Merge pull request #49010 from huangjiuyuan/fix-audit-log-flag-check

Automatic merge from submit-queue (batch tested with PRs 48576, 49010) adding validations on kube-apiserver audit log options **What this PR does / why we need it**: The kube-apiserver does not check the validity of the following audit log options `--audit-log-maxage`, `--audit-log-maxage`, `--audit-log-maxage`. If these options are set to negative numbers, the kube-apiserver will not detect these invalid settings. This PR adds validations on these audit log options. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # **Special notes for your reviewer**: **Release note**: `NONE`
2025-07-23 03:41:45 +00:00 · 2017-07-18 00:35:45 -07:00 · 2017-07-18 00:35:45 -07:00 · 08d9893998
commit 08d9893998
parent f3dcf63130 21d0f81564
1 changed files with 12 additions and 0 deletions
--- a/staging/src/k8s.io/apiserver/pkg/server/options/audit.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/audit.go
@ -119,6 +119,18 @@ func (o *AuditOptions) Validate() []error {
 			allErrors = append(allErrors, fmt.Errorf("invalid audit log format %s, allowed formats are %q", o.LogOptions.Format, strings.Join(pluginlog.AllowedFormats, ",")))
 		}
 	}
+
+	// Check validities of MaxAge, MaxBackups and MaxSize of log options
+	if o.LogOptions.MaxAge < 0 {
+		allErrors = append(allErrors, fmt.Errorf("--audit-log-maxage %v can't be a negative number", o.LogOptions.MaxAge))
+	}
+	if o.LogOptions.MaxBackups < 0 {
+		allErrors = append(allErrors, fmt.Errorf("--audit-log-maxbackup %v can't be a negative number", o.LogOptions.MaxBackups))
+	}
+	if o.LogOptions.MaxSize < 0 {
+		allErrors = append(allErrors, fmt.Errorf("--audit-log-maxsize %v can't be a negative number", o.LogOptions.MaxSize))
+	}
+
 	return allErrors
 }