PolicyList, s conversion.Scope) error
Convert_v1alpha1_PolicyList_To_audit_PolicyList is an autogenerated conversion function.
func Convert_v1alpha1_PolicyRule_To_audit_PolicyRule ¶
func Convert_v1alpha1_PolicyRule_To_audit_PolicyRule(in *PolicyRule, out *audit.PolicyRule, s conversion.Scope) error
Convert_v1alpha1_PolicyRule_To_audit_PolicyRule is an autogenerated conversion function.
func Convert_v1alpha1_Policy_To_audit_Policy ¶
func Convert_v1alpha1_Policy_To_audit_Policy(in *Policy, out *audit.Policy, s conversion.Scope) error
Convert_v1alpha1_Policy_To_audit_Policy is an autogenerated conversion function.
func RegisterConversions ¶
RegisterConversions adds conversion functions to the given scheme. Public to allow building arbitrary schemes.
func RegisterDefaults ¶
RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type Event ¶
type Event struct { metav1.TypeMeta `json:",inline"` // ObjectMeta is included for interoperability with API infrastructure. // +optional metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // AuditLevel at which event was generated Level Level `json:"level" protobuf:"bytes,2,opt,name=level,casttype=Level"` // Time the request reached the apiserver. Timestamp metav1.Time `json:"timestamp" protobuf:"bytes,3,opt,name=timestamp"` // Unique audit ID, generated for each request. AuditID types.UID `json:"auditID" protobuf:"bytes,4,opt,name=auditID,casttype=k8s.io/apimachinery/pkg/types.UID"` // Stage of the request handling when this event instance was generated. Stage Stage `json:"stage" protobuf:"bytes,5,opt,name=stage,casttype=Stage"` // RequestURI is the request URI as sent by the client to a server. RequestURI string `json:"requestURI" protobuf:"bytes,6,opt,name=requestURI"` // Verb is the kubernetes verb associated with the request. // For non-resource requests, this is the lower-cased HTTP method. Verb string `json:"verb" protobuf:"bytes,7,opt,name=verb"` // Authenticated user information. User authnv1.UserInfo `json:"user" protobuf:"bytes,8,opt,name=user"` // Impersonated user information. // +optional ImpersonatedUser *authnv1.UserInfo `json:"impersonatedUser,omitempty" protobuf:"bytes,9,opt,name=impersonatedUser"` // Source IPs, from where the request originated and intermediate proxies. // +optional SourceIPs []string `json:"sourceIPs,omitempty" protobuf:"bytes,10,rep,name=sourceIPs"` // UserAgent records the user agent string reported by the client. // Note that the UserAgent is provided by the client, and must not be trusted. // +optional UserAgent string `json:"userAgent,omitempty" protobuf:"bytes,18,opt,name=userAgent"` // Object reference this request is targeted at. // Does not apply for List-type requests, or non-resource requests. // +optional ObjectRef *ObjectReference `json:"objectRef,omitempty" protobuf:"bytes,11,opt,name=objectRef"` // The response status, populated even when the ResponseObject is not a Status type. // For successful responses, this will only include the Code and StatusSuccess. // For non-status type error responses, this will be auto-populated with the error Message. // +optional ResponseStatus *metav1.Status `json:"responseStatus,omitempty" protobuf:"bytes,12,opt,name=responseStatus"` // API object from the request, in JSON format. The RequestObject is recorded as-is in the request // (possibly re-encoded as JSON), prior to version conversion, defaulting, admission or // merging. It is an external versioned object type, and may not be a valid object on its own. // Omitted for non-resource requests. Only logged at Request Level and higher. // +optional RequestObject *runtime.Unknown `json:"requestObject,omitempty" protobuf:"bytes,13,opt,name=requestObject"` // API object returned in the response, in JSON. The ResponseObject is recorded after conversion // to the external type, and serialized as JSON. Omitted for non-resource requests. Only logged // at Response Level. // +optional ResponseObject *runtime.Unknown `json:"responseObject,omitempty" protobuf:"bytes,14,opt,name=responseObject"` // Time the request reached the apiserver. // +optional RequestReceivedTimestamp metav1.MicroTime `json:"requestReceivedTimestamp" protobuf:"bytes,15,opt,name=requestReceivedTimestamp"` // Time the request reached current audit stage. // +optional StageTimestamp metav1.MicroTime `json:"stageTimestamp" protobuf:"bytes,16,opt,name=stageTimestamp"` // Annotations is an unstructured key value map stored with an audit event that may be set by // plugins invoked in the request serving chain, including authentication, authorization and // admission plugins. Note that these annotations are for the audit event, and do not correspond // to the metadata.annotations of the submitted object. Keys should uniquely identify the informing // component to avoid name collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values // should be short. Annotations are included in the Metadata level. // +optional Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,17,rep,name=annotations"` }
DEPRECATED - This group version of Event is deprecated by audit.k8s.io/v1/Event. See the release notes for more information. Event captures all the information that can be included in an API audit log.
