mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-31 15:25:57 +00:00
Merge pull request #82490 from liggitt/userinfo-conversion
Userinfo conversion
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
46ce88b996
@ -16,6 +16,7 @@ go_library(
|
|||||||
importpath = "k8s.io/kubernetes/pkg/apis/admission/v1",
|
importpath = "k8s.io/kubernetes/pkg/apis/admission/v1",
|
||||||
deps = [
|
deps = [
|
||||||
"//pkg/apis/admission:go_default_library",
|
"//pkg/apis/admission:go_default_library",
|
||||||
|
"//pkg/apis/authentication/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/api/admission/v1:go_default_library",
|
"//staging/src/k8s.io/api/admission/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/conversion:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/conversion:go_default_library",
|
||||||
|
|||||||
7
pkg/apis/admission/v1/zz_generated.conversion.go
generated
7
pkg/apis/admission/v1/zz_generated.conversion.go
generated
@ -29,6 +29,7 @@ import (
|
|||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||||
types "k8s.io/apimachinery/pkg/types"
|
types "k8s.io/apimachinery/pkg/types"
|
||||||
admission "k8s.io/kubernetes/pkg/apis/admission"
|
admission "k8s.io/kubernetes/pkg/apis/admission"
|
||||||
|
authenticationv1 "k8s.io/kubernetes/pkg/apis/authentication/v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
@ -82,8 +83,7 @@ func autoConvert_v1_AdmissionRequest_To_admission_AdmissionRequest(in *v1.Admiss
|
|||||||
out.Name = in.Name
|
out.Name = in.Name
|
||||||
out.Namespace = in.Namespace
|
out.Namespace = in.Namespace
|
||||||
out.Operation = admission.Operation(in.Operation)
|
out.Operation = admission.Operation(in.Operation)
|
||||||
// TODO: Inefficient conversion - can we improve it?
|
if err := authenticationv1.Convert_v1_UserInfo_To_authentication_UserInfo(&in.UserInfo, &out.UserInfo, s); err != nil {
|
||||||
if err := s.Convert(&in.UserInfo, &out.UserInfo, 0); err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&in.Object, &out.Object, s); err != nil {
|
if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&in.Object, &out.Object, s); err != nil {
|
||||||
@ -115,8 +115,7 @@ func autoConvert_admission_AdmissionRequest_To_v1_AdmissionRequest(in *admission
|
|||||||
out.Name = in.Name
|
out.Name = in.Name
|
||||||
out.Namespace = in.Namespace
|
out.Namespace = in.Namespace
|
||||||
out.Operation = v1.Operation(in.Operation)
|
out.Operation = v1.Operation(in.Operation)
|
||||||
// TODO: Inefficient conversion - can we improve it?
|
if err := authenticationv1.Convert_authentication_UserInfo_To_v1_UserInfo(&in.UserInfo, &out.UserInfo, s); err != nil {
|
||||||
if err := s.Convert(&in.UserInfo, &out.UserInfo, 0); err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if err := runtime.Convert_runtime_Object_To_runtime_RawExtension(&in.Object, &out.Object, s); err != nil {
|
if err := runtime.Convert_runtime_Object_To_runtime_RawExtension(&in.Object, &out.Object, s); err != nil {
|
||||||
|
|||||||
@ -16,6 +16,7 @@ go_library(
|
|||||||
importpath = "k8s.io/kubernetes/pkg/apis/admission/v1beta1",
|
importpath = "k8s.io/kubernetes/pkg/apis/admission/v1beta1",
|
||||||
deps = [
|
deps = [
|
||||||
"//pkg/apis/admission:go_default_library",
|
"//pkg/apis/admission:go_default_library",
|
||||||
|
"//pkg/apis/authentication/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/api/admission/v1beta1:go_default_library",
|
"//staging/src/k8s.io/api/admission/v1beta1:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/conversion:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/conversion:go_default_library",
|
||||||
|
|||||||
@ -29,6 +29,7 @@ import (
|
|||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||||
types "k8s.io/apimachinery/pkg/types"
|
types "k8s.io/apimachinery/pkg/types"
|
||||||
admission "k8s.io/kubernetes/pkg/apis/admission"
|
admission "k8s.io/kubernetes/pkg/apis/admission"
|
||||||
|
authenticationv1 "k8s.io/kubernetes/pkg/apis/authentication/v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
@ -82,8 +83,7 @@ func autoConvert_v1beta1_AdmissionRequest_To_admission_AdmissionRequest(in *v1be
|
|||||||
out.Name = in.Name
|
out.Name = in.Name
|
||||||
out.Namespace = in.Namespace
|
out.Namespace = in.Namespace
|
||||||
out.Operation = admission.Operation(in.Operation)
|
out.Operation = admission.Operation(in.Operation)
|
||||||
// TODO: Inefficient conversion - can we improve it?
