From 21d0f815645ca3452719faf1ad69c63a9c3f3db2 Mon Sep 17 00:00:00 2001
From: huangjiuyuan <jiuyuan.huang@daocloud.io>
Date: Mon, 17 Jul 2017 17:13:00 +0800
Subject: [PATCH] adding validations on kube-apiserver audit log options

Signed-off-by: huangjiuyuan <jiuyuan.huang@daocloud.io>
---
 .../src/k8s.io/apiserver/pkg/server/options/audit.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/audit.go b/staging/src/k8s.io/apiserver/pkg/server/options/audit.go
index 1c8b1627ef8..99c0e1789e3 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/options/audit.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/audit.go
@@ -119,6 +119,18 @@ func (o *AuditOptions) Validate() []error {
 			allErrors = append(allErrors, fmt.Errorf("invalid audit log format %s, allowed formats are %q", o.LogOptions.Format, strings.Join(pluginlog.AllowedFormats, ",")))
 		}
 	}
+
+	// Check validities of MaxAge, MaxBackups and MaxSize of log options
+	if o.LogOptions.MaxAge < 0 {
+		allErrors = append(allErrors, fmt.Errorf("--audit-log-maxage %v can't be a negative number", o.LogOptions.MaxAge))
+	}
+	if o.LogOptions.MaxBackups < 0 {
+		allErrors = append(allErrors, fmt.Errorf("--audit-log-maxbackup %v can't be a negative number", o.LogOptions.MaxBackups))
+	}
+	if o.LogOptions.MaxSize < 0 {
+		allErrors = append(allErrors, fmt.Errorf("--audit-log-maxsize %v can't be a negative number", o.LogOptions.MaxSize))
+	}
+
 	return allErrors
 }