github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-08 11:38:15 +00:00
Code Issues Projects Releases Wiki Activity

apiserver/httplog: pretty up impersonation output

Browse Source 
```
I0807 09:09:16.419239       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/batch/v1?timeout=32s" latency="214.666µs" userAgent="kubernetes-provider/v0.0.0 (linux/arm64) kubernetes/$Format" audit-ID="948ef6b2-474d-45a7-ad5f-894ce93d05f7" srcIP="192.168.139.202:35542" apf_pl="exempt" apf_fs="exempt" apf_execution_time="129.5µs" resp=200 addedInfo=<

      &{kubernetes-admin  [system:masters system:authenticated] map[]} is acting as &{foo  [system:authenticated] map[]}
       >
```

to

```
I0807 09:09:16.419239       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/batch/v1?timeout=32s" latency="214.666µs" userAgent="kubernetes-provider/v0.0.0 (linux/arm64) kubernetes/$Format" audit-ID="948ef6b2-474d-45a7-ad5f-894ce93d05f7" srcIP="192.168.139.202:35542" apf_pl="exempt" apf_fs="exempt" apf_execution_time="129.5µs" resp=200 addedInfo="kubernetes-admin[system:masters system:authenticated] is impersonating foo[system:authenticated]"
```

Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
This commit is contained in:
Dr. Stefan Schimanski 2023-08-07 11:23:30 +02:00
parent d4fde1e92a
commit 37730c07dd
No known key found for this signature in database
GPG Key ID: 4C68E0F19F95EC33
2 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
staging/src/k8s.io/apiserver/pkg/endpoints/filters/impersonation.go
View File

@ -164,7 +164,7 @@ func WithImpersonation(handler http.Handler, a authorizer.Authorizer, s runtime.
req = req.WithContext(request.WithUser(ctx, newUser)) req = req.WithContext(request.WithUser(ctx, newUser))
oldUser, _ := request.UserFrom(ctx) oldUser, _ := request.UserFrom(ctx)
httplog.LogOf(req, w).Addf("%v is acting as %v", oldUser, newUser) httplog.LogOf(req, w).Addf("%v is impersonating %v", userString(oldUser), userString(newUser))
ae := audit.AuditEventFrom(ctx) ae := audit.AuditEventFrom(ctx)
audit.LogImpersonatedUser(ae, newUser) audit.LogImpersonatedUser(ae, newUser)
@ -183,6 +183,24 @@ func WithImpersonation(handler http.Handler, a authorizer.Authorizer, s runtime.
}) })
} }
func userString(u user.Info) string {
if u == nil {
return "<none>"
}
b := strings.Builder{}
if name := u.GetName(); name == "" {
b.WriteString("<empty>")
} else {
b.WriteString(name)
}
if groups := u.GetGroups(); len(groups) > 0 {
b.WriteString("[")
b.WriteString(strings.Join(groups, ","))
b.WriteString("]")
}
return b.String()
}
func unescapeExtraKey(encodedKey string) string { func unescapeExtraKey(encodedKey string) string {
key, err := url.PathUnescape(encodedKey) // Decode %-encoded bytes. key, err := url.PathUnescape(encodedKey) // Decode %-encoded bytes.
if err != nil { if err != nil {

1
staging/src/k8s.io/apiserver/pkg/server/httplog/httplog.go
View File

@ -205,7 +205,6 @@ func StatusIsNot(statuses ...int) StacktracePred {
func (rl *respLogger) Addf(format string, data ...interface{}) { func (rl *respLogger) Addf(format string, data ...interface{}) {
rl.mutex.Lock() rl.mutex.Lock()
defer rl.mutex.Unlock() defer rl.mutex.Unlock()
rl.addedInfo.WriteString("\n")
rl.addedInfo.WriteString(fmt.Sprintf(format, data...)) rl.addedInfo.WriteString(fmt.Sprintf(format, data...))
} }