From 9212b0240de33344034c829f78a0f5c86aea6a0d Mon Sep 17 00:00:00 2001
From: Cao Shufeng <caosf.fnst@cn.fujitsu.com>
Date: Tue, 6 Jun 2017 12:05:47 +0800
Subject: [PATCH] [legacy audit] add response audit for hijack

---
 .../k8s.io/apiserver/pkg/endpoints/filters/legacy_audit.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/legacy_audit.go b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/legacy_audit.go
index fb56d628050..692895eae5b 100644
--- a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/legacy_audit.go
+++ b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/legacy_audit.go
@@ -43,12 +43,15 @@ type legacyAuditResponseWriter struct {
 	id  string
 }
 
-func (a *legacyAuditResponseWriter) WriteHeader(code int) {
+func (a *legacyAuditResponseWriter) printResponse(code int) {
 	line := fmt.Sprintf("%s AUDIT: id=%q response=\"%d\"\n", time.Now().Format(time.RFC3339Nano), a.id, code)
 	if _, err := fmt.Fprint(a.out, line); err != nil {
 		glog.Errorf("Unable to write audit log: %s, the error is: %v", line, err)
 	}
+}
 
+func (a *legacyAuditResponseWriter) WriteHeader(code int) {
+	a.printResponse(code)
 	a.ResponseWriter.WriteHeader(code)
 }
 
@@ -68,6 +71,8 @@ func (f *fancyLegacyResponseWriterDelegator) Flush() {
 }
 
 func (f *fancyLegacyResponseWriterDelegator) Hijack() (net.Conn, *bufio.ReadWriter, error) {
+	// fake a response status before protocol switch happens
+	f.printResponse(http.StatusSwitchingProtocols)
 	return f.ResponseWriter.(http.Hijacker).Hijack()
 }