v1

package
v0.29.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 16, 2025 License: Apache-2.0 Imports: 16 Imported by: 192

Documentation

Index

Constants

View Source 
const GroupName = "audit.k8s.io"

GroupName is the group name use in this package

View Source 
const (
	// Header to hold the audit ID as the request is propagated through the serving hierarchy. The
	// Audit-ID header should be set by the first server to receive the request (e.g. the federation
	// server or kube-aggregator).
	HeaderAuditID = "Audit-ID"
)

Header keys used by the audit system.

Variables

View Source 
var (
	ErrInvalidLengthGenerated        = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowGenerated          = fmt.Errorf("proto: integer overflow")
	ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group")
)
View Source 
var (
	SchemeBuilder runtime.SchemeBuilder

	AddToScheme = localSchemeBuilder.AddToScheme
)
View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"}

SchemeGroupVersion is group version used to register these objects

Functions

func Convert_audit_EventList_To_v1_EventList 

func Convert_audit_EventList_To_v1_EventList(in *audit.EventList, out *EventList, s conversion.Scope) error

Convert_audit_EventList_To_v1_EventList is an autogenerated conversion function.

func Convert_audit_Event_To_v1_Event 

func Convert_audit_Event_To_v1_Event(in *audit.Event, out *Event, s conversion.Scope) error

Convert_audit_Event_To_v1_Event is an autogenerated conversion function.

func Convert_audit_GroupResources_To_v1_GroupResources 

func Convert_audit_GroupResources_To_v1_GroupResources(in *audit.GroupResources, out *GroupResources, s conversion.Scope) error

Convert_audit_GroupResources_To_v1_GroupResources is an autogenerated conversion function.

func Convert_audit_ObjectReference_To_v1_ObjectReference 

func Convert_audit_ObjectReference_To_v1_ObjectReference(in *audit.ObjectReference, out *ObjectReference, s conversion.Scope) error

Convert_audit_ObjectReference_To_v1_ObjectReference is an autogenerated conversion function.

func Convert_audit_PolicyList_To_v1_PolicyList 

func Convert_audit_PolicyList_To_v1_PolicyList(in *audit.PolicyList, out *PolicyList, s conversion.Scope) error

Convert_audit_PolicyList_To_v1_PolicyList is an autogenerated conversion function.

func Convert_audit_PolicyRule_To_v1_PolicyRule 

func Convert_audit_PolicyRule_To_v1_PolicyRule(in *audit.PolicyRule, out *PolicyRule, s conversion.Scope) error

Convert_audit_PolicyRule_To_v1_PolicyRule is an autogenerated conversion function.

func Convert_audit_Policy_To_v1_Policy 

func Convert_audit_Policy_To_v1_Policy(in *audit.Policy, out *Policy, s conversion.Scope) error

Convert_audit_Policy_To_v1_Policy is an autogenerated conversion function.

func Convert_v1_EventList_To_audit_EventList 

func Convert_v1_EventList_To_audit_EventList(in *EventList, out *audit.EventList, s conversion.Scope) error

Convert_v1_EventList_To_audit_EventList is an autogenerated conversion function.

func Convert_v1_Event_To_audit_Event 

func Convert_v1_Event_To_audit_Event(in *Event, out *audit.Event, s conversion.Scope) error

Convert_v1_Event_To_audit_Event is an autogenerated conversion function.

func Convert_v1_GroupResources_To_audit_GroupResources 

func Convert_v1_GroupResources_To_audit_GroupResources(in *GroupResources, out *audit.GroupResources, s conversion.Scope) error

Convert_v1_GroupResources_To_audit_GroupResources is an autogenerated conversion function.

func Convert_v1_ObjectReference_To_audit_ObjectReference 

func Convert_v1_ObjectReference_To_audit_ObjectReference(in *ObjectReference, out *audit.ObjectReference, s conversion.Scope) error

Convert_v1_ObjectReference_To_audit_ObjectReference is an autogenerated conversion function.

func Convert_v1_PolicyList_To_audit_PolicyList 

func Convert_v1_PolicyList_To_audit_PolicyList(in *PolicyList, out *audit.PolicyList, s conversion.Scope) error