|
if err := authenticationv1.Convert_v1_UserInfo_To_authentication_UserInfo(&in.UserInfo, &out.UserInfo, s); err != nil {
|
||||||
if err := s.Convert(&in.UserInfo, &out.UserInfo, 0); err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&in.Object, &out.Object, s); err != nil {
|
if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&in.Object, &out.Object, s); err != nil {
|
||||||
@ -115,8 +115,7 @@ func autoConvert_admission_AdmissionRequest_To_v1beta1_AdmissionRequest(in *admi
|
|||||||
out.Name = in.Name
|
out.Name = in.Name
|
||||||
out.Namespace = in.Namespace
|
out.Namespace = in.Namespace
|
||||||
out.Operation = v1beta1.Operation(in.Operation)
|
out.Operation = v1beta1.Operation(in.Operation)
|
||||||
// TODO: Inefficient conversion - can we improve it?
|
if err := authenticationv1.Convert_authentication_UserInfo_To_v1_UserInfo(&in.UserInfo, &out.UserInfo, s); err != nil {
|
||||||
if err := s.Convert(&in.UserInfo, &out.UserInfo, 0); err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if err := runtime.Convert_runtime_Object_To_runtime_RawExtension(&in.Object, &out.Object, s); err != nil {
|
if err := runtime.Convert_runtime_Object_To_runtime_RawExtension(&in.Object, &out.Object, s); err != nil {
|
||||||
|
|||||||
@ -17,10 +17,23 @@ limitations under the License.
|
|||||||
package v1
|
package v1
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
v1 "k8s.io/api/authentication/v1"
|
||||||
|
conversion "k8s.io/apimachinery/pkg/conversion"
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
"k8s.io/apimachinery/pkg/runtime"
|
||||||
|
authentication "k8s.io/kubernetes/pkg/apis/authentication"
|
||||||
)
|
)
|
||||||
|
|
||||||
func addConversionFuncs(scheme *runtime.Scheme) error {
|
func addConversionFuncs(scheme *runtime.Scheme) error {
|
||||||
// Add non-generated conversion functions
|
// Add non-generated conversion functions
|
||||||
return scheme.AddConversionFuncs()
|
return scheme.AddConversionFuncs()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Convert_v1_UserInfo_To_authentication_UserInfo is an autogenerated conversion function.
|
||||||
|
func Convert_v1_UserInfo_To_authentication_UserInfo(in *v1.UserInfo, out *authentication.UserInfo, s conversion.Scope) error {
|
||||||
|
return autoConvert_v1_UserInfo_To_authentication_UserInfo(in, out, s)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Convert_authentication_UserInfo_To_v1_UserInfo is an autogenerated conversion function.
|
||||||
|
func Convert_authentication_UserInfo_To_v1_UserInfo(in *authentication.UserInfo, out *v1.UserInfo, s conversion.Scope) error {
|
||||||
|
return autoConvert_authentication_UserInfo_To_v1_UserInfo(in, out, s)
|
||||||
|
}
|
||||||
|
|||||||
@ -118,6 +118,16 @@ func RegisterConversions(s *runtime.Scheme) error {
|
|||||||
}); err != nil {
|
}); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if err := s.AddConversionFunc((*authentication.UserInfo)(nil), (*v1.UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
||||||
|
return Convert_authentication_UserInfo_To_v1_UserInfo(a.(*authentication.UserInfo), b.(*v1.UserInfo), scope)
|
||||||
|
}); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := s.AddConversionFunc((*v1.UserInfo)(nil), (*authentication.UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
||||||
|
return Convert_v1_UserInfo_To_authentication_UserInfo(a.(*v1.UserInfo), b.(*authentication.UserInfo), scope)
|
||||||
|
}); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -321,11 +331,6 @@ func autoConvert_v1_UserInfo_To_authentication_UserInfo(in *v1.UserInfo, out *au
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Convert_v1_UserInfo_To_authentication_UserInfo is an autogenerated conversion function.
