From 0e787a4b78a849fa66a02126721dd185e7c00955 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Mon, 9 Sep 2019 08:54:54 -0400 Subject: [PATCH] Export UserInfo conversion, use authnv1.UserInfo in audit --- pkg/apis/authentication/v1/conversion.go | 13 +++++++++++ .../k8s.io/apiserver/pkg/apis/audit/types.go | 23 +++---------------- .../apiserver/pkg/audit/event/attributes.go | 3 ++- .../src/k8s.io/apiserver/pkg/audit/request.go | 11 +++++---- .../audit/dynamic/enforced/enforced_test.go | 3 ++- .../plugin/pkg/audit/log/backend_test.go | 5 ++-- 6 files changed, 29 insertions(+), 29 deletions(-) diff --git a/pkg/apis/authentication/v1/conversion.go b/pkg/apis/authentication/v1/conversion.go index 2ff5732d6db..fe72f51febe 100644 --- a/pkg/apis/authentication/v1/conversion.go +++ b/pkg/apis/authentication/v1/conversion.go @@ -17,10 +17,23 @@ limitations under the License. package v1 import ( + v1 "k8s.io/api/authentication/v1" + conversion "k8s.io/apimachinery/pkg/conversion" "k8s.io/apimachinery/pkg/runtime" + authentication "k8s.io/kubernetes/pkg/apis/authentication" ) func addConversionFuncs(scheme *runtime.Scheme) error { // Add non-generated conversion functions return scheme.AddConversionFuncs() } + +// Convert_v1_UserInfo_To_authentication_UserInfo is an autogenerated conversion function. +func Convert_v1_UserInfo_To_authentication_UserInfo(in *v1.UserInfo, out *authentication.UserInfo, s conversion.Scope) error { + return autoConvert_v1_UserInfo_To_authentication_UserInfo(in, out, s) +} + +// Convert_authentication_UserInfo_To_v1_UserInfo is an autogenerated conversion function. +func Convert_authentication_UserInfo_To_v1_UserInfo(in *authentication.UserInfo, out *v1.UserInfo, s conversion.Scope) error { + return autoConvert_authentication_UserInfo_To_v1_UserInfo(in, out, s) +} diff --git a/staging/src/k8s.io/apiserver/pkg/apis/audit/types.go b/staging/src/k8s.io/apiserver/pkg/apis/audit/types.go index 271274d44f5..b497be6df27 100644 --- a/staging/src/k8s.io/apiserver/pkg/apis/audit/types.go +++ b/staging/src/k8s.io/apiserver/pkg/apis/audit/types.go @@ -17,6 +17,7 @@ limitations under the License. package audit import ( + authnv1 "k8s.io/api/authentication/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" @@ -92,10 +93,10 @@ type Event struct { // For non-resource requests, this is the lower-cased HTTP method. Verb string // Authenticated user information. - User UserInfo + User authnv1.UserInfo // Impersonated user information. // +optional - ImpersonatedUser *UserInfo + ImpersonatedUser *authnv1.UserInfo // Source IPs, from where the request originated and intermediate proxies. // +optional SourceIPs []string @@ -283,21 +284,3 @@ type ObjectReference struct { // +optional Subresource string } - -// UserInfo holds the information about the user needed to implement the -// user.Info interface. -type UserInfo struct { - // The name that uniquely identifies this user among all active users. - Username string - // A unique value that identifies this user across time. If this user is - // deleted and another user by the same name is added, they will have - // different UIDs. - UID string - // The names of groups this user is a part of. - Groups []string - // Any additional information provided by the authenticator. - Extra map[string]ExtraValue -} - -// ExtraValue masks the value so protobuf can generate -type ExtraValue []string diff --git a/staging/src/k8s.io/apiserver/pkg/audit/event/attributes.go b/staging/src/k8s.io/apiserver/pkg/audit/event/attributes.go index 576b8db8482..d832a7ea53d 100644 --- a/staging/src/k8s.io/apiserver/pkg/audit/event/attributes.go +++ b/staging/src/k8s.io/apiserver/pkg/audit/event/attributes.go @@ -20,6 +20,7 @@ import ( "fmt" "net/url" + authnv1 "k8s.io/api/authentication/v1" "k8s.io/apiserver/pkg/apis/audit" authuser "k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authorization/authorizer" @@ -126,7 +127,7 @@ func (a *attributes) GetPath() string { } // user represents the event user -type user audit.UserInfo +type user authnv1.UserInfo // GetName returns the user name func (u user) GetName() string { return u.Username } diff --git a/staging/src/k8s.io/apiserver/pkg/audit/request.go b/staging/src/k8s.io/apiserver/pkg/audit/request.go index 7099e9622cd..1ac39bc925f 100644 --- a/staging/src/k8s.io/apiserver/pkg/audit/request.go +++ b/staging/src/k8s.io/apiserver/pkg/audit/request.go @@ -26,6 +26,7 @@ import ( "github.com/pborman/uuid" "k8s.io/klog" + authnv1 "k8s.io/api/authentication/v1" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -68,9 +69,9 @@ func NewEventFromRequest(req *http.Request, level auditinternal.Level, attribs a if user := attribs.GetUser(); user != nil { ev.User.Username = user.GetName() - ev.User.Extra = map[string]auditinternal.ExtraValue{} + ev.User.Extra = map[string]authnv1.ExtraValue{} for k, v := range user.GetExtra() { - ev.User.Extra[k] = auditinternal.ExtraValue(v) + ev.User.Extra[k] = authnv1.ExtraValue(v) } ev.User.Groups = user.GetGroups() ev.User.UID = user.GetUID() @@ -95,14 +96,14 @@ func LogImpersonatedUser(ae *auditinternal.Event, user user.Info) { if ae == nil || ae.Level.Less(auditinternal.LevelMetadata) { return } - ae.ImpersonatedUser = &auditinternal.UserInfo{ + ae.ImpersonatedUser = &authnv1.UserInfo{ Username: user.GetName(), } ae.ImpersonatedUser.Groups = user.GetGroups() ae.ImpersonatedUser.UID = user.GetUID() - ae.ImpersonatedUser.Extra = map[string]auditinternal.ExtraValue{} + ae.ImpersonatedUser.Extra = map[string]authnv1.ExtraValue{} for k, v := range user.GetExtra() { - ae.ImpersonatedUser.Extra[k] = auditinternal.ExtraValue(v) + ae.ImpersonatedUser.Extra[k] = authnv1.ExtraValue(v) } } diff --git a/staging/src/k8s.io/apiserver/plugin/pkg/audit/dynamic/enforced/enforced_test.go b/staging/src/k8s.io/apiserver/plugin/pkg/audit/dynamic/enforced/enforced_test.go index cbc61327a27..25acad90f0c 100644 --- a/staging/src/k8s.io/apiserver/plugin/pkg/audit/dynamic/enforced/enforced_test.go +++ b/staging/src/k8s.io/apiserver/plugin/pkg/audit/dynamic/enforced/enforced_test.go @@ -21,6 +21,7 @@ import ( "github.com/stretchr/testify/require" + authnv1 "k8s.io/api/authentication/v1" "k8s.io/apimachinery/pkg/runtime" auditinternal "k8s.io/apiserver/pkg/apis/audit" "k8s.io/apiserver/pkg/audit/policy" @@ -67,7 +68,7 @@ func TestEnforced(t *testing.T) { Level: auditinternal.LevelRequestResponse, Stage: auditinternal.StageResponseComplete, RequestURI: "/apis/extensions/v1beta1", - User: auditinternal.UserInfo{ + User: authnv1.UserInfo{ Username: user.Anonymous, }, RequestObject: &runtime.Unknown{Raw: []byte(`test`)}, diff --git a/staging/src/k8s.io/apiserver/plugin/pkg/audit/log/backend_test.go b/staging/src/k8s.io/apiserver/plugin/pkg/audit/log/backend_test.go index 5d534670b26..ed3369d72c8 100644 --- a/staging/src/k8s.io/apiserver/plugin/pkg/audit/log/backend_test.go +++ b/staging/src/k8s.io/apiserver/plugin/pkg/audit/log/backend_test.go @@ -25,6 +25,7 @@ import ( "github.com/pborman/uuid" + authnv1 "k8s.io/api/authentication/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" @@ -64,7 +65,7 @@ func TestLogEventsLegacy(t *testing.T) { AuditID: types.UID(uuid.NewRandom().String()), Stage: auditinternal.StageRequestReceived, Verb: "get", - User: auditinternal.UserInfo{ + User: authnv1.UserInfo{ Username: "admin", Groups: []string{ "system:masters", @@ -122,7 +123,7 @@ func TestLogEventsJson(t *testing.T) { AuditID: types.UID(uuid.NewRandom().String()), Stage: auditinternal.StageRequestReceived, Verb: "get", - User: auditinternal.UserInfo{ + User: authnv1.UserInfo{ Username: "admin", Groups: []string{ "system:masters",