Convert_v1_PolicyList_To_audit_PolicyList is an autogenerated conversion function.

func Convert_v1_PolicyRule_To_audit_PolicyRule 

func Convert_v1_PolicyRule_To_audit_PolicyRule(in *PolicyRule, out *audit.PolicyRule, s conversion.Scope) error

Convert_v1_PolicyRule_To_audit_PolicyRule is an autogenerated conversion function.

func Convert_v1_Policy_To_audit_Policy 

func Convert_v1_Policy_To_audit_Policy(in *Policy, out *audit.Policy, s conversion.Scope) error

Convert_v1_Policy_To_audit_Policy is an autogenerated conversion function.

func RegisterConversions 

func RegisterConversions(s *runtime.Scheme) error

RegisterConversions adds conversion functions to the given scheme. Public to allow building arbitrary schemes.

func RegisterDefaults 

func RegisterDefaults(scheme *runtime.Scheme) error

RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type Event 

type Event struct {
	metav1.TypeMeta `json:",inline"`

	// AuditLevel at which event was generated
	Level Level `json:"level" protobuf:"bytes,1,opt,name=level,casttype=Level"`

	// Unique audit ID, generated for each request.
	AuditID types.UID `json:"auditID" protobuf:"bytes,2,opt,name=auditID,casttype=k8s.io/apimachinery/pkg/types.UID"`
	// Stage of the request handling when this event instance was generated.
	Stage Stage `json:"stage" protobuf:"bytes,3,opt,name=stage,casttype=Stage"`

	// RequestURI is the request URI as sent by the client to a server.
	RequestURI string `json:"requestURI" protobuf:"bytes,4,opt,name=requestURI"`
	// Verb is the kubernetes verb associated with the request.
	// For non-resource requests, this is the lower-cased HTTP method.
	Verb string `json:"verb" protobuf:"bytes,5,opt,name=verb"`
	// Authenticated user information.
	User authnv1.UserInfo `json:"user" protobuf:"bytes,6,opt,name=user"`
	// Impersonated user information.
	// +optional
	ImpersonatedUser *authnv1.UserInfo `json:"impersonatedUser,omitempty" protobuf:"bytes,7,opt,name=impersonatedUser"`
	// Source IPs, from where the request originated and intermediate proxies.
	// The source IPs are listed from (in order):
	// 1. X-Forwarded-For request header IPs
	// 2. X-Real-Ip header, if not present in the X-Forwarded-For list
	// 3. The remote address for the connection, if it doesn't match the last
	//    IP in the list up to here (X-Forwarded-For or X-Real-Ip).
	// Note: All but the last IP can be arbitrarily set by the client.
	// +optional
	SourceIPs []string `json:"sourceIPs,omitempty" protobuf:"bytes,8,rep,name=sourceIPs"`
	// UserAgent records the user agent string reported by the client.
	// Note that the UserAgent is provided by the client, and must not be trusted.
	// +optional
	UserAgent string `json:"userAgent,omitempty" protobuf:"bytes,16,opt,name=userAgent"`
	// Object reference this request is targeted at.
	// Does not apply for List-type requests, or non-resource requests.
	// +optional
	ObjectRef *ObjectReference `json:"objectRef,omitempty" protobuf:"bytes,9,opt,name=objectRef"`
	// The response status, populated even when the ResponseObject is not a Status type.
	// For successful responses, this will only include the Code and StatusSuccess.
	// For non-status type error responses, this will be auto-populated with the error Message.
	// +optional
	ResponseStatus *metav1.Status `json:"responseStatus,omitempty" protobuf:"bytes,10,opt,name=responseStatus"`