func (*Event) APILifecycleDeprecated ¶ added in v0.21.0
APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
func (*Event) APILifecycleIntroduced ¶ added in v0.21.0
APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
func (*Event) APILifecycleRemoved ¶ added in v0.21.0
APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
func (*Event) APILifecycleReplacement ¶ added in v0.21.0
func (in *Event) APILifecycleReplacement() schema.GroupVersionKind
APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type. It is controlled by "k8s:prerelease-lifecycle-gen:replacement=<group>,<version>,<kind>" tags in types.go.
func (*Event) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Event.
func (*Event) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Event) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*Event) Descriptor ¶
func (*Event) MarshalToSizedBuffer ¶ added in v0.16.4
func (*Event) ProtoMessage ¶
func (*Event) ProtoMessage()
func (*Event) XXX_DiscardUnknown ¶ added in v0.16.4
func (m *Event) XXX_DiscardUnknown()
func (*Event) XXX_Marshal ¶ added in v0.16.4
func (*Event) XXX_Unmarshal ¶ added in v0.16.4
type EventList ¶
type EventList struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` Items []Event `json:"items" protobuf:"bytes,2,rep,name=items"` }
EventList is a list of audit Events.
func (*EventList) APILifecycleDeprecated ¶ added in v0.21.0
APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
func (*EventList) APILifecycleIntroduced ¶ added in v0.21.0
APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
func (*EventList) APILifecycleRemoved ¶ added in v0.21.0
APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
func (*EventList) APILifecycleReplacement ¶ added in v0.21.0
func (in *EventList) APILifecycleReplacement() schema.GroupVersionKind
APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type. It is controlled by "k8s:prerelease-lifecycle-gen:replacement=<group>,<version>,<kind>" tags in types.go.
func (*EventList) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventList.
func (*EventList) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EventList) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*EventList) Descriptor ¶
func (*EventList) MarshalToSizedBuffer ¶ added in v0.16.4
func (*EventList) ProtoMessage ¶
func (*EventList) ProtoMessage()
func (*EventList) XXX_DiscardUnknown ¶ added in v0.16.4
func (m *EventList) XXX_DiscardUnknown()
func (*EventList) XXX_Marshal ¶ added in v0.16.4
func (*EventList) XXX_Unmarshal ¶ added in v0.16.4
type GroupResources ¶
type GroupResources struct { // Group is the name of the API group that contains the resources. // The empty string represents the core API group. // +optional Group string `json:"group,omitempty" protobuf:"bytes,1,opt,name=group"` // Resources is a list of resources this rule applies to. // // For example: // 'pods' matches pods. // 'pods/log' matches the log subresource of pods. // '*' matches all resources and their subresources. // 'pods/*' matches all subresources of pods. // '*/scale' matches all scale subresources. // // If wildcard is present, the validation rule will ensure resources do not // overlap with each other. // // An empty list implies all resources and subresources in this API groups apply. // +optional Resources []string `json:"resources,omitempty" protobuf:"bytes,2,rep,name=resources"` // ResourceNames is a list of resource instance names that the policy matches. // Using this field requires Resources to be specified. // An empty list implies that every instance of the resource is matched. // +optional ResourceNames []string `json:"resourceNames,omitempty" protobuf:"bytes,3,rep,name=resourceNames"` }
GroupResources represents resource kinds in an API group.
func (*GroupResources) DeepCopy ¶
func (in *GroupResources) DeepCopy() *GroupResources
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupResources.
