move auditoptions to separate struct

2025-07-22 11:21:47 +00:00 · 2017-02-07 12:50:59 -05:00 · 2017-02-07 12:50:59 -05:00 · 51b5d5a51b
commit 51b5d5a51b
parent cfbdbb4450
8 changed files with 79 additions and 23 deletions
--- a/cmd/kube-apiserver/app/options/options.go
+++ b/cmd/kube-apiserver/app/options/options.go
@ -44,6 +44,7 @@ type ServerRunOptions struct {
 	Etcd                    *genericoptions.EtcdOptions
 	SecureServing           *genericoptions.SecureServingOptions
 	InsecureServing         *genericoptions.ServingOptions
+	Audit                   *genericoptions.AuditLogOptions
 	Authentication          *kubeoptions.BuiltInAuthenticationOptions
 	Authorization           *kubeoptions.BuiltInAuthorizationOptions
 	CloudProvider           *kubeoptions.CloudProviderOptions
@ -68,6 +69,7 @@ func NewServerRunOptions() *ServerRunOptions {
 		Etcd:                 genericoptions.NewEtcdOptions(api.Scheme),
 		SecureServing:        genericoptions.NewSecureServingOptions(),
 		InsecureServing:      genericoptions.NewInsecureServingOptions(),
+		Audit:                genericoptions.NewAuditLogOptions(),
 		Authentication:       kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
 		Authorization:        kubeoptions.NewBuiltInAuthorizationOptions(),
 		CloudProvider:        kubeoptions.NewCloudProviderOptions(),
@ -103,6 +105,7 @@ func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
 	s.SecureServing.AddDeprecatedFlags(fs)
 	s.InsecureServing.AddFlags(fs)
 	s.InsecureServing.AddDeprecatedFlags(fs)
+	s.Audit.AddFlags(fs)
 	s.Authentication.AddFlags(fs)
 	s.Authorization.AddFlags(fs)
 	s.CloudProvider.AddFlags(fs)
--- a/cmd/kube-apiserver/app/server.go
+++ b/cmd/kube-apiserver/app/server.go
@ -120,6 +120,9 @@ func Run(s *options.ServerRunOptions) error {
 	if err := s.Authentication.ApplyTo(genericConfig); err != nil {
 		return err
 	}
+	if err := s.Audit.ApplyTo(genericConfig); err != nil {
+		return err
+	}

 	capabilities.Initialize(capabilities.Capabilities{
 		AllowPrivileged: s.AllowPrivileged,
--- a/federation/cmd/federation-apiserver/app/options/options.go
+++ b/federation/cmd/federation-apiserver/app/options/options.go
@ -36,6 +36,7 @@ type ServerRunOptions struct {
 	Etcd                    *genericoptions.EtcdOptions
 	SecureServing           *genericoptions.SecureServingOptions
 	InsecureServing         *genericoptions.ServingOptions
+	Audit                   *genericoptions.AuditLogOptions
 	Authentication          *kubeoptions.BuiltInAuthenticationOptions
 	Authorization           *kubeoptions.BuiltInAuthorizationOptions
 	CloudProvider           *kubeoptions.CloudProviderOptions
@ -51,6 +52,7 @@ func NewServerRunOptions() *ServerRunOptions {
 		Etcd:                 genericoptions.NewEtcdOptions(api.Scheme),
 		SecureServing:        genericoptions.NewSecureServingOptions(),
 		InsecureServing:      genericoptions.NewInsecureServingOptions(),
+		Audit:                genericoptions.NewAuditLogOptions(),
 		Authentication:       kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
 		Authorization:        kubeoptions.NewBuiltInAuthorizationOptions(),
 		CloudProvider:        kubeoptions.NewCloudProviderOptions(),
@ -70,6 +72,7 @@ func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
 	s.Etcd.AddFlags(fs)
 	s.SecureServing.AddFlags(fs)
 	s.InsecureServing.AddFlags(fs)
+	s.Audit.AddFlags(fs)
 	s.Authentication.AddFlags(fs)
 	s.Authorization.AddFlags(fs)
 	s.CloudProvider.AddFlags(fs)
--- a/federation/cmd/federation-apiserver/app/server.go
+++ b/federation/cmd/federation-apiserver/app/server.go
@ -103,6 +103,9 @@ func Run(s *options.ServerRunOptions) error {
 	if err := s.Authentication.ApplyTo(genericConfig); err != nil {
 		return err
 	}
+	if err := s.Audit.ApplyTo(genericConfig); err != nil {
+		return err
+	}

 	// TODO: register cluster federation resources here.
 	resourceConfig := genericapiserver.NewResourceConfig()
--- a/staging/src/k8s.io/apiserver/pkg/server/options/audit.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/audit.go
@ -0,0 +1,60 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package options
+
+import (
+	"github.com/spf13/pflag"
+	"gopkg.in/natefinch/lumberjack.v2"
+
+	"k8s.io/apiserver/pkg/server"
+)
+
+type AuditLogOptions struct {
+	Path       string
+	MaxAge     int
+	MaxBackups int
+	MaxSize    int
+}
+
+func NewAuditLogOptions() *AuditLogOptions {
+	return &AuditLogOptions{}
+}
+
+func (o *AuditLogOptions) AddFlags(fs *pflag.FlagSet) {
+	fs.StringVar(&o.Path, "audit-log-path", o.Path,
+		"If set, all requests coming to the apiserver will be logged to this file.")
+	fs.IntVar(&o.MaxAge, "audit-log-maxage", o.MaxBackups,
+		"The maximum number of days to retain old audit log files based on the timestamp encoded in their filename.")
+	fs.IntVar(&o.MaxBackups, "audit-log-maxbackup", o.MaxBackups,
+		"The maximum number of old audit log files to retain.")
+	fs.IntVar(&o.MaxSize, "audit-log-maxsize", o.MaxSize,
+		"The maximum size in megabytes of the audit log file before it gets rotated. Defaults to 100MB.")
+}
+
+func (o *AuditLogOptions) ApplyTo(c *server.Config) error {
+	if len(o.Path) == 0 {
+		return nil
+	}
+
+	c.AuditWriter = &lumberjack.Logger{
+		Filename:   o.Path,
+		MaxAge:     o.MaxAge,
+		MaxBackups: o.MaxBackups,
+		MaxSize:    o.MaxSize,
+	}
+	return nil
+}
--- a/staging/src/k8s.io/apiserver/pkg/server/options/recommended.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/recommended.go
@ -30,6 +30,7 @@ type RecommendedOptions struct {
 	SecureServing  *SecureServingOptions
 	Authentication *DelegatingAuthenticationOptions
 	Authorization  *DelegatingAuthorizationOptions
+	Audit          *AuditLogOptions
 }