|
|
||||||
func Convert_v1_UserInfo_To_authentication_UserInfo(in *v1.UserInfo, out *authentication.UserInfo, s conversion.Scope) error {
|
|
||||||
return autoConvert_v1_UserInfo_To_authentication_UserInfo(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_authentication_UserInfo_To_v1_UserInfo(in *authentication.UserInfo, out *v1.UserInfo, s conversion.Scope) error {
|
func autoConvert_authentication_UserInfo_To_v1_UserInfo(in *authentication.UserInfo, out *v1.UserInfo, s conversion.Scope) error {
|
||||||
out.Username = in.Username
|
out.Username = in.Username
|
||||||
out.UID = in.UID
|
out.UID = in.UID
|
||||||
@ -333,8 +338,3 @@ func autoConvert_authentication_UserInfo_To_v1_UserInfo(in *authentication.UserI
|
|||||||
out.Extra = *(*map[string]v1.ExtraValue)(unsafe.Pointer(&in.Extra))
|
out.Extra = *(*map[string]v1.ExtraValue)(unsafe.Pointer(&in.Extra))
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Convert_authentication_UserInfo_To_v1_UserInfo is an autogenerated conversion function.
|
|
||||||
func Convert_authentication_UserInfo_To_v1_UserInfo(in *authentication.UserInfo, out *v1.UserInfo, s conversion.Scope) error {
|
|
||||||
return autoConvert_authentication_UserInfo_To_v1_UserInfo(in, out, s)
|
|
||||||
}
|
|
||||||
|
|||||||
@ -17,6 +17,7 @@ go_library(
|
|||||||
importmap = "k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/apis/audit",
|
importmap = "k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/apis/audit",
|
||||||
importpath = "k8s.io/apiserver/pkg/apis/audit",
|
importpath = "k8s.io/apiserver/pkg/apis/audit",
|
||||||
deps = [
|
deps = [
|
||||||
|
"//staging/src/k8s.io/api/authentication/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
|
||||||
|
|||||||
@ -17,6 +17,7 @@ limitations under the License.
|
|||||||
package audit
|
package audit
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
authnv1 "k8s.io/api/authentication/v1"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
"k8s.io/apimachinery/pkg/runtime"
|
||||||
"k8s.io/apimachinery/pkg/types"
|
"k8s.io/apimachinery/pkg/types"
|
||||||
@ -92,10 +93,10 @@ type Event struct {
|
|||||||
// For non-resource requests, this is the lower-cased HTTP method.
|
// For non-resource requests, this is the lower-cased HTTP method.
|
||||||
Verb string
|
Verb string
|
||||||
// Authenticated user information.
|
// Authenticated user information.
|
||||||
User UserInfo
|
User authnv1.UserInfo
|
||||||
// Impersonated user information.
|
// Impersonated user information.
|
||||||
// +optional
|
// +optional
|
||||||
ImpersonatedUser *UserInfo
|
ImpersonatedUser *authnv1.UserInfo
|
||||||
// Source IPs, from where the request originated and intermediate proxies.
|
// Source IPs, from where the request originated and intermediate proxies.
|
||||||
// +optional
|
// +optional
|
||||||
SourceIPs []string
|
SourceIPs []string
|
||||||
@ -283,21 +284,3 @@ type ObjectReference struct {
|
|||||||
// +optional
|
// +optional
|
||||||
Subresource string
|
Subresource string
|
||||||
}
|
}
|
||||||
|
|
||||||
// UserInfo holds the information about the user needed to implement the
|
|
||||||
// user.Info interface.
|
|
||||||
type UserInfo struct {
|
|
||||||
// The name that uniquely identifies this user among all active users.
|
|
||||||
Username string
|
|
||||||
// A unique value that identifies this user across time. If this user is
|
|
||||||
// deleted and another user by the same name is added, they will have
|
|
||||||
// different UIDs.
|
|
||||||
UID string
|
|
||||||
// The names of groups this user is a part of.
|
|
||||||
Groups []string
|
|
||||||
// Any additional information provided by the authenticator.
|
|
||||||
Extra map[string]ExtraValue
|
|
||||||
}
|
|
||||||
|
|
||||||
// ExtraValue masks the value so protobuf can generate
|
|
||||||
type ExtraValue []string
|
|
||||||
|
|||||||
@ -117,11 +117,8 @@ func autoConvert_v1_Event_To_audit_Event(in *Event, out *audit.Event, s conversi
|
|||||||
out.Stage = audit.Stage(in.Stage)
|
out.Stage = audit.Stage(in.Stage)
|
||||||
out.RequestURI = in.RequestURI
|
out.RequestURI = in.RequestURI
|
||||||
out.Verb = in.Verb
|
out.Verb = in.Verb
|
||||||
// TODO: Inefficient conversion - can we improve it?