func (*GroupResources) DeepCopyInto ¶
func (in *GroupResources) DeepCopyInto(out *GroupResources)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GroupResources) Descriptor ¶
func (*GroupResources) Descriptor() ([]byte, []int)
func (*GroupResources) Marshal ¶
func (m *GroupResources) Marshal() (dAtA []byte, err error)
func (*GroupResources) MarshalToSizedBuffer ¶ added in v0.16.4
func (m *GroupResources) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*GroupResources) ProtoMessage ¶
func (*GroupResources) ProtoMessage()
func (*GroupResources) Reset ¶
func (m *GroupResources) Reset()
func (*GroupResources) Size ¶
func (m *GroupResources) Size() (n int)
func (*GroupResources) String ¶
func (this *GroupResources) String() string
func (*GroupResources) Unmarshal ¶
func (m *GroupResources) Unmarshal(dAtA []byte) error
func (*GroupResources) XXX_DiscardUnknown ¶ added in v0.16.4
func (m *GroupResources) XXX_DiscardUnknown()
func (*GroupResources) XXX_Marshal ¶ added in v0.16.4
func (m *GroupResources) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*GroupResources) XXX_Merge ¶ added in v0.16.4
func (m *GroupResources) XXX_Merge(src proto.Message)
func (*GroupResources) XXX_Size ¶ added in v0.16.4
func (m *GroupResources) XXX_Size() int
func (*GroupResources) XXX_Unmarshal ¶ added in v0.16.4
func (m *GroupResources) XXX_Unmarshal(b []byte) error
type Level ¶
type Level string
Level defines the amount of information logged during auditing
const ( // LevelNone disables auditing LevelNone Level = "None" // LevelMetadata provides the basic level of auditing. LevelMetadata Level = "Metadata" // LevelRequest provides Metadata level of auditing, and additionally // logs the request object (does not apply for non-resource requests). LevelRequest Level = "Request" // LevelRequestResponse provides Request level of auditing, and additionally // logs the response object (does not apply for non-resource requests). LevelRequestResponse Level = "RequestResponse" )
Valid audit levels
type ObjectReference ¶
type ObjectReference struct { // +optional Resource string `json:"resource,omitempty" protobuf:"bytes,1,opt,name=resource"` // +optional Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,opt,name=namespace"` // +optional Name string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"` // +optional UID types.UID `json:"uid,omitempty" protobuf:"bytes,4,opt,name=uid,casttype=k8s.io/apimachinery/pkg/types.UID"` // +optional APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,5,opt,name=apiVersion"` // +optional ResourceVersion string `json:"resourceVersion,omitempty" protobuf:"bytes,6,opt,name=resourceVersion"` // +optional Subresource string `json:"subresource,omitempty" protobuf:"bytes,7,opt,name=subresource"` }
ObjectReference contains enough information to let you inspect or modify the referred object.
func (*ObjectReference) DeepCopy ¶
func (in *ObjectReference) DeepCopy() *ObjectReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference.
func (*ObjectReference) DeepCopyInto ¶
func (in *ObjectReference) DeepCopyInto(out *ObjectReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ObjectReference) Descriptor ¶
func (*ObjectReference) Descriptor() ([]byte, []int)
func (*ObjectReference) Marshal ¶
func (m *ObjectReference) Marshal() (dAtA []byte, err error)
func (*ObjectReference) MarshalToSizedBuffer ¶ added in v0.16.4
func (m *ObjectReference) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*ObjectReference) ProtoMessage ¶
func (*ObjectReference) ProtoMessage()
func (*ObjectReference) Reset ¶
func (m *ObjectReference) Reset()
func (*ObjectReference) Size ¶
func (m *ObjectReference) Size() (n int)
func (*ObjectReference) String ¶
func (this *ObjectReference) String() string
func (*ObjectReference) Unmarshal ¶
func (m *ObjectReference) Unmarshal(dAtA []byte) error
func (*ObjectReference) XXX_DiscardUnknown ¶ added in v0.16.4
func (m *ObjectReference) XXX_DiscardUnknown()
func (*ObjectReference) XXX_Marshal ¶ added in v0.16.4
func (m *ObjectReference) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*ObjectReference) XXX_Merge ¶ added in v0.16.4
func (m *ObjectReference) XXX_Merge(src proto.Message)
func (*ObjectReference) XXX_Size ¶ added in v0.16.4
func (m *ObjectReference) XXX_Size() int
func (*ObjectReference) XXX_Unmarshal ¶ added in v0.16.4
func (m *ObjectReference) XXX_Unmarshal(b []byte) error
type Policy ¶
type Policy struct { metav1.TypeMeta `json:",inline"` // ObjectMeta is included for interoperability with API infrastructure. // +optional metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Rules specify the audit Level a request should be recorded at. // A request may match multiple rules, in which case the FIRST matching rule is used. // The default audit level is None, but can be overridden by a catch-all rule at the end of the list. // PolicyRules are strictly ordered. Rules []PolicyRule `json:"rules" protobuf:"bytes,2,rep,name=rules"` // OmitStages is a list of stages for which no events are created. Note that this can also // be specified per rule in which case the union of both are omitted. // +optional OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,3,rep,name=omitStages"` // OmitManagedFields indicates whether to omit the managed fields of the request // and response bodies from being written to the API audit log. // This is used as a global default - a value of 'true' will omit the managed fileds, // otherwise the managed fields will be included in the API audit log. // Note that this can also be specified per rule in which case the value specified // in a rule will override the global default. // +optional OmitManagedFields bool `json:"omitManagedFields,omitempty" protobuf:"varint,4,opt,name=omitManagedFields"` }
DEPRECATED - This group version of Policy is deprecated by audit.k8s.io/v1/Policy. See the release notes for more information. Policy defines the configuration of audit logging, and the rules for how different request categories are logged.