 func NewRecommendedOptions(scheme *runtime.Scheme) *RecommendedOptions {
@ -38,6 +39,7 @@ func NewRecommendedOptions(scheme *runtime.Scheme) *RecommendedOptions {
 		SecureServing:  NewSecureServingOptions(),
 		Authentication: NewDelegatingAuthenticationOptions(),
 		Authorization:  NewDelegatingAuthorizationOptions(),
+		Audit:          NewAuditLogOptions(),
 	}
 }

@ -46,6 +48,7 @@ func (o *RecommendedOptions) AddFlags(fs *pflag.FlagSet) {
 	o.SecureServing.AddFlags(fs)
 	o.Authentication.AddFlags(fs)
 	o.Authorization.AddFlags(fs)
+	o.Audit.AddFlags(fs)
 }

 func (o *RecommendedOptions) ApplyTo(config *server.Config) error {
@ -58,6 +61,9 @@ func (o *RecommendedOptions) ApplyTo(config *server.Config) error {
 	if err := o.Authorization.ApplyTo(config); err != nil {
 		return err
 	}
+	if err := o.Audit.ApplyTo(config); err != nil {
+		return err
+	}

 	return nil
 }
--- a/staging/src/k8s.io/apiserver/pkg/server/options/server_run_options.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/server_run_options.go
@ -31,7 +31,6 @@ import (
 	_ "k8s.io/apiserver/pkg/features"

 	"github.com/spf13/pflag"
-	"gopkg.in/natefinch/lumberjack.v2"
 )

 // ServerRunOptions contains the options while running a generic api server.
@ -45,10 +44,6 @@ type ServerRunOptions struct {
 	// to set it to "application/vnd.kubernetes.protobuf".
 	DefaultStorageMediaType     string
 	DeleteCollectionWorkers     int
-	AuditLogPath                string
-	AuditLogMaxAge              int
-	AuditLogMaxBackups          int
-	AuditLogMaxSize             int
 	EnableGarbageCollection     bool
 	EnableProfiling             bool
 	EnableContentionProfiling   bool
@ -83,15 +78,6 @@ func NewServerRunOptions() *ServerRunOptions {

 // ApplyOptions applies the run options to the method receiver and returns self
 func (s *ServerRunOptions) ApplyTo(c *server.Config) error {
-	if len(s.AuditLogPath) != 0 {
-		c.AuditWriter = &lumberjack.Logger{
-			Filename:   s.AuditLogPath,
-			MaxAge:     s.AuditLogMaxAge,
-			MaxBackups: s.AuditLogMaxBackups,
-			MaxSize:    s.AuditLogMaxSize,
-		}
-	}
-
 	c.CorsAllowedOriginList = s.CorsAllowedOriginList
 	c.EnableGarbageCollection = s.EnableGarbageCollection
 	c.EnableProfiling = s.EnableProfiling
@ -163,15 +149,6 @@ func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet) {
 	fs.IntVar(&s.DeleteCollectionWorkers, "delete-collection-workers", s.DeleteCollectionWorkers,
 		"Number of workers spawned for DeleteCollection call. These are used to speed up namespace cleanup.")

-	fs.StringVar(&s.AuditLogPath, "audit-log-path", s.AuditLogPath,
-		"If set, all requests coming to the apiserver will be logged to this file.")
-	fs.IntVar(&s.AuditLogMaxAge, "audit-log-maxage", s.AuditLogMaxBackups,
-		"The maximum number of days to retain old audit log files based on the timestamp encoded in their filename.")
-	fs.IntVar(&s.AuditLogMaxBackups, "audit-log-maxbackup", s.AuditLogMaxBackups,
-		"The maximum number of old audit log files to retain.")
-	fs.IntVar(&s.AuditLogMaxSize, "audit-log-maxsize", s.AuditLogMaxSize,
-		"The maximum size in megabytes of the audit log file before it gets rotated. Defaults to 100MB.")
-
 	fs.BoolVar(&s.EnableGarbageCollection, "enable-garbage-collector", s.EnableGarbageCollection, ""+
 		"Enables the generic garbage collector. MUST be synced with the corresponding flag "+
 		"of the kube-controller-manager.")
--- a/vendor/BUILD
+++ b/vendor/BUILD
@ -14089,6 +14089,7 @@ go_library(
 go_library(
    name = "k8s.io/apiserver/pkg/server/options",
    srcs = [
+        "k8s.io/apiserver/pkg/server/options/audit.go",
        "k8s.io/apiserver/pkg/server/options/authentication.go",
        "k8s.io/apiserver/pkg/server/options/authorization.go",
        "k8s.io/apiserver/pkg/server/options/doc.go",