	// API object from the request, in JSON format. The RequestObject is recorded as-is in the request
	// (possibly re-encoded as JSON), prior to version conversion, defaulting, admission or
	// merging. It is an external versioned object type, and may not be a valid object on its own.
	// Omitted for non-resource requests.  Only logged at Request Level and higher.
	// +optional
	RequestObject *runtime.Unknown `json:"requestObject,omitempty" protobuf:"bytes,11,opt,name=requestObject"`
	// API object returned in the response, in JSON. The ResponseObject is recorded after conversion
	// to the external type, and serialized as JSON.  Omitted for non-resource requests.  Only logged
	// at Response Level.
	// +optional
	ResponseObject *runtime.Unknown `json:"responseObject,omitempty" protobuf:"bytes,12,opt,name=responseObject"`
	// Time the request reached the apiserver.
	// +optional
	RequestReceivedTimestamp metav1.MicroTime `json:"requestReceivedTimestamp" protobuf:"bytes,13,opt,name=requestReceivedTimestamp"`
	// Time the request reached current audit stage.
	// +optional
	StageTimestamp metav1.MicroTime `json:"stageTimestamp" protobuf:"bytes,14,opt,name=stageTimestamp"`

	// Annotations is an unstructured key value map stored with an audit event that may be set by
	// plugins invoked in the request serving chain, including authentication, authorization and
	// admission plugins. Note that these annotations are for the audit event, and do not correspond
	// to the metadata.annotations of the submitted object. Keys should uniquely identify the informing
	// component to avoid name collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values
	// should be short. Annotations are included in the Metadata level.
	// +optional
	Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,15,rep,name=annotations"`
}

Event captures all the information that can be included in an API audit log.

func (*Event) DeepCopy 

func (in *Event) DeepCopy() *Event

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Event.

func (*Event) DeepCopyInto 

func (in *Event) DeepCopyInto(out *Event)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Event) DeepCopyObject 

func (in *Event) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Event) Descriptor 

func (*Event) Descriptor() ([]byte, []int)

func (*Event) Marshal 

func (m *Event) Marshal() (dAtA []byte, err error)

func (*Event) MarshalTo 

func (m *Event) MarshalTo(dAtA []byte) (int, error)

func (*Event) MarshalToSizedBuffer added in v0.16.4 

func (m *Event) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Event) ProtoMessage 

func (*Event) ProtoMessage()

func (*Event) Reset 

func (m *Event) Reset()

func (*Event) Size 

func (m *Event) Size() (n int)

func (*Event) String 

func (this *Event) String() string

func (*Event) Unmarshal 

func (m *Event) Unmarshal(dAtA []byte) error

func (*Event) XXX_DiscardUnknown added in v0.16.4 

func (m *Event) XXX_DiscardUnknown()

func (*Event) XXX_Marshal added in v0.16.4 

func (m *Event) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Event) XXX_Merge added in v0.16.4 

func (m *Event) XXX_Merge(src proto.Message)

func (*Event) XXX_Size added in v0.16.4 

func (m *Event) XXX_Size() int

func (*Event) XXX_Unmarshal added in v0.16.4 

func (m *Event) XXX_Unmarshal(b []byte) error

type EventList 

type EventList struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

	Items []Event `json:"items" protobuf:"bytes,2,rep,name=items"`
}

EventList is a list of audit Events.

func (*EventList) DeepCopy 

func (in *EventList) DeepCopy() *EventList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventList.

func (*EventList) DeepCopyInto 

func (in *EventList) DeepCopyInto(out *EventList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EventList) DeepCopyObject 

func (in *EventList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*EventList) Descriptor 

func (*EventList) Descriptor() ([]byte, []int)

func (*EventList) Marshal 

func (m *EventList) Marshal() (dAtA []byte, err error)

func (*EventList) MarshalTo 

func (m *EventList) MarshalTo(dAtA []byte) (int, error)

func (*EventList) MarshalToSizedBuffer added in v0.16.4 

func (m *EventList) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*EventList) ProtoMessage 

func (*EventList) ProtoMessage()

func (*EventList) Reset 

func (m *EventList) Reset()

func (*EventList) Size 

func (m *EventList) Size() (n int)

func (*EventList) String 

func (this *EventList) String() string

func (*EventList) Unmarshal 

func (m *EventList) Unmarshal(dAtA []byte) error

func (*EventList) XXX_DiscardUnknown added in v0.16.4 

func (m *EventList) XXX_DiscardUnknown()