func (*Policy) APILifecycleDeprecated ¶ added in v0.21.0
APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
func (*Policy) APILifecycleIntroduced ¶ added in v0.21.0
APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
func (*Policy) APILifecycleRemoved ¶ added in v0.21.0
APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
func (*Policy) APILifecycleReplacement ¶ added in v0.21.0
func (in *Policy) APILifecycleReplacement() schema.GroupVersionKind
APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type. It is controlled by "k8s:prerelease-lifecycle-gen:replacement=<group>,<version>,<kind>" tags in types.go.
func (*Policy) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.
func (*Policy) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Policy) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*Policy) Descriptor ¶
func (*Policy) MarshalToSizedBuffer ¶ added in v0.16.4
func (*Policy) ProtoMessage ¶
func (*Policy) ProtoMessage()
func (*Policy) XXX_DiscardUnknown ¶ added in v0.16.4
func (m *Policy) XXX_DiscardUnknown()
func (*Policy) XXX_Marshal ¶ added in v0.16.4
func (*Policy) XXX_Unmarshal ¶ added in v0.16.4
type PolicyList ¶
type PolicyList struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` Items []Policy `json:"items" protobuf:"bytes,2,rep,name=items"` }
PolicyList is a list of audit Policies.
func (*PolicyList) APILifecycleDeprecated ¶ added in v0.21.0
func (in *PolicyList) APILifecycleDeprecated() (major, minor int)
APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
func (*PolicyList) APILifecycleIntroduced ¶ added in v0.21.0
func (in *PolicyList) APILifecycleIntroduced() (major, minor int)
APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
func (*PolicyList) APILifecycleRemoved ¶ added in v0.21.0
func (in *PolicyList) APILifecycleRemoved() (major, minor int)
APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
func (*PolicyList) APILifecycleReplacement ¶ added in v0.21.0
func (in *PolicyList) APILifecycleReplacement() schema.GroupVersionKind
APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type. It is controlled by "k8s:prerelease-lifecycle-gen:replacement=<group>,<version>,<kind>" tags in types.go.
func (*PolicyList) DeepCopy ¶
func (in *PolicyList) DeepCopy() *PolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList.
func (*PolicyList) DeepCopyInto ¶
func (in *PolicyList) DeepCopyInto(out *PolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PolicyList) DeepCopyObject ¶
func (in *PolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*PolicyList) Descriptor ¶
func (*PolicyList) Descriptor() ([]byte, []int)
func (*PolicyList) Marshal ¶
func (m *PolicyList) Marshal() (dAtA []byte, err error)
func (*PolicyList) MarshalToSizedBuffer ¶ added in v0.16.4
func (m *PolicyList) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*PolicyList) ProtoMessage ¶
func (*PolicyList) ProtoMessage()
func (*PolicyList) Reset ¶
func (m *PolicyList) Reset()
func (*PolicyList) Size ¶
func (m *PolicyList) Size() (n int)
func (*PolicyList) String ¶
func (this *PolicyList) String() string
func (*PolicyList) Unmarshal ¶
func (m *PolicyList) Unmarshal(dAtA []byte) error
func (*PolicyList) XXX_DiscardUnknown ¶ added in v0.16.4
func (m *PolicyList) XXX_DiscardUnknown()
func (*PolicyList) XXX_Marshal ¶ added in v0.16.4
func (m *PolicyList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*PolicyList) XXX_Merge ¶ added in v0.16.4
func (m *PolicyList) XXX_Merge(src proto.Message)
func (*PolicyList) XXX_Size ¶ added in v0.16.4
func (m *PolicyList) XXX_Size() int
func (*PolicyList) XXX_Unmarshal ¶ added in v0.16.4
func (m *PolicyList) XXX_Unmarshal(b []byte) error
type PolicyRule ¶
