github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-30 15:05:27 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #82490 from liggitt/userinfo-conversion

Browse Source 
Userinfo conversion
This commit is contained in:
Kubernetes Prow Robot 2019-09-11 21:23:35 -07:00 committed by GitHub
commit 46ce88b996
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 75 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pkg/apis/admission/v1/BUILD
View File

@ -16,6 +16,7 @@ go_library(
importpath = "k8s.io/kubernetes/pkg/apis/admission/v1",
deps = [
"//pkg/apis/admission:go_default_library",
"//pkg/apis/authentication/v1:go_default_library",
"//staging/src/k8s.io/api/admission/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/conversion:go_default_library",

7
pkg/apis/admission/v1/zz_generated.conversion.go generated
View File

@ -29,6 +29,7 @@ import (
runtime "k8s.io/apimachinery/pkg/runtime"
types "k8s.io/apimachinery/pkg/types"
admission "k8s.io/kubernetes/pkg/apis/admission"
authenticationv1 "k8s.io/kubernetes/pkg/apis/authentication/v1"
)
func init() {
@ -82,8 +83,7 @@ func autoConvert_v1_AdmissionRequest_To_admission_AdmissionRequest(in *v1.Admiss
out.Name = in.Name
out.Namespace = in.Namespace
out.Operation = admission.Operation(in.Operation)
// TODO: Inefficient conversion - can we improve it?
if err := s.Convert(&in.UserInfo, &out.UserInfo, 0); err != nil {
if err := authenticationv1.Convert_v1_UserInfo_To_authentication_UserInfo(&in.UserInfo, &out.UserInfo, s); err != nil {
return err
}
if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&in.Object, &out.Object, s); err != nil {
@ -115,8 +115,7 @@ func autoConvert_admission_AdmissionRequest_To_v1_AdmissionRequest(in *admission
out.Name = in.Name
out.Namespace = in.Namespace
out.Operation = v1.Operation(in.Operation)
// TODO: Inefficient conversion - can we improve it?
if err := s.Convert(&in.UserInfo, &out.UserInfo, 0); err != nil {
if err := authenticationv1.Convert_authentication_UserInfo_To_v1_UserInfo(&in.UserInfo, &out.UserInfo, s); err != nil {
return err
}
if err := runtime.Convert_runtime_Object_To_runtime_RawExtension(&in.Object, &out.Object, s); err != nil {

1
pkg/apis/admission/v1beta1/BUILD
View File

@ -16,6 +16,7 @@ go_library(
importpath = "k8s.io/kubernetes/pkg/apis/admission/v1beta1",
deps = [
"//pkg/apis/admission:go_default_library",
"//pkg/apis/authentication/v1:go_default_library",
"//staging/src/k8s.io/api/admission/v1beta1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/conversion:go_default_library",

7
pkg/apis/admission/v1beta1/zz_generated.conversion.go generated
View File

@ -29,6 +29,7 @@ import (
runtime "k8s.io/apimachinery/pkg/runtime"
types "k8s.io/apimachinery/pkg/types"
admission "k8s.io/kubernetes/pkg/apis/admission"
authenticationv1 "k8s.io/kubernetes/pkg/apis/authentication/v1"
)
func init() {
@ -82,8 +83,7 @@ func autoConvert_v1beta1_AdmissionRequest_To_admission_AdmissionRequest(in *v1be
out.Name = in.Name
out.Namespace = in.Namespace
out.Operation = admission.Operation(in.Operation)
// TODO: Inefficient conversion - can we improve it?
if err := s.Convert(&in.UserInfo, &out.UserInfo, 0); err != nil {
if err := authenticationv1.Convert_v1_UserInfo_To_authentication_UserInfo(&in.UserInfo, &out.UserInfo, s); err != nil {
return err
}
if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&in.Object, &out.Object, s); err != nil {
@ -115,8 +115,7 @@ func autoConvert_admission_AdmissionRequest_To_v1beta1_AdmissionRequest(in *admi
out.Name = in.Name
out.Namespace = in.Namespace
out.Operation = v1beta1.Operation(in.Operation)
// TODO: Inefficient conversion - can we improve it?
if err := s.Convert(&in.UserInfo, &out.UserInfo, 0); err != nil {
if err := authenticationv1.Convert_authentication_UserInfo_To_v1_UserInfo(&in.UserInfo, &out.UserInfo, s); err != nil {
return err
}
if err := runtime.Convert_runtime_Object_To_runtime_RawExtension(&in.Object, &out.Object, s); err != nil {