func (*EventList) XXX_Marshal added in v0.16.4 

func (m *EventList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EventList) XXX_Merge added in v0.16.4 

func (m *EventList) XXX_Merge(src proto.Message)

func (*EventList) XXX_Size added in v0.16.4 

func (m *EventList) XXX_Size() int

func (*EventList) XXX_Unmarshal added in v0.16.4 

func (m *EventList) XXX_Unmarshal(b []byte) error

type GroupResources 

type GroupResources struct {
	// Group is the name of the API group that contains the resources.
	// The empty string represents the core API group.
	// +optional
	Group string `json:"group,omitempty" protobuf:"bytes,1,opt,name=group"`
	// Resources is a list of resources this rule applies to.
	//
	// For example:
	// - `pods` matches pods.
	// - `pods/log` matches the log subresource of pods.
	// - `*` matches all resources and their subresources.
	// - `pods/*` matches all subresources of pods.
	// - `*/scale` matches all scale subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not
	// overlap with each other.
	//
	// An empty list implies all resources and subresources in this API groups apply.
	// +optional
	Resources []string `json:"resources,omitempty" protobuf:"bytes,2,rep,name=resources"`
	// ResourceNames is a list of resource instance names that the policy matches.
	// Using this field requires Resources to be specified.
	// An empty list implies that every instance of the resource is matched.
	// +optional
	ResourceNames []string `json:"resourceNames,omitempty" protobuf:"bytes,3,rep,name=resourceNames"`
}

GroupResources represents resource kinds in an API group.

func (*GroupResources) DeepCopy 

func (in *GroupResources) DeepCopy() *GroupResources

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupResources.

func (*GroupResources) DeepCopyInto 

func (in *GroupResources) DeepCopyInto(out *GroupResources)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GroupResources) Descriptor 

func (*GroupResources) Descriptor() ([]byte, []int)

func (*GroupResources) Marshal 

func (m *GroupResources) Marshal() (dAtA []byte, err error)

func (*GroupResources) MarshalTo 

func (m *GroupResources) MarshalTo(dAtA []byte) (int, error)

func (*GroupResources) MarshalToSizedBuffer added in v0.16.4 

func (m *GroupResources) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GroupResources) ProtoMessage 

func (*GroupResources) ProtoMessage()

func (*GroupResources) Reset 

func (m *GroupResources) Reset()

func (*GroupResources) Size 

func (m *GroupResources) Size() (n int)

func (*GroupResources) String 

func (this *GroupResources) String() string

func (*GroupResources) Unmarshal 

func (m *GroupResources) Unmarshal(dAtA []byte) error

func (*GroupResources) XXX_DiscardUnknown added in v0.16.4 

func (m *GroupResources) XXX_DiscardUnknown()

func (*GroupResources) XXX_Marshal added in v0.16.4 

func (m *GroupResources) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GroupResources) XXX_Merge added in v0.16.4 

func (m *GroupResources) XXX_Merge(src proto.Message)

func (*GroupResources) XXX_Size added in v0.16.4 

func (m *GroupResources) XXX_Size() int

func (*GroupResources) XXX_Unmarshal added in v0.16.4 

func (m *GroupResources) XXX_Unmarshal(b []byte) error

type Level 

type Level string

Level defines the amount of information logged during auditing 

const (
	// LevelNone disables auditing
	LevelNone Level = "None"
	// LevelMetadata provides the basic level of auditing.
	LevelMetadata Level = "Metadata"
	// LevelRequest provides Metadata level of auditing, and additionally
	// logs the request object (does not apply for non-resource requests).
	LevelRequest Level = "Request"
	// LevelRequestResponse provides Request level of auditing, and additionally
	// logs the response object (does not apply for non-resource requests).
	LevelRequestResponse Level = "RequestResponse"
)