type PolicyRule struct { // The Level that requests matching this rule are recorded at. Level Level `json:"level" protobuf:"bytes,1,opt,name=level,casttype=Level"` // The users (by authenticated user name) this rule applies to. // An empty list implies every user. // +optional Users []string `json:"users,omitempty" protobuf:"bytes,2,rep,name=users"` // The user groups this rule applies to. A user is considered matching // if it is a member of any of the UserGroups. // An empty list implies every user group. // +optional UserGroups []string `json:"userGroups,omitempty" protobuf:"bytes,3,rep,name=userGroups"` // The verbs that match this rule. // An empty list implies every verb. // +optional Verbs []string `json:"verbs,omitempty" protobuf:"bytes,4,rep,name=verbs"` // Resources that this rule matches. An empty list implies all kinds in all API groups. // +optional Resources []GroupResources `json:"resources,omitempty" protobuf:"bytes,5,rep,name=resources"` // Namespaces that this rule matches. // The empty string "" matches non-namespaced resources. // An empty list implies every namespace. // +optional Namespaces []string `json:"namespaces,omitempty" protobuf:"bytes,6,rep,name=namespaces"` // NonResourceURLs is a set of URL paths that should be audited. // *s are allowed, but only as the full, final step in the path. // Examples: // "/metrics" - Log requests for apiserver metrics // "/healthz*" - Log all health checks // +optional NonResourceURLs []string `json:"nonResourceURLs,omitempty" protobuf:"bytes,7,rep,name=nonResourceURLs"` // OmitStages is a list of stages for which no events are created. Note that this can also // be specified policy wide in which case the union of both are omitted. // An empty list means no restrictions will apply. // +optional OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,8,rep,name=omitStages"` // OmitManagedFields indicates whether to omit the managed fields of the request // and response bodies from being written to the API audit log. // - a value of 'true' will drop the managed fields from the API audit log // - a value of 'false' indicates that the managed fileds should be included // in the API audit log // Note that the value, if specified, in this rule will override the global default // If a value is not specified then the global default specified in // Policy.OmitManagedFields will stand. // +optional OmitManagedFields *bool `json:"omitManagedFields,omitempty" protobuf:"varint,9,opt,name=omitManagedFields"` }
PolicyRule maps requests based off metadata to an audit Level. Requests must match the rules of every field (an intersection of rules).
func (*PolicyRule) DeepCopy ¶
func (in *PolicyRule) DeepCopy() *PolicyRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRule.
func (*PolicyRule) DeepCopyInto ¶
func (in *PolicyRule) DeepCopyInto(out *PolicyRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PolicyRule) Descriptor ¶
func (*PolicyRule) Descriptor() ([]byte, []int)
func (*PolicyRule) Marshal ¶
func (m *PolicyRule) Marshal() (dAtA []byte, err error)
func (*PolicyRule) MarshalToSizedBuffer ¶ added in v0.16.4
func (m *PolicyRule) MarshalToSizedBuffer(dAtA []byte) (int, error)
func (*PolicyRule) ProtoMessage ¶
func (*PolicyRule) ProtoMessage()
func (*PolicyRule) Reset ¶
func (m *PolicyRule) Reset()
func (*PolicyRule) Size ¶
func (m *PolicyRule) Size() (n int)
func (*PolicyRule) String ¶
func (this *PolicyRule) String() string
func (*PolicyRule) Unmarshal ¶
func (m *PolicyRule) Unmarshal(dAtA []byte) error
func (*PolicyRule) XXX_DiscardUnknown ¶ added in v0.16.4
func (m *PolicyRule) XXX_DiscardUnknown()
func (*PolicyRule) XXX_Marshal ¶ added in v0.16.4
func (m *PolicyRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*PolicyRule) XXX_Merge ¶ added in v0.16.4
func (m *PolicyRule) XXX_Merge(src proto.Message)
func (*PolicyRule) XXX_Size ¶ added in v0.16.4
func (m *PolicyRule) XXX_Size() int
func (*PolicyRule) XXX_Unmarshal ¶ added in v0.16.4
func (m *PolicyRule) XXX_Unmarshal(b []byte) error
type Stage ¶
type Stage string
Stage defines the stages in request handling that audit events may be generated.
const ( // The stage for events generated as soon as the audit handler receives the request, and before it // is delegated down the handler chain. StageRequestReceived Stage = "RequestReceived" // The stage for events generated once the response headers are sent, but before the response body // is sent. This stage is only generated for long-running requests (e.g. watch). StageResponseStarted Stage = "ResponseStarted" // The stage for events generated once the response body has been completed, and no more bytes // will be sent. StageResponseComplete Stage = "ResponseComplete" // The stage for events generated when a panic occurred. StagePanic Stage = "Panic" )
Valid audit stages.