13
pkg/apis/authentication/v1/conversion.go
View File

@ -17,10 +17,23 @@ limitations under the License.
package v1
import (
v1 "k8s.io/api/authentication/v1"
conversion "k8s.io/apimachinery/pkg/conversion"
"k8s.io/apimachinery/pkg/runtime"
authentication "k8s.io/kubernetes/pkg/apis/authentication"
)
func addConversionFuncs(scheme *runtime.Scheme) error {
// Add non-generated conversion functions
return scheme.AddConversionFuncs()
}
// Convert_v1_UserInfo_To_authentication_UserInfo is an autogenerated conversion function.
func Convert_v1_UserInfo_To_authentication_UserInfo(in *v1.UserInfo, out *authentication.UserInfo, s conversion.Scope) error {
return autoConvert_v1_UserInfo_To_authentication_UserInfo(in, out, s)
}
// Convert_authentication_UserInfo_To_v1_UserInfo is an autogenerated conversion function.
func Convert_authentication_UserInfo_To_v1_UserInfo(in *authentication.UserInfo, out *v1.UserInfo, s conversion.Scope) error {
return autoConvert_authentication_UserInfo_To_v1_UserInfo(in, out, s)
}

20
pkg/apis/authentication/v1/zz_generated.conversion.go generated
View File

@ -118,6 +118,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
if err := s.AddConversionFunc((*authentication.UserInfo)(nil), (*v1.UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_authentication_UserInfo_To_v1_UserInfo(a.(*authentication.UserInfo), b.(*v1.UserInfo), scope)
}); err != nil {
return err
}
if err := s.AddConversionFunc((*v1.UserInfo)(nil), (*authentication.UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_UserInfo_To_authentication_UserInfo(a.(*v1.UserInfo), b.(*authentication.UserInfo), scope)
}); err != nil {
return err
}
return nil
}
@ -321,11 +331,6 @@ func autoConvert_v1_UserInfo_To_authentication_UserInfo(in *v1.UserInfo, out *au
return nil
}
// Convert_v1_UserInfo_To_authentication_UserInfo is an autogenerated conversion function.
func Convert_v1_UserInfo_To_authentication_UserInfo(in *v1.UserInfo, out *authentication.UserInfo, s conversion.Scope) error {
return autoConvert_v1_UserInfo_To_authentication_UserInfo(in, out, s)
}
func autoConvert_authentication_UserInfo_To_v1_UserInfo(in *authentication.UserInfo, out *v1.UserInfo, s conversion.Scope) error {
out.Username = in.Username
out.UID = in.UID
@ -333,8 +338,3 @@ func autoConvert_authentication_UserInfo_To_v1_UserInfo(in *authentication.UserI
out.Extra = *(*map[string]v1.ExtraValue)(unsafe.Pointer(&in.Extra))
return nil
}
// Convert_authentication_UserInfo_To_v1_UserInfo is an autogenerated conversion function.
func Convert_authentication_UserInfo_To_v1_UserInfo(in *authentication.UserInfo, out *v1.UserInfo, s conversion.Scope) error {
return autoConvert_authentication_UserInfo_To_v1_UserInfo(in, out, s)
}

1
staging/src/k8s.io/apiserver/pkg/apis/audit/BUILD
View File

@ -17,6 +17,7 @@ go_library(
importmap = "k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/apis/audit",
importpath = "k8s.io/apiserver/pkg/apis/audit",
deps = [
"//staging/src/k8s.io/api/authentication/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",

23
staging/src/k8s.io/apiserver/pkg/apis/audit/types.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package audit
import (
authnv1 "k8s.io/api/authentication/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types"
@ -92,10 +93,10 @@ type Event struct {
// For non-resource requests, this is the lower-cased HTTP method.
Verb string
// Authenticated user information.
User UserInfo
User authnv1.UserInfo
// Impersonated user information.
// +optional
ImpersonatedUser *UserInfo
ImpersonatedUser *authnv1.UserInfo
// Source IPs, from where the request originated and intermediate proxies.
// +optional
SourceIPs []string
@ -283,21 +284,3 @@ type ObjectReference struct {
// +optional
Subresource string
}
// UserInfo holds the information about the user needed to implement the
// user.Info interface.
type UserInfo struct {
// The name that uniquely identifies this user among all active users.
Username string
// A unique value that identifies this user across time. If this user is
// deleted and another user by the same name is added, they will have
// different UIDs.
UID string
// The names of groups this user is a part of.
Groups []string
// Any additional information provided by the authenticator.
Extra map[string]ExtraValue
}
// ExtraValue masks the value so protobuf can generate
type ExtraValue []string

12
staging/src/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.conversion.go generated
View File