|
out.User = in.User
|
||||||
if err := s.Convert(&in.User, &out.User, 0); err != nil {
|
out.ImpersonatedUser = (*authenticationv1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
|
||||||
return err
|
|
||||||
}
|
|
||||||
out.ImpersonatedUser = (*audit.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
|
|
||||||
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
|
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
|
||||||
out.UserAgent = in.UserAgent
|
out.UserAgent = in.UserAgent
|
||||||
out.ObjectRef = (*audit.ObjectReference)(unsafe.Pointer(in.ObjectRef))
|
out.ObjectRef = (*audit.ObjectReference)(unsafe.Pointer(in.ObjectRef))
|
||||||
@ -145,10 +142,7 @@ func autoConvert_audit_Event_To_v1_Event(in *audit.Event, out *Event, s conversi
|
|||||||
out.Stage = Stage(in.Stage)
|
out.Stage = Stage(in.Stage)
|
||||||
out.RequestURI = in.RequestURI
|
out.RequestURI = in.RequestURI
|
||||||
out.Verb = in.Verb
|
out.Verb = in.Verb
|
||||||
// TODO: Inefficient conversion - can we improve it?
|
out.User = in.User
|
||||||
if err := s.Convert(&in.User, &out.User, 0); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
out.ImpersonatedUser = (*authenticationv1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
|
out.ImpersonatedUser = (*authenticationv1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
|
||||||
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
|
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
|
||||||
out.UserAgent = in.UserAgent
|
out.UserAgent = in.UserAgent
|
||||||
|
|||||||
@ -23,8 +23,8 @@ package v1alpha1
|
|||||||
import (
|
import (
|
||||||
unsafe "unsafe"
|
unsafe "unsafe"
|
||||||
|
|
||||||
authenticationv1 "k8s.io/api/authentication/v1"
|
v1 "k8s.io/api/authentication/v1"
|
||||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
conversion "k8s.io/apimachinery/pkg/conversion"
|
conversion "k8s.io/apimachinery/pkg/conversion"
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||||
types "k8s.io/apimachinery/pkg/types"
|
types "k8s.io/apimachinery/pkg/types"
|
||||||
@ -139,11 +139,8 @@ func autoConvert_v1alpha1_Event_To_audit_Event(in *Event, out *audit.Event, s co
|
|||||||
out.Stage = audit.Stage(in.Stage)
|
out.Stage = audit.Stage(in.Stage)
|
||||||
out.RequestURI = in.RequestURI
|
out.RequestURI = in.RequestURI
|
||||||
out.Verb = in.Verb
|
out.Verb = in.Verb
|
||||||
// TODO: Inefficient conversion - can we improve it?
|
out.User = in.User
|
||||||
if err := s.Convert(&in.User, &out.User, 0); err != nil {
|
out.ImpersonatedUser = (*v1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
|
||||||
return err
|
|
||||||
}
|
|
||||||
out.ImpersonatedUser = (*audit.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
|
|
||||||
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
|
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
|
||||||
out.UserAgent = in.UserAgent
|
out.UserAgent = in.UserAgent
|
||||||
if in.ObjectRef != nil {
|
if in.ObjectRef != nil {
|
||||||
@ -155,7 +152,7 @@ func autoConvert_v1alpha1_Event_To_audit_Event(in *Event, out *audit.Event, s co
|
|||||||
} else {
|
} else {
|
||||||
out.ObjectRef = nil
|
out.ObjectRef = nil
|
||||||
}
|
}
|
||||||
out.ResponseStatus = (*v1.Status)(unsafe.Pointer(in.ResponseStatus))
|
out.ResponseStatus = (*metav1.Status)(unsafe.Pointer(in.ResponseStatus))
|
||||||
out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject))
|
out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject))
|
||||||
out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject))
|
out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject))
|
||||||
out.RequestReceivedTimestamp = in.RequestReceivedTimestamp
|
out.RequestReceivedTimestamp = in.RequestReceivedTimestamp
|
||||||
@ -170,11 +167,8 @@ func autoConvert_audit_Event_To_v1alpha1_Event(in *audit.Event, out *Event, s co
|
|||||||
out.Stage = Stage(in.Stage)
|
out.Stage = Stage(in.Stage)
|
||||||
out.RequestURI = in.RequestURI
|
out.RequestURI = in.RequestURI
|
||||||
out.Verb = in.Verb
|
out.Verb = in.Verb
|
||||||
// TODO: Inefficient conversion - can we improve it?