Valid audit levels

type ObjectReference 

type ObjectReference struct {
	// +optional
	Resource string `json:"resource,omitempty" protobuf:"bytes,1,opt,name=resource"`
	// +optional
	Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,opt,name=namespace"`
	// +optional
	Name string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"`
	// +optional
	UID types.UID `json:"uid,omitempty" protobuf:"bytes,4,opt,name=uid,casttype=k8s.io/apimachinery/pkg/types.UID"`
	// APIGroup is the name of the API group that contains the referred object.
	// The empty string represents the core API group.
	// +optional
	APIGroup string `json:"apiGroup,omitempty" protobuf:"bytes,5,opt,name=apiGroup"`
	// APIVersion is the version of the API group that contains the referred object.
	// +optional
	APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,6,opt,name=apiVersion"`
	// +optional
	ResourceVersion string `json:"resourceVersion,omitempty" protobuf:"bytes,7,opt,name=resourceVersion"`
	// +optional
	Subresource string `json:"subresource,omitempty" protobuf:"bytes,8,opt,name=subresource"`
}

ObjectReference contains enough information to let you inspect or modify the referred object.

func (*ObjectReference) DeepCopy 

func (in *ObjectReference) DeepCopy() *ObjectReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference.

func (*ObjectReference) DeepCopyInto 

func (in *ObjectReference) DeepCopyInto(out *ObjectReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ObjectReference) Descriptor 

func (*ObjectReference) Descriptor() ([]byte, []int)

func (*ObjectReference) Marshal 

func (m *ObjectReference) Marshal() (dAtA []byte, err error)

func (*ObjectReference) MarshalTo 

func (m *ObjectReference) MarshalTo(dAtA []byte) (int, error)

func (*ObjectReference) MarshalToSizedBuffer added in v0.16.4 

func (m *ObjectReference) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ObjectReference) ProtoMessage 

func (*ObjectReference) ProtoMessage()

func (*ObjectReference) Reset 

func (m *ObjectReference) Reset()

func (*ObjectReference) Size 

func (m *ObjectReference) Size() (n int)

func (*ObjectReference) String 

func (this *ObjectReference) String() string

func (*ObjectReference) Unmarshal 

func (m *ObjectReference) Unmarshal(dAtA []byte) error

func (*ObjectReference) XXX_DiscardUnknown added in v0.16.4 

func (m *ObjectReference) XXX_DiscardUnknown()

func (*ObjectReference) XXX_Marshal added in v0.16.4 

func (m *ObjectReference) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ObjectReference) XXX_Merge added in v0.16.4 

func (m *ObjectReference) XXX_Merge(src proto.Message)

func (*ObjectReference) XXX_Size added in v0.16.4 

func (m *ObjectReference) XXX_Size() int

func (*ObjectReference) XXX_Unmarshal added in v0.16.4 

func (m *ObjectReference) XXX_Unmarshal(b []byte) error

type Policy 

type Policy struct {
	metav1.TypeMeta `json:",inline"`
	// ObjectMeta is included for interoperability with API infrastructure.
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

	// Rules specify the audit Level a request should be recorded at.
	// A request may match multiple rules, in which case the FIRST matching rule is used.
	// The default audit level is None, but can be overridden by a catch-all rule at the end of the list.
	// PolicyRules are strictly ordered.
	Rules []PolicyRule `json:"rules" protobuf:"bytes,2,rep,name=rules"`

	// OmitStages is a list of stages for which no events are created. Note that this can also
	// be specified per rule in which case the union of both are omitted.
	// +optional
	OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,3,rep,name=omitStages"`

	// OmitManagedFields indicates whether to omit the managed fields of the request
	// and response bodies from being written to the API audit log.
	// This is used as a global default - a value of 'true' will omit the managed fileds,
	// otherwise the managed fields will be included in the API audit log.
	// Note that this can also be specified per rule in which case the value specified
	// in a rule will override the global default.
	// +optional
	OmitManagedFields bool `json:"omitManagedFields,omitempty" protobuf:"varint,4,opt,name=omitManagedFields"`
}

Policy defines the configuration of audit logging, and the rules for how different request categories are logged.