@ -117,11 +117,8 @@ func autoConvert_v1_Event_To_audit_Event(in *Event, out *audit.Event, s conversi
out.Stage = audit.Stage(in.Stage)
out.RequestURI = in.RequestURI
out.Verb = in.Verb
// TODO: Inefficient conversion - can we improve it?
if err := s.Convert(&in.User, &out.User, 0); err != nil {
return err
}
out.ImpersonatedUser = (*audit.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
out.User = in.User
out.ImpersonatedUser = (*authenticationv1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
out.UserAgent = in.UserAgent
out.ObjectRef = (*audit.ObjectReference)(unsafe.Pointer(in.ObjectRef))
@ -145,10 +142,7 @@ func autoConvert_audit_Event_To_v1_Event(in *audit.Event, out *Event, s conversi
out.Stage = Stage(in.Stage)
out.RequestURI = in.RequestURI
out.Verb = in.Verb
// TODO: Inefficient conversion - can we improve it?
if err := s.Convert(&in.User, &out.User, 0); err != nil {
return err
}
out.User = in.User
out.ImpersonatedUser = (*authenticationv1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
out.UserAgent = in.UserAgent

22
staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1/zz_generated.conversion.go generated
View File

@ -23,8 +23,8 @@ package v1alpha1
import (
unsafe "unsafe"
authenticationv1 "k8s.io/api/authentication/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
v1 "k8s.io/api/authentication/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
conversion "k8s.io/apimachinery/pkg/conversion"
runtime "k8s.io/apimachinery/pkg/runtime"
types "k8s.io/apimachinery/pkg/types"
@ -139,11 +139,8 @@ func autoConvert_v1alpha1_Event_To_audit_Event(in *Event, out *audit.Event, s co
out.Stage = audit.Stage(in.Stage)
out.RequestURI = in.RequestURI
out.Verb = in.Verb
// TODO: Inefficient conversion - can we improve it?
if err := s.Convert(&in.User, &out.User, 0); err != nil {
return err
}
out.ImpersonatedUser = (*audit.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
out.User = in.User
out.ImpersonatedUser = (*v1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
out.UserAgent = in.UserAgent
if in.ObjectRef != nil {
@ -155,7 +152,7 @@ func autoConvert_v1alpha1_Event_To_audit_Event(in *Event, out *audit.Event, s co
} else {
out.ObjectRef = nil
}
out.ResponseStatus = (*v1.Status)(unsafe.Pointer(in.ResponseStatus))
out.ResponseStatus = (*metav1.Status)(unsafe.Pointer(in.ResponseStatus))
out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject))
out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject))
out.RequestReceivedTimestamp = in.RequestReceivedTimestamp
@ -170,11 +167,8 @@ func autoConvert_audit_Event_To_v1alpha1_Event(in *audit.Event, out *Event, s co
out.Stage = Stage(in.Stage)
out.RequestURI = in.RequestURI
out.Verb = in.Verb
// TODO: Inefficient conversion - can we improve it?
if err := s.Convert(&in.User, &out.User, 0); err != nil {
return err
}
out.ImpersonatedUser = (*authenticationv1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
out.User = in.User
out.ImpersonatedUser = (*v1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
out.UserAgent = in.UserAgent
if in.ObjectRef != nil {
@ -186,7 +180,7 @@ func autoConvert_audit_Event_To_v1alpha1_Event(in *audit.Event, out *Event, s co
} else {
out.ObjectRef = nil
}
out.ResponseStatus = (*v1.Status)(unsafe.Pointer(in.ResponseStatus))
out.ResponseStatus = (*metav1.Status)(unsafe.Pointer(in.ResponseStatus))
out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject))
out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject))
out.RequestReceivedTimestamp = in.RequestReceivedTimestamp

22
staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1/zz_generated.conversion.go generated
View File