|
out.User = in.User
|
||||||
if err := s.Convert(&in.User, &out.User, 0); err != nil {
|
out.ImpersonatedUser = (*v1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
|
||||||
return err
|
|
||||||
}
|
|
||||||
out.ImpersonatedUser = (*authenticationv1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
|
|
||||||
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
|
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
|
||||||
out.UserAgent = in.UserAgent
|
out.UserAgent = in.UserAgent
|
||||||
if in.ObjectRef != nil {
|
if in.ObjectRef != nil {
|
||||||
@ -186,7 +180,7 @@ func autoConvert_audit_Event_To_v1alpha1_Event(in *audit.Event, out *Event, s co
|
|||||||
} else {
|
} else {
|
||||||
out.ObjectRef = nil
|
out.ObjectRef = nil
|
||||||
}
|
}
|
||||||
out.ResponseStatus = (*v1.Status)(unsafe.Pointer(in.ResponseStatus))
|
out.ResponseStatus = (*metav1.Status)(unsafe.Pointer(in.ResponseStatus))
|
||||||
out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject))
|
out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject))
|
||||||
out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject))
|
out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject))
|
||||||
out.RequestReceivedTimestamp = in.RequestReceivedTimestamp
|
out.RequestReceivedTimestamp = in.RequestReceivedTimestamp
|
||||||
|
|||||||
@ -23,8 +23,8 @@ package v1beta1
|
|||||||
import (
|
import (
|
||||||
unsafe "unsafe"
|
unsafe "unsafe"
|
||||||
|
|
||||||
authenticationv1 "k8s.io/api/authentication/v1"
|
v1 "k8s.io/api/authentication/v1"
|
||||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
conversion "k8s.io/apimachinery/pkg/conversion"
|
conversion "k8s.io/apimachinery/pkg/conversion"
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||||
types "k8s.io/apimachinery/pkg/types"
|
types "k8s.io/apimachinery/pkg/types"
|
||||||
@ -129,15 +129,12 @@ func autoConvert_v1beta1_Event_To_audit_Event(in *Event, out *audit.Event, s con
|
|||||||
out.Stage = audit.Stage(in.Stage)
|
out.Stage = audit.Stage(in.Stage)
|
||||||
out.RequestURI = in.RequestURI
|
out.RequestURI = in.RequestURI
|
||||||
out.Verb = in.Verb
|
out.Verb = in.Verb
|
||||||
// TODO: Inefficient conversion - can we improve it?
|
out.User = in.User
|
||||||
if err := s.Convert(&in.User, &out.User, 0); err != nil {
|
out.ImpersonatedUser = (*v1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
|
||||||
return err
|
|
||||||
}
|
|
||||||
out.ImpersonatedUser = (*audit.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
|
|
||||||
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
|
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
|
||||||
out.UserAgent = in.UserAgent
|
out.UserAgent = in.UserAgent
|
||||||
out.ObjectRef = (*audit.ObjectReference)(unsafe.Pointer(in.ObjectRef))
|
out.ObjectRef = (*audit.ObjectReference)(unsafe.Pointer(in.ObjectRef))
|
||||||
out.ResponseStatus = (*v1.Status)(unsafe.Pointer(in.ResponseStatus))
|
out.ResponseStatus = (*metav1.Status)(unsafe.Pointer(in.ResponseStatus))
|
||||||
out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject))
|
out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject))
|
||||||
out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject))
|
out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject))
|
||||||
out.RequestReceivedTimestamp = in.RequestReceivedTimestamp
|
out.RequestReceivedTimestamp = in.RequestReceivedTimestamp
|
||||||
@ -152,15 +149,12 @@ func autoConvert_audit_Event_To_v1beta1_Event(in *audit.Event, out *Event, s con
|
|||||||
out.Stage = Stage(in.Stage)
|
out.Stage = Stage(in.Stage)
|
||||||
out.RequestURI = in.RequestURI
|
out.RequestURI = in.RequestURI
|
||||||
out.Verb = in.Verb
|
out.Verb = in.Verb
|
||||||
// TODO: Inefficient conversion - can we improve it?