func (*Policy) DeepCopy 

func (in *Policy) DeepCopy() *Policy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

func (*Policy) DeepCopyInto 

func (in *Policy) DeepCopyInto(out *Policy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Policy) DeepCopyObject 

func (in *Policy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Policy) Descriptor 

func (*Policy) Descriptor() ([]byte, []int)

func (*Policy) Marshal 

func (m *Policy) Marshal() (dAtA []byte, err error)

func (*Policy) MarshalTo 

func (m *Policy) MarshalTo(dAtA []byte) (int, error)

func (*Policy) MarshalToSizedBuffer added in v0.16.4 

func (m *Policy) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*Policy) ProtoMessage 

func (*Policy) ProtoMessage()

func (*Policy) Reset 

func (m *Policy) Reset()

func (*Policy) Size 

func (m *Policy) Size() (n int)

func (*Policy) String 

func (this *Policy) String() string

func (*Policy) Unmarshal 

func (m *Policy) Unmarshal(dAtA []byte) error

func (*Policy) XXX_DiscardUnknown added in v0.16.4 

func (m *Policy) XXX_DiscardUnknown()

func (*Policy) XXX_Marshal added in v0.16.4 

func (m *Policy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Policy) XXX_Merge added in v0.16.4 

func (m *Policy) XXX_Merge(src proto.Message)

func (*Policy) XXX_Size added in v0.16.4 

func (m *Policy) XXX_Size() int

func (*Policy) XXX_Unmarshal added in v0.16.4 

func (m *Policy) XXX_Unmarshal(b []byte) error

type PolicyList 

type PolicyList struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

	Items []Policy `json:"items" protobuf:"bytes,2,rep,name=items"`
}

PolicyList is a list of audit Policies.

func (*PolicyList) DeepCopy 

func (in *PolicyList) DeepCopy() *PolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList.

func (*PolicyList) DeepCopyInto 

func (in *PolicyList) DeepCopyInto(out *PolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicyList) DeepCopyObject 

func (in *PolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PolicyList) Descriptor 

func (*PolicyList) Descriptor() ([]byte, []int)

func (*PolicyList) Marshal 

func (m *PolicyList) Marshal() (dAtA []byte, err error)

func (*PolicyList) MarshalTo 

func (m *PolicyList) MarshalTo(dAtA []byte) (int, error)

func (*PolicyList) MarshalToSizedBuffer added in v0.16.4 

func (m *PolicyList) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PolicyList) ProtoMessage 

func (*PolicyList) ProtoMessage()

func (*PolicyList) Reset 

func (m *PolicyList) Reset()

func (*PolicyList) Size 

func (m *PolicyList) Size() (n int)

func (*PolicyList) String 

func (this *PolicyList) String() string

func (*PolicyList) Unmarshal 

func (m *PolicyList) Unmarshal(dAtA []byte) error

func (*PolicyList) XXX_DiscardUnknown added in v0.16.4 

func (m *PolicyList) XXX_DiscardUnknown()

func (*PolicyList) XXX_Marshal added in v0.16.4 

func (m *PolicyList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PolicyList) XXX_Merge added in v0.16.4 

func (m *PolicyList) XXX_Merge(src proto.Message)

func (*PolicyList) XXX_Size added in v0.16.4 

func (m *PolicyList) XXX_Size() int

func (*PolicyList) XXX_Unmarshal added in v0.16.4 

func (m *PolicyList) XXX_Unmarshal(b []byte) error

type PolicyRule 

type PolicyRule struct {
	// The Level that requests matching this rule are recorded at.
	Level Level `json:"level" protobuf:"bytes,1,opt,name=level,casttype=Level"`

	// The users (by authenticated user name) this rule applies to.
	// An empty list implies every user.
	// +optional
	Users []string `json:"users,omitempty" protobuf:"bytes,2,rep,name=users"`
	// The user groups this rule applies to. A user is considered matching
	// if it is a member of any of the UserGroups.
	// An empty list implies every user group.
	// +optional
	UserGroups []string `json:"userGroups,omitempty" protobuf:"bytes,3,rep,name=userGroups"`

	// The verbs that match this rule.
	// An empty list implies every verb.
	// +optional
	Verbs []string `json:"verbs,omitempty" protobuf:"bytes,4,rep,name=verbs"`

