mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 03:41:45 +00:00
Remove kubeadm audit package
This commit is contained in:
fabriziopandini
parent
e2a7bd5318
commit
66b8847dbf
@ -78,7 +78,6 @@ filegroup(
|
||||
srcs = [
|
||||
":package-srcs",
|
||||
"//cmd/kubeadm/app/util/apiclient:all-srcs",
|
||||
"//cmd/kubeadm/app/util/audit:all-srcs",
|
||||
"//cmd/kubeadm/app/util/certs:all-srcs",
|
||||
"//cmd/kubeadm/app/util/config:all-srcs",
|
||||
"//cmd/kubeadm/app/util/crypto:all-srcs",
|
||||
|
||||
@ -1,43 +0,0 @@
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
|
||||
|
||||
go_library(
|
||||
name = "go_default_library",
|
||||
srcs = ["utils.go"],
|
||||
importpath = "k8s.io/kubernetes/cmd/kubeadm/app/util/audit",
|
||||
visibility = ["//visibility:public"],
|
||||
deps = [
|
||||
"//cmd/kubeadm/app/util:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
|
||||
"//staging/src/k8s.io/apiserver/pkg/apis/audit/install:go_default_library",
|
||||
"//staging/src/k8s.io/apiserver/pkg/apis/audit/v1:go_default_library",
|
||||
"//vendor/github.com/pkg/errors:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
go_test(
|
||||
name = "go_default_test",
|
||||
srcs = ["utils_test.go"],
|
||||
embed = [":go_default_library"],
|
||||
deps = [
|
||||
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
|
||||
"//staging/src/k8s.io/apiserver/pkg/apis/audit/install:go_default_library",
|
||||
"//staging/src/k8s.io/apiserver/pkg/apis/audit/v1:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
filegroup(
|
||||
name = "package-srcs",
|
||||
srcs = glob(["**"]),
|
||||
tags = ["automanaged"],
|
||||
visibility = ["//visibility:private"],
|
||||
)
|
||||
|
||||
filegroup(
|
||||
name = "all-srcs",
|
||||
srcs = [":package-srcs"],
|
||||
tags = ["automanaged"],
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
@ -1,74 +0,0 @@
|
||||
/*
|
||||
Copyright 2018 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package audit
|
||||
|
||||
import (
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/serializer"
|
||||
"k8s.io/apiserver/pkg/apis/audit/install"
|
||||
auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
|
||||
kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
|
||||
)
|
||||
|
||||
// CreateDefaultAuditLogPolicy writes the default audit log policy to disk.
|
||||
func CreateDefaultAuditLogPolicy(policyFile string) error {
|
||||
policy := auditv1.Policy{
|
||||
TypeMeta: metav1.TypeMeta{
|
||||
APIVersion: auditv1.SchemeGroupVersion.String(),
|
||||
Kind: "Policy",
|
||||
},
|
||||
Rules: []auditv1.PolicyRule{
|
||||
{
|
||||
Level: auditv1.LevelMetadata,
|
||||
},
|
||||
},
|
||||
}
|
||||
return writePolicyToDisk(policyFile, &policy)
|
||||
}
|
||||
|
||||
func writePolicyToDisk(policyFile string, policy *auditv1.Policy) error {
|
||||
// creates target folder if not already exists
|
||||
if err := os.MkdirAll(filepath.Dir(policyFile), 0700); err != nil {
|
||||
return errors.Wrapf(err, "failed to create directory %q: ", filepath.Dir(policyFile))
|
||||
}
|
||||
|
||||
scheme := runtime.NewScheme()
|
||||
// Registers the API group with the scheme and adds types to a scheme
|
||||
install.Install(scheme)
|
||||
|
||||
codecs := serializer.NewCodecFactory(scheme)
|
||||
|
||||
// writes the policy to disk
|
||||
serialized, err := kubeadmutil.MarshalToYamlForCodecs(policy, auditv1.SchemeGroupVersion, codecs)
|
||||
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "failed to marshal audit policy to YAML")
|
||||
}
|
||||
|
||||
if err := ioutil.WriteFile(policyFile, serialized, 0600); err != nil {
|
||||
return errors.Wrapf(err, "failed to write audit policy to %v: ", policyFile)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
@ -1,65 +0,0 @@
|
||||
/*
|
||||
Copyright 2018 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package audit
|
||||
|
||||
import (
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/serializer"
|
||||
"k8s.io/apiserver/pkg/apis/audit/install"
|
||||
auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
|
||||
)
|
||||
|
||||
func cleanup(t *testing.T, path string) {
|
||||
err := os.RemoveAll(path)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to clean up %v: %v", path, err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCreateDefaultAuditLogPolicy(t *testing.T) {
|
||||
// make a tempdir
|
||||
tempDir, err := ioutil.TempDir("/tmp", "audit-test")
|
||||
if err != nil {
|
||||
t.Fatalf("could not create a tempdir: %v", err)
|
||||
}
|
||||
defer cleanup(t, tempDir)
|
||||
auditPolicyFile := filepath.Join(tempDir, "test.yaml")
|
||||
if err = CreateDefaultAuditLogPolicy(auditPolicyFile); err != nil {
|
||||
t.Fatalf("failed to create audit log policy: %v", err)
|
||||
}
|
||||
// turn the audit log back into a policy
|
||||
policyBytes, err := ioutil.ReadFile(auditPolicyFile)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to read %v: %v", auditPolicyFile, err)
|
||||
}
|
||||
scheme := runtime.NewScheme()
|
||||
install.Install(scheme)
|
||||
codecs := serializer.NewCodecFactory(scheme)
|
||||
policy := auditv1.Policy{}
|
||||
err = runtime.DecodeInto(codecs.UniversalDecoder(), policyBytes, &policy)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to decode written policy: %v", err)
|
||||
}
|
||||
if policy.Kind != "Policy" {
|
||||
t.Fatalf("did not decode policy properly")
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user