|
out.User = in.User
|
||||||
if err := s.Convert(&in.User, &out.User, 0); err != nil {
|
out.ImpersonatedUser = (*v1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
|
||||||
return err
|
|
||||||
}
|
|
||||||
out.ImpersonatedUser = (*authenticationv1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser))
|
|
||||||
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
|
out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs))
|
||||||
out.UserAgent = in.UserAgent
|
out.UserAgent = in.UserAgent
|
||||||
out.ObjectRef = (*ObjectReference)(unsafe.Pointer(in.ObjectRef))
|
out.ObjectRef = (*ObjectReference)(unsafe.Pointer(in.ObjectRef))
|
||||||
out.ResponseStatus = (*v1.Status)(unsafe.Pointer(in.ResponseStatus))
|
out.ResponseStatus = (*metav1.Status)(unsafe.Pointer(in.ResponseStatus))
|
||||||
out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject))
|
out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject))
|
||||||
out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject))
|
out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject))
|
||||||
out.RequestReceivedTimestamp = in.RequestReceivedTimestamp
|
out.RequestReceivedTimestamp = in.RequestReceivedTimestamp
|
||||||
|
|||||||
@ -21,7 +21,8 @@ limitations under the License.
|
|||||||
package audit
|
package audit
|
||||||
|
|
||||||
import (
|
import (
|
||||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
v1 "k8s.io/api/authentication/v1"
|
||||||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -32,7 +33,7 @@ func (in *Event) DeepCopyInto(out *Event) {
|
|||||||
in.User.DeepCopyInto(&out.User)
|
in.User.DeepCopyInto(&out.User)
|
||||||
if in.ImpersonatedUser != nil {
|
if in.ImpersonatedUser != nil {
|
||||||
in, out := &in.ImpersonatedUser, &out.ImpersonatedUser
|
in, out := &in.ImpersonatedUser, &out.ImpersonatedUser
|
||||||
*out = new(UserInfo)
|
*out = new(v1.UserInfo)
|
||||||
(*in).DeepCopyInto(*out)
|
(*in).DeepCopyInto(*out)
|
||||||
}
|
}
|
||||||
if in.SourceIPs != nil {
|
if in.SourceIPs != nil {
|
||||||
@ -47,7 +48,7 @@ func (in *Event) DeepCopyInto(out *Event) {
|
|||||||
}
|
}
|
||||||
if in.ResponseStatus != nil {
|
if in.ResponseStatus != nil {
|
||||||
in, out := &in.ResponseStatus, &out.ResponseStatus
|
in, out := &in.ResponseStatus, &out.ResponseStatus
|
||||||
*out = new(v1.Status)
|
*out = new(metav1.Status)
|
||||||
(*in).DeepCopyInto(*out)
|
(*in).DeepCopyInto(*out)
|
||||||
}
|
}
|
||||||
if in.RequestObject != nil {
|
if in.RequestObject != nil {
|
||||||
@ -123,26 +124,6 @@ func (in *EventList) DeepCopyObject() runtime.Object {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in ExtraValue) DeepCopyInto(out *ExtraValue) {
|
|
||||||
{
|
|
||||||
in := &in
|
|
||||||
*out = make(ExtraValue, len(*in))
|
|
||||||
copy(*out, *in)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue.
|
|
||||||
func (in ExtraValue) DeepCopy() ExtraValue {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ExtraValue)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return *out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
func (in *GroupResources) DeepCopyInto(out *GroupResources) {
|
func (in *GroupResources) DeepCopyInto(out *GroupResources) {
|
||||||
*out = *in
|
*out = *in
|
||||||
@ -308,39 +289,3 @@ func (in *PolicyRule) DeepCopy() *PolicyRule {
|
|||||||
in.DeepCopyInto(out)
|
in.DeepCopyInto(out)
|
||||||
return out
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *UserInfo) DeepCopyInto(out *UserInfo) {
|
|
||||||
*out = *in
|
|
||||||
if in.Groups != nil {
|
|
||||||
in, out := &in.Groups, &out.Groups
|
|
||||||
*out = make([]string, len(*in))
|
|
||||||
copy(*out, *in)
|
|
||||||
}
|
|
||||||
if in.Extra != nil {
|
|
||||||
in, out := &in.Extra, &out.Extra
|
|
||||||
*out = make(map[string]ExtraValue, len(*in))
|
|
||||||
for key, val := range *in {
|
|
||||||
var outVal []string
|
|
||||||
if val == nil {
|
|
||||||
(*out)[key] = nil
|
|
||||||
} else {
|
|
||||||
in, out := &val, &outVal
|
|
||||||
*out = make(ExtraValue, len(*in))
|
|
||||||
copy(*out, *in)
|
|
||||||
}
|
|
||||||
(*out)[key] = outVal
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo.
