Update existing code for audit API changes

2025-07-30 15:05:27 +00:00 · 2017-05-24 07:45:19 -07:00 · 2017-05-24 07:45:19 -07:00 · 4c54970d31
commit 4c54970d31
parent 7bc9b30049
2 changed files with 34 additions and 23 deletions
--- a/staging/src/k8s.io/apiserver/pkg/audit/request.go
+++ b/staging/src/k8s.io/apiserver/pkg/audit/request.go
@ -40,10 +40,7 @@ import (
 	authenticationv1 "k8s.io/client-go/pkg/apis/authentication/v1"
 )

-const (
-	AuditIDHeader = "X-Request-ID"
-)
-
+// NewEventFromRequest generates an audit event for the request.
 func NewEventFromRequest(req *http.Request, policy *auditinternal.Policy, attribs authorizer.Attributes) (*auditinternal.Event, error) {
 	ev := &auditinternal.Event{
 		Timestamp:  metav1.NewTime(time.Now()),
@ -61,7 +58,7 @@ func NewEventFromRequest(req *http.Request, policy *auditinternal.Policy, attrib

 	// prefer the id from the headers. If not available, create a new one.
 	// TODO(audit): do we want to forbid the header for non-front-proxy users?
-	ids := req.Header[AuditIDHeader]
+	ids := req.Header[auditinternal.HeaderAuditID]
 	if len(ids) > 0 {
 		ev.AuditID = types.UID(ids[0])
 	} else {
@ -157,7 +154,7 @@ func LogRequestPatch(ae *audit.Event, patch []byte) {
 		return
 	}

-	ae.RequestObject = runtime.Unknown{
+	ae.RequestObject = &runtime.Unknown{
 		Raw:         patch,
 		ContentType: runtime.ContentTypeJSON,
 	}
@ -182,21 +179,21 @@ func LogResponseObject(ae *audit.Event, obj runtime.Object, gv schema.GroupVersi
 	}
 }

-func encodeObject(obj runtime.Object, gv schema.GroupVersion, serializer runtime.NegotiatedSerializer) (runtime.Unknown, error) {
+func encodeObject(obj runtime.Object, gv schema.GroupVersion, serializer runtime.NegotiatedSerializer) (*runtime.Unknown, error) {
 	supported := serializer.SupportedMediaTypes()
 	for i := range supported {
 		if supported[i].MediaType == "application/json" {
 			enc := serializer.EncoderForVersion(supported[i].Serializer, gv)
 			var buf bytes.Buffer
 			if err := enc.Encode(obj, &buf); err != nil {
-				return runtime.Unknown{}, fmt.Errorf("encoding failed: %v", err)
+				return nil, fmt.Errorf("encoding failed: %v", err)
 			}

-			return runtime.Unknown{
+			return &runtime.Unknown{
 				Raw:         buf.Bytes(),
 				ContentType: runtime.ContentTypeJSON,
 			}, nil
 		}
 	}
-	return runtime.Unknown{}, fmt.Errorf("no json encoder found")
+	return nil, fmt.Errorf("no json encoder found")
 }
--- a/staging/src/k8s.io/apiserver/pkg/endpoints/audit_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/endpoints/audit_test.go
@ -65,8 +65,22 @@ func TestAudit(t *testing.T) {
 	simpleCPrimeJSON, _ := runtime.Encode(testCodec, simpleCPrime)

 	// event checks
+	noRequestBody := func(i int) eventCheck {
+		return func(events []*auditinternal.Event) error {
+			if events[i].RequestObject == nil {
+				return nil
+			}
+			return fmt.Errorf("expected RequestBody to be nil, got non-nill '%s'", events[i].RequestObject.Raw)
+		}
+	}
 	requestBodyIs := func(i int, text string) eventCheck {
 		return func(events []*auditinternal.Event) error {
+			if events[i].RequestObject == nil {
+				if text != "" {
+					return fmt.Errorf("expected RequestBody %q, got <nil>", text)
+				}
+				return nil
+			}
 			if string(events[i].RequestObject.Raw) != text {
 				return fmt.Errorf("expected RequestBody %q, got %q", text, string(events[i].RequestObject.Raw))
 			}
@ -81,12 +95,12 @@ func TestAudit(t *testing.T) {
 			return nil
 		}
 	}
-	responseBodyIs := func(i int, text string) eventCheck {
+	noResponseBody := func(i int) eventCheck {
 		return func(events []*auditinternal.Event) error {
-			if string(events[i].ResponseObject.Raw) != text {
-				return fmt.Errorf("expected ResponseBody %q, got %q", text, string(events[i].ResponseObject.Raw))
+			if events[i].ResponseObject == nil {
+				return nil
 			}
-			return nil
+			return fmt.Errorf("expected ResponseBody to be nil, got non-nill '%s'", events[i].ResponseObject.Raw)
 		}
 	}
 	responseBodyMatches := func(i int, pattern string) eventCheck {
@ -115,7 +129,7 @@ func TestAudit(t *testing.T) {
 			200,
 			1,
 			[]eventCheck{
-				requestBodyIs(0, ""),
+				noRequestBody(0),
 				responseBodyMatches(0, `{.*"name":"c".*}`),
 			},
 		},
@ -132,7 +146,7 @@ func TestAudit(t *testing.T) {
 			200,
 			1,
 			[]eventCheck{
-				requestBodyMatches(0, ""),
+				noRequestBody(0),
 				responseBodyMatches(0, `{.*"name":"a".*"name":"b".*}`),
 			},
 		},
@ -158,8 +172,8 @@ func TestAudit(t *testing.T) {
 			405,
 			1,
 			[]eventCheck{
-				requestBodyIs(0, ""),  // the 405 is thrown long before the create handler would be executed
-				responseBodyIs(0, ""), // the 405 is thrown long before the create handler would be executed
+				noRequestBody(0),  // the 405 is thrown long before the create handler would be executed
+				noResponseBody(0), // the 405 is thrown long before the create handler would be executed
 			},
 		},
 		{
@ -171,8 +185,8 @@ func TestAudit(t *testing.T) {
 			200,
 			1,
 			[]eventCheck{
-				requestBodyMatches(0, ""),
-				responseBodyMatches(0, ""),
+				noRequestBody(0),
+				responseBodyMatches(0, `{.*"kind":"Status".*"status":"Success".*}`),
 			},
 		},
 		{
@ -185,7 +199,7 @@ func TestAudit(t *testing.T) {
 			1,
 			[]eventCheck{
 				requestBodyMatches(0, "DeleteOptions"),
-				responseBodyMatches(0, ""),
+				responseBodyMatches(0, `{.*"kind":"Status".*"status":"Success".*}`),
 			},
 		},
 		{
@ -247,8 +261,8 @@ func TestAudit(t *testing.T) {
 			200,
 			2,
 			[]eventCheck{
-				requestBodyMatches(0, ""),
-				responseBodyMatches(0, ""),
+				noRequestBody(0),
+				noResponseBody(0),
 			},
 		},
 	} {