@ -23,8 +23,8 @@ package v1beta1
import (
unsafe "unsafe"
authenticationv1 "k8s.io/api/authentication/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
v1 "k8s.io/api/authentication/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
conversion "k8s.io/apimachinery/pkg/conversion"
runtime "k8s.io/apimachinery/pkg/runtime"
types "k8s.io/apimachinery/pkg/types"
@ -129,15 +129,12 @@ func autoConvert_v1beta1_Event_To_audit_Event(in *Event, out *audit.Event, s con
out.Stage = audit.Stage(in.Stage)
out.RequestURI = in.RequestURI
out.Verb = in.Verb
// TODO: Inefficient conversion - can we improve it?
if err := s.Convert(&in.User, &out.User, 0); err != nil {
return err
}
out.ImpersonatedUser = (*audit.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
out.User = in.User
out.ImpersonatedUser = (*v1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
out.UserAgent = in.UserAgent
out.ObjectRef = (*audit.ObjectReference)(unsafe.Pointer(in.ObjectRef))
out.ResponseStatus = (*v1.Status)(unsafe.Pointer(in.ResponseStatus))
out.ResponseStatus = (*metav1.Status)(unsafe.Pointer(in.ResponseStatus))
out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject))
out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject))
out.RequestReceivedTimestamp = in.RequestReceivedTimestamp
@ -152,15 +149,12 @@ func autoConvert_audit_Event_To_v1beta1_Event(in *audit.Event, out *Event, s con
out.Stage = Stage(in.Stage)
out.RequestURI = in.RequestURI
out.Verb = in.Verb
// TODO: Inefficient conversion - can we improve it?
if err := s.Convert(&in.User, &out.User, 0); err != nil {
return err
}
out.ImpersonatedUser = (*authenticationv1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
out.User = in.User
out.ImpersonatedUser = (*v1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
out.UserAgent = in.UserAgent
out.ObjectRef = (*ObjectReference)(unsafe.Pointer(in.ObjectRef))
out.ResponseStatus = (*v1.Status)(unsafe.Pointer(in.ResponseStatus))
out.ResponseStatus = (*metav1.Status)(unsafe.Pointer(in.ResponseStatus))
out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject))
out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject))
out.RequestReceivedTimestamp = in.RequestReceivedTimestamp

63
staging/src/k8s.io/apiserver/pkg/apis/audit/zz_generated.deepcopy.go generated
View File

@ -21,7 +21,8 @@ limitations under the License.
package audit
import (
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
v1 "k8s.io/api/authentication/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
@ -32,7 +33,7 @@ func (in *Event) DeepCopyInto(out *Event) {
in.User.DeepCopyInto(&out.User)
if in.ImpersonatedUser != nil {
in, out := &in.ImpersonatedUser, &out.ImpersonatedUser
*out = new(UserInfo)
*out = new(v1.UserInfo)
(*in).DeepCopyInto(*out)
}
if in.SourceIPs != nil {
@ -47,7 +48,7 @@ func (in *Event) DeepCopyInto(out *Event) {
}
if in.ResponseStatus != nil {
in, out := &in.ResponseStatus, &out.ResponseStatus
*out = new(v1.Status)
*out = new(metav1.Status)
(*in).DeepCopyInto(*out)
}
if in.RequestObject != nil {
@ -123,26 +124,6 @@ func (in *EventList) DeepCopyObject() runtime.Object {
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in ExtraValue) DeepCopyInto(out *ExtraValue) {
{
in := &in
*out = make(ExtraValue, len(*in))
copy(*out, *in)
return
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue.
func (in ExtraValue) DeepCopy() ExtraValue {
if in == nil {
return nil
}
out := new(ExtraValue)
in.DeepCopyInto(out)
return *out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GroupResources) DeepCopyInto(out *GroupResources) {
*out = *in
@ -308,39 +289,3 @@ func (in *PolicyRule) DeepCopy() *PolicyRule {
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *UserInfo) DeepCopyInto(out *UserInfo) {
*out = *in
if in.Groups != nil {
in, out := &in.Groups, &out.Groups
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Extra != nil {
in, out := &in.Extra, &out.Extra
*out = make(map[string]ExtraValue, len(*in))
for key, val := range *in {
var outVal []string
if val == nil {
(*out)[key] = nil
} else {
in, out := &val, &outVal
*out = make(ExtraValue, len(*in))
copy(*out, *in)
}
(*out)[key] = outVal
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo.
func (in *UserInfo) DeepCopy() *UserInfo {
if in == nil {
return nil
}
out := new(UserInfo)
in.DeepCopyInto(out)
return out
}

1
staging/src/k8s.io/apiserver/pkg/audit/BUILD
View File

@ -19,6 +19,7 @@ go_library(
importmap = "k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/audit",
importpath = "k8s.io/apiserver/pkg/audit",
deps = [
"//staging/src/k8s.io/api/authentication/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/api/meta:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",

1
staging/src/k8s.io/apiserver/pkg/audit/event/BUILD
View File

@ -7,6 +7,7 @@ go_library(
importpath = "k8s.io/apiserver/pkg/audit/event",
visibility = ["//visibility:public"],
deps = [
"//staging/src/k8s.io/api/authentication/v1:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authorization/authorizer:go_default_library",