|
|
||||||
func (in *UserInfo) DeepCopy() *UserInfo {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(UserInfo)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|||||||
@ -19,6 +19,7 @@ go_library(
|
|||||||
importmap = "k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/audit",
|
importmap = "k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/audit",
|
||||||
importpath = "k8s.io/apiserver/pkg/audit",
|
importpath = "k8s.io/apiserver/pkg/audit",
|
||||||
deps = [
|
deps = [
|
||||||
|
"//staging/src/k8s.io/api/authentication/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/api/meta:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/api/meta:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||||
|
|||||||
@ -7,6 +7,7 @@ go_library(
|
|||||||
importpath = "k8s.io/apiserver/pkg/audit/event",
|
importpath = "k8s.io/apiserver/pkg/audit/event",
|
||||||
visibility = ["//visibility:public"],
|
visibility = ["//visibility:public"],
|
||||||
deps = [
|
deps = [
|
||||||
|
"//staging/src/k8s.io/api/authentication/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library",
|
"//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library",
|
||||||
"//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library",
|
"//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library",
|
||||||
"//staging/src/k8s.io/apiserver/pkg/authorization/authorizer:go_default_library",
|
"//staging/src/k8s.io/apiserver/pkg/authorization/authorizer:go_default_library",
|
||||||
|
|||||||
@ -20,6 +20,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
|
||||||
|
authnv1 "k8s.io/api/authentication/v1"
|
||||||
"k8s.io/apiserver/pkg/apis/audit"
|
"k8s.io/apiserver/pkg/apis/audit"
|
||||||
authuser "k8s.io/apiserver/pkg/authentication/user"
|
authuser "k8s.io/apiserver/pkg/authentication/user"
|
||||||
"k8s.io/apiserver/pkg/authorization/authorizer"
|
"k8s.io/apiserver/pkg/authorization/authorizer"
|
||||||
@ -126,7 +127,7 @@ func (a *attributes) GetPath() string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// user represents the event user
|
// user represents the event user
|
||||||
type user audit.UserInfo
|
type user authnv1.UserInfo
|
||||||
|
|
||||||
// GetName returns the user name
|
// GetName returns the user name
|
||||||
func (u user) GetName() string { return u.Username }
|
func (u user) GetName() string { return u.Username }
|
||||||
|
|||||||
@ -26,6 +26,7 @@ import (
|
|||||||
"github.com/pborman/uuid"
|
"github.com/pborman/uuid"
|
||||||
"k8s.io/klog"
|
"k8s.io/klog"
|
||||||
|
|
||||||
|
authnv1 "k8s.io/api/authentication/v1"
|
||||||
"k8s.io/apimachinery/pkg/api/meta"
|
"k8s.io/apimachinery/pkg/api/meta"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
"k8s.io/apimachinery/pkg/runtime"
|
||||||
@ -68,9 +69,9 @@ func NewEventFromRequest(req *http.Request, level auditinternal.Level, attribs a
|
|||||||
|
|
||||||
if user := attribs.GetUser(); user != nil {
|
if user := attribs.GetUser(); user != nil {
|
||||||
ev.User.Username = user.GetName()
|
ev.User.Username = user.GetName()
|
||||||
ev.User.Extra = map[string]auditinternal.ExtraValue{}
|
ev.User.Extra = map[string]authnv1.ExtraValue{}
|
||||||
for k, v := range user.GetExtra() {
|
for k, v := range user.GetExtra() {
|
||||||
ev.User.Extra[k] = auditinternal.ExtraValue(v)
|
ev.User.Extra[k] = authnv1.ExtraValue(v)
|
||||||
}
|
}
|
||||||
ev.User.Groups = user.GetGroups()
|
ev.User.Groups = user.GetGroups()
|
||||||
ev.User.UID = user.GetUID()
|
ev.User.UID = user.GetUID()
|
||||||
@ -95,14 +96,14 @@ func LogImpersonatedUser(ae *auditinternal.Event, user user.Info) {
|
|||||||
if ae == nil || ae.Level.Less(auditinternal.LevelMetadata) {
|
if ae == nil || ae.Level.Less(auditinternal.LevelMetadata) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
ae.ImpersonatedUser = &auditinternal.UserInfo{
|
ae.ImpersonatedUser = &authnv1.UserInfo{
|
||||||
Username: user.GetName(),
|
Username: user.GetName(),
|
||||||
