googlecloudlogk8saudit_impl

package
v0.49.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 18, 2025 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var GCPK8sAuditLogSourceTask = inspectiontaskbase.NewInspectionTask(googlecloudlogk8saudit_contract.GKEK8sAuditLogSourceTaskID, []taskid.UntypedTaskReference{
	googlecloudlogk8saudit_contract.K8sAuditQueryTaskID.Ref(),
}, func(ctx context.Context, taskMode inspectioncore_contract.InspectionTaskModeType) (*commonlogk8saudit_contract.AuditLogParserLogSource, error) {
	if taskMode == inspectioncore_contract.TaskModeDryRun {
		return nil, nil
	}
	logs := coretask.GetTaskResult(ctx, googlecloudlogk8saudit_contract.K8sAuditQueryTaskID.Ref())

	return &commonlogk8saudit_contract.AuditLogParserLogSource{
		Logs:      logs,
		Extractor: &fieldextractor.GCPAuditLogFieldExtractor{},
	}, nil
}, inspectioncore_contract.InspectionTypeLabel(googlecloudinspectiontypegroup_contract.GCPK8sClusterInspectionTypes...))

GCPK8sAuditLogSourceTask creates an AuditLogParserLogSource for GCP Kubernetes audit logs. It retrieves the logs from the K8sAuditQueryTask and provides them along with a GCP-specific field extractor to downstream parsing tasks.

View Source 
var K8sAuditQueryTask = googlecloudcommon_contract.NewLegacyCloudLoggingListLogTask(googlecloudlogk8saudit_contract.K8sAuditQueryTaskID, "K8s audit logs", enum.LogTypeAudit, []taskid.UntypedTaskReference{
	googlecloudk8scommon_contract.InputClusterNameTaskID.Ref(),
	googlecloudk8scommon_contract.InputKindFilterTaskID.Ref(),
	googlecloudk8scommon_contract.InputNamespaceFilterTaskID.Ref(),
}, &googlecloudcommon_contract.ProjectIDDefaultResourceNamesGenerator{}, func(ctx context.Context, i inspectioncore_contract.InspectionTaskModeType) ([]string, error) {
	clusterName := coretask.GetTaskResult(ctx, googlecloudk8scommon_contract.InputClusterNameTaskID.Ref())
	kindFilter := coretask.GetTaskResult(ctx, googlecloudk8scommon_contract.InputKindFilterTaskID.Ref())
	namespaceFilter := coretask.GetTaskResult(ctx, googlecloudk8scommon_contract.InputNamespaceFilterTaskID.Ref())

	return []string{GenerateK8sAuditQuery(clusterName, kindFilter, namespaceFilter)}, nil
}, GenerateK8sAuditQuery(
	"gcp-cluster-name",
	&gcpqueryutil.SetFilterParseResult{
		Additives: []string{"deployments", "replicasets", "pods", "nodes"},
	},
	&gcpqueryutil.SetFilterParseResult{
		Additives: []string{"#cluster-scoped", "#namespaced"},
	},
))

K8sAuditQueryTask is a query generator task that creates a Google Cloud Logging query to fetch Kubernetes audit logs for a specific cluster.

View Source 
var RegisterK8sAuditTasks coreinspection.InspectionRegistrationFunc = func(registry coreinspection.InspectionTaskRegistry) error {
	err := registry.AddTask(GCPK8sAuditLogSourceTask)
	if err != nil {
		return err
	}

	manager := recorder.NewAuditRecorderTaskManager(googlecloudlogk8saudit_contract.K8sAuditParseTaskID, "gke")
	err = commonrecorder.Register(manager)
	if err != nil {
		return err
	}
	err = statusrecorder.Register(manager)
	if err != nil {
		return err
	}
	err = bindingrecorder.Register(manager)
	if err != nil {
		return err
	}
	err = endpointslicerecorder.Register(manager)
	if err != nil {
		return err
	}
	err = ownerreferencerecorder.Register(manager)
	if err != nil {
		return err
	}
	err = containerstatusrecorder.Register(manager)
	if err != nil {
		return err
	}
	err = noderecorder.Register(manager)
	if err != nil {
		return err
	}

	err = snegrecorder.Register(manager)
	if err != nil {
		return err
	}

	err = manager.Register(registry, googlecloudinspectiontypegroup_contract.GCPK8sClusterInspectionTypes...)
	if err != nil {
		return err
	}
	return nil
}

RegisterK8sAuditTasks registers all the tasks required for parsing GKE Kubernetes audit logs. This includes the common audit log recorders as well as GKE-specific ones like the SNEG recorder.

Functions

func GenerateK8sAuditQuery 

func GenerateK8sAuditQuery(clusterName string, auditKindFilter *gcpqueryutil.SetFilterParseResult, namespaceFilter *gcpqueryutil.SetFilterParseResult) string

GenerateK8sAuditQuery constructs a Google Cloud Logging query string for fetching Kubernetes audit logs based on cluster name, kind filters, and namespace filters.

func Register 

func Register(registry coreinspection.InspectionTaskRegistry) error

Register registers all tasks related to GKE Kubernetes audit log.

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.