3
staging/src/k8s.io/apiserver/pkg/audit/event/attributes.go
View File

@ -20,6 +20,7 @@ import (
"fmt"
"net/url"
authnv1 "k8s.io/api/authentication/v1"
"k8s.io/apiserver/pkg/apis/audit"
authuser "k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/authorization/authorizer"
@ -126,7 +127,7 @@ func (a *attributes) GetPath() string {
}
// user represents the event user
type user audit.UserInfo
type user authnv1.UserInfo
// GetName returns the user name
func (u user) GetName() string { return u.Username }

11
staging/src/k8s.io/apiserver/pkg/audit/request.go
View File

@ -26,6 +26,7 @@ import (
"github.com/pborman/uuid"
"k8s.io/klog"
authnv1 "k8s.io/api/authentication/v1"
"k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
@ -68,9 +69,9 @@ func NewEventFromRequest(req *http.Request, level auditinternal.Level, attribs a
if user := attribs.GetUser(); user != nil {
ev.User.Username = user.GetName()
ev.User.Extra = map[string]auditinternal.ExtraValue{}
ev.User.Extra = map[string]authnv1.ExtraValue{}
for k, v := range user.GetExtra() {
ev.User.Extra[k] = auditinternal.ExtraValue(v)
ev.User.Extra[k] = authnv1.ExtraValue(v)
}
ev.User.Groups = user.GetGroups()
ev.User.UID = user.GetUID()
@ -95,14 +96,14 @@ func LogImpersonatedUser(ae *auditinternal.Event, user user.Info) {
if ae == nil || ae.Level.Less(auditinternal.LevelMetadata) {
return
}
ae.ImpersonatedUser = &auditinternal.UserInfo{
ae.ImpersonatedUser = &authnv1.UserInfo{
Username: user.GetName(),
}
ae.ImpersonatedUser.Groups = user.GetGroups()
ae.ImpersonatedUser.UID = user.GetUID()
ae.ImpersonatedUser.Extra = map[string]auditinternal.ExtraValue{}
ae.ImpersonatedUser.Extra = map[string]authnv1.ExtraValue{}
for k, v := range user.GetExtra() {
ae.ImpersonatedUser.Extra[k] = auditinternal.ExtraValue(v)
ae.ImpersonatedUser.Extra[k] = authnv1.ExtraValue(v)
}
}

1
staging/src/k8s.io/apiserver/plugin/pkg/audit/dynamic/enforced/BUILD
View File

@ -19,6 +19,7 @@ go_test(
srcs = ["enforced_test.go"],
embed = [":go_default_library"],
deps = [
"//staging/src/k8s.io/api/authentication/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/audit/policy:go_default_library",

3
staging/src/k8s.io/apiserver/plugin/pkg/audit/dynamic/enforced/enforced_test.go
View File

@ -21,6 +21,7 @@ import (
"github.com/stretchr/testify/require"
authnv1 "k8s.io/api/authentication/v1"
"k8s.io/apimachinery/pkg/runtime"
auditinternal "k8s.io/apiserver/pkg/apis/audit"
"k8s.io/apiserver/pkg/audit/policy"
@ -67,7 +68,7 @@ func TestEnforced(t *testing.T) {
Level: auditinternal.LevelRequestResponse,
Stage: auditinternal.StageResponseComplete,
RequestURI: "/apis/extensions/v1beta1",
User: auditinternal.UserInfo{
User: authnv1.UserInfo{
Username: user.Anonymous,
},
RequestObject: &runtime.Unknown{Raw: []byte(`test`)},

1
staging/src/k8s.io/apiserver/plugin/pkg/audit/log/BUILD
View File

@ -37,6 +37,7 @@ go_test(
srcs = ["backend_test.go"],
embed = [":go_default_library"],
deps = [
"//staging/src/k8s.io/api/authentication/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",

5
staging/src/k8s.io/apiserver/plugin/pkg/audit/log/backend_test.go
View File

@ -25,6 +25,7 @@ import (
"github.com/pborman/uuid"
authnv1 "k8s.io/api/authentication/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
@ -64,7 +65,7 @@ func TestLogEventsLegacy(t *testing.T) {
AuditID: types.UID(uuid.NewRandom().String()),
Stage: auditinternal.StageRequestReceived,
Verb: "get",
User: auditinternal.UserInfo{
User: authnv1.UserInfo{
Username: "admin",
Groups: []string{
"system:masters",
@ -122,7 +123,7 @@ func TestLogEventsJson(t *testing.T) {
AuditID: types.UID(uuid.NewRandom().String()),
Stage: auditinternal.StageRequestReceived,
Verb: "get",
User: auditinternal.UserInfo{
User: authnv1.UserInfo{
Username: "admin",
Groups: []string{
"system:masters",