}
|
}
|
||||||
ae.ImpersonatedUser.Groups = user.GetGroups()
|
ae.ImpersonatedUser.Groups = user.GetGroups()
|
||||||
ae.ImpersonatedUser.UID = user.GetUID()
|
ae.ImpersonatedUser.UID = user.GetUID()
|
||||||
ae.ImpersonatedUser.Extra = map[string]auditinternal.ExtraValue{}
|
ae.ImpersonatedUser.Extra = map[string]authnv1.ExtraValue{}
|
||||||
for k, v := range user.GetExtra() {
|
for k, v := range user.GetExtra() {
|
||||||
ae.ImpersonatedUser.Extra[k] = auditinternal.ExtraValue(v)
|
ae.ImpersonatedUser.Extra[k] = authnv1.ExtraValue(v)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -19,6 +19,7 @@ go_test(
|
|||||||
srcs = ["enforced_test.go"],
|
srcs = ["enforced_test.go"],
|
||||||
embed = [":go_default_library"],
|
embed = [":go_default_library"],
|
||||||
deps = [
|
deps = [
|
||||||
|
"//staging/src/k8s.io/api/authentication/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||||
"//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library",
|
"//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library",
|
||||||
"//staging/src/k8s.io/apiserver/pkg/audit/policy:go_default_library",
|
"//staging/src/k8s.io/apiserver/pkg/audit/policy:go_default_library",
|
||||||
|
|||||||
@ -21,6 +21,7 @@ import (
|
|||||||
|
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
|
authnv1 "k8s.io/api/authentication/v1"
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
"k8s.io/apimachinery/pkg/runtime"
|
||||||
auditinternal "k8s.io/apiserver/pkg/apis/audit"
|
auditinternal "k8s.io/apiserver/pkg/apis/audit"
|
||||||
"k8s.io/apiserver/pkg/audit/policy"
|
"k8s.io/apiserver/pkg/audit/policy"
|
||||||
@ -67,7 +68,7 @@ func TestEnforced(t *testing.T) {
|
|||||||
Level: auditinternal.LevelRequestResponse,
|
Level: auditinternal.LevelRequestResponse,
|
||||||
Stage: auditinternal.StageResponseComplete,
|
Stage: auditinternal.StageResponseComplete,
|
||||||
RequestURI: "/apis/extensions/v1beta1",
|
RequestURI: "/apis/extensions/v1beta1",
|
||||||
User: auditinternal.UserInfo{
|
User: authnv1.UserInfo{
|
||||||
Username: user.Anonymous,
|
Username: user.Anonymous,
|
||||||
},
|
},
|
||||||
RequestObject: &runtime.Unknown{Raw: []byte(`test`)},
|
RequestObject: &runtime.Unknown{Raw: []byte(`test`)},
|
||||||
|
|||||||
@ -37,6 +37,7 @@ go_test(
|
|||||||
srcs = ["backend_test.go"],
|
srcs = ["backend_test.go"],
|
||||||
embed = [":go_default_library"],
|
embed = [":go_default_library"],
|
||||||
deps = [
|
deps = [
|
||||||
|
"//staging/src/k8s.io/api/authentication/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
|
||||||
|
|||||||
@ -25,6 +25,7 @@ import (
|
|||||||
|
|
||||||
"github.com/pborman/uuid"
|
"github.com/pborman/uuid"
|
||||||
|
|
||||||
|
authnv1 "k8s.io/api/authentication/v1"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
"k8s.io/apimachinery/pkg/runtime"
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||||
@ -64,7 +65,7 @@ func TestLogEventsLegacy(t *testing.T) {
|
|||||||
AuditID: types.UID(uuid.NewRandom().String()),
|
AuditID: types.UID(uuid.NewRandom().String()),
|
||||||
Stage: auditinternal.StageRequestReceived,
|
Stage: auditinternal.StageRequestReceived,
|
||||||
Verb: "get",
|
Verb: "get",
|
||||||
User: auditinternal.UserInfo{
|
User: authnv1.UserInfo{
|
||||||
Username: "admin",
|
Username: "admin",
|
||||||
Groups: []string{
|
Groups: []string{
|
||||||
"system:masters",
|
"system:masters",
|
||||||
@ -122,7 +123,7 @@ func TestLogEventsJson(t *testing.T) {
|
|||||||
AuditID: types.UID(uuid.NewRandom().String()),
|
AuditID: types.UID(uuid.NewRandom().String()),
|
||||||
Stage: auditinternal.StageRequestReceived,
|
Stage: auditinternal.StageRequestReceived,
|
||||||
Verb: "get",
|
Verb: "get",
|
||||||
User: auditinternal.UserInfo{
|
User: authnv1.UserInfo{
|
||||||
Username: "admin",
|
Username: "admin",
|
||||||
Groups: []string{
|
Groups: []string{
|
||||||
"system:masters",
|
"system:masters",
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user