	// Resources that this rule matches. An empty list implies all kinds in all API groups.
	// +optional
	Resources []GroupResources `json:"resources,omitempty" protobuf:"bytes,5,rep,name=resources"`
	// Namespaces that this rule matches.
	// The empty string "" matches non-namespaced resources.
	// An empty list implies every namespace.
	// +optional
	Namespaces []string `json:"namespaces,omitempty" protobuf:"bytes,6,rep,name=namespaces"`

	// NonResourceURLs is a set of URL paths that should be audited.
	// `*`s are allowed, but only as the full, final step in the path.
	// Examples:
	// - `/metrics` - Log requests for apiserver metrics
	// - `/healthz*` - Log all health checks
	// +optional
	NonResourceURLs []string `json:"nonResourceURLs,omitempty" protobuf:"bytes,7,rep,name=nonResourceURLs"`

	// OmitStages is a list of stages for which no events are created. Note that this can also
	// be specified policy wide in which case the union of both are omitted.
	// An empty list means no restrictions will apply.
	// +optional
	OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,8,rep,name=omitStages"`

	// OmitManagedFields indicates whether to omit the managed fields of the request
	// and response bodies from being written to the API audit log.
	// - a value of 'true' will drop the managed fields from the API audit log
	// - a value of 'false' indicates that the managed fileds should be included
	//   in the API audit log
	// Note that the value, if specified, in this rule will override the global default
	// If a value is not specified then the global default specified in
	// Policy.OmitManagedFields will stand.
	// +optional
	OmitManagedFields *bool `json:"omitManagedFields,omitempty" protobuf:"varint,9,opt,name=omitManagedFields"`
}

PolicyRule maps requests based off metadata to an audit Level. Requests must match the rules of every field (an intersection of rules).

func (*PolicyRule) DeepCopy 

func (in *PolicyRule) DeepCopy() *PolicyRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRule.

func (*PolicyRule) DeepCopyInto 

func (in *PolicyRule) DeepCopyInto(out *PolicyRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicyRule) Descriptor 

func (*PolicyRule) Descriptor() ([]byte, []int)

func (*PolicyRule) Marshal 

func (m *PolicyRule) Marshal() (dAtA []byte, err error)

func (*PolicyRule) MarshalTo 

func (m *PolicyRule) MarshalTo(dAtA []byte) (int, error)

func (*PolicyRule) MarshalToSizedBuffer added in v0.16.4 

func (m *PolicyRule) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PolicyRule) ProtoMessage 

func (*PolicyRule) ProtoMessage()

func (*PolicyRule) Reset 

func (m *PolicyRule) Reset()

func (*PolicyRule) Size 

func (m *PolicyRule) Size() (n int)

func (*PolicyRule) String 

func (this *PolicyRule) String() string

func (*PolicyRule) Unmarshal 

func (m *PolicyRule) Unmarshal(dAtA []byte) error

func (*PolicyRule) XXX_DiscardUnknown added in v0.16.4 

func (m *PolicyRule) XXX_DiscardUnknown()

func (*PolicyRule) XXX_Marshal added in v0.16.4 

func (m *PolicyRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PolicyRule) XXX_Merge added in v0.16.4 

func (m *PolicyRule) XXX_Merge(src proto.Message)

func (*PolicyRule) XXX_Size added in v0.16.4 

func (m *PolicyRule) XXX_Size() int

func (*PolicyRule) XXX_Unmarshal added in v0.16.4 

func (m *PolicyRule) XXX_Unmarshal(b []byte) error

type Stage 

type Stage string

Stage defines the stages in request handling that audit events may be generated. 

const (
	// The stage for events generated as soon as the audit handler receives the request, and before it
	// is delegated down the handler chain.
	StageRequestReceived Stage = "RequestReceived"
	// The stage for events generated once the response headers are sent, but before the response body
	// is sent. This stage is only generated for long-running requests (e.g. watch).
	StageResponseStarted Stage = "ResponseStarted"
	// The stage for events generated once the response body has been completed, and no more bytes
	// will be sent.
	StageResponseComplete Stage = "ResponseComplete"
	// The stage for events generated when a panic occurred.
	StagePanic Stage = "Panic"
)

Valid audit stages.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.