mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 20:24:09 +00:00
Remove kubeadm audit package
This commit is contained in:
fabriziopandini
parent
e2a7bd5318
commit
66b8847dbf
@ -78,7 +78,6 @@ filegroup(
|
|||||||
srcs = [
|
srcs = [
|
||||||
":package-srcs",
|
":package-srcs",
|
||||||
"//cmd/kubeadm/app/util/apiclient:all-srcs",
|
"//cmd/kubeadm/app/util/apiclient:all-srcs",
|
||||||
"//cmd/kubeadm/app/util/audit:all-srcs",
|
|
||||||
"//cmd/kubeadm/app/util/certs:all-srcs",
|
"//cmd/kubeadm/app/util/certs:all-srcs",
|
||||||
"//cmd/kubeadm/app/util/config:all-srcs",
|
"//cmd/kubeadm/app/util/config:all-srcs",
|
||||||
"//cmd/kubeadm/app/util/crypto:all-srcs",
|
"//cmd/kubeadm/app/util/crypto:all-srcs",
|
||||||
|
|||||||
@ -1,43 +0,0 @@
|
|||||||
load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
|
|
||||||
|
|
||||||
go_library(
|
|
||||||
name = "go_default_library",
|
|
||||||
srcs = ["utils.go"],
|
|
||||||
importpath = "k8s.io/kubernetes/cmd/kubeadm/app/util/audit",
|
|
||||||
visibility = ["//visibility:public"],
|
|
||||||
deps = [
|
|
||||||
"//cmd/kubeadm/app/util:go_default_library",
|
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
|
|
||||||
"//staging/src/k8s.io/apiserver/pkg/apis/audit/install:go_default_library",
|
|
||||||
"//staging/src/k8s.io/apiserver/pkg/apis/audit/v1:go_default_library",
|
|
||||||
"//vendor/github.com/pkg/errors:go_default_library",
|
|
||||||
],
|
|
||||||
)
|
|
||||||
|
|
||||||
go_test(
|
|
||||||
name = "go_default_test",
|
|
||||||
srcs = ["utils_test.go"],
|
|
||||||
embed = [":go_default_library"],
|
|
||||||
deps = [
|
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
|
|
||||||
"//staging/src/k8s.io/apiserver/pkg/apis/audit/install:go_default_library",
|
|
||||||
"//staging/src/k8s.io/apiserver/pkg/apis/audit/v1:go_default_library",
|
|
||||||
],
|
|
||||||
)
|
|
||||||
|
|
||||||
filegroup(
|
|
||||||
name = "package-srcs",
|
|
||||||
srcs = glob(["**"]),
|
|
||||||
tags = ["automanaged"],
|
|
||||||
visibility = ["//visibility:private"],
|
|
||||||
)
|
|
||||||
|
|
||||||
filegroup(
|
|
||||||
name = "all-srcs",
|
|
||||||
srcs = [":package-srcs"],
|
|
||||||
tags = ["automanaged"],
|
|
||||||
visibility = ["//visibility:public"],
|
|
||||||
)
|
|
||||||
@ -1,74 +0,0 @@
|
|||||||
/*
|
|
||||||
Copyright 2018 The Kubernetes Authors.
|
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
you may not use this file except in compliance with the License.
|
|
||||||
You may obtain a copy of the License at
|
|
||||||
|
|
||||||
http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
|
||||||
distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
See the License for the specific language governing permissions and
|
|
||||||
limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package audit
|
|
||||||
|
|
||||||
import (
|
|
||||||
"io/ioutil"
|
|
||||||
"os"
|
|
||||||
"path/filepath"
|
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
|
||||||
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime/serializer"
|
|
||||||
"k8s.io/apiserver/pkg/apis/audit/install"
|
|
||||||
auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
|
|
||||||
kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
|
|
||||||
)
|
|
||||||
|
|
||||||
// CreateDefaultAuditLogPolicy writes the default audit log policy to disk.
|
|
||||||
func CreateDefaultAuditLogPolicy(policyFile string) error {
|
|
||||||
policy := auditv1.Policy{
|
|
||||||
TypeMeta: metav1.TypeMeta{
|
|
||||||
APIVersion: auditv1.SchemeGroupVersion.String(),
|
|
||||||
Kind: "Policy",
|
|
||||||
},
|
|
||||||
Rules: []auditv1.PolicyRule{
|
|
||||||
{
|
|
||||||
Level: auditv1.LevelMetadata,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
return writePolicyToDisk(policyFile, &policy)
|
|
||||||
}
|
|
||||||
|
|
||||||
func writePolicyToDisk(policyFile string, policy *auditv1.Policy) error {
|
|
||||||
// creates target folder if not already exists
|
|
||||||
if err := os.MkdirAll(filepath.Dir(policyFile), 0700); err != nil {
|
|
||||||
return errors.Wrapf(err, "failed to create directory %q: ", filepath.Dir(policyFile))
|
|
||||||
}
|
|
||||||
|
|
||||||
scheme := runtime.NewScheme()
|
|
||||||
// Registers the API group with the scheme and adds types to a scheme
|
|
||||||
install.Install(scheme)
|
|
||||||
|
|
||||||
codecs := serializer.NewCodecFactory(scheme)
|
|
||||||
|
|
||||||
// writes the policy to disk
|
|
||||||
serialized, err := kubeadmutil.MarshalToYamlForCodecs(policy, auditv1.SchemeGroupVersion, codecs)
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
return errors.Wrap(err, "failed to marshal audit policy to YAML")
|
|
||||||
}
|
|
||||||
|
|
||||||
if err := ioutil.WriteFile(policyFile, serialized, 0600); err != nil {
|
|
||||||
return errors.Wrapf(err, "failed to write audit policy to %v: ", policyFile)
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
@ -1,65 +0,0 @@
|
|||||||
/*
|
|
||||||
Copyright 2018 The Kubernetes Authors.
|
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
you may not use this file except in compliance with the License.
|
|
||||||
You may obtain a copy of the License at
|
|
||||||
|
|
||||||
http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
|
||||||
distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
See the License for the specific language governing permissions and
|
|
||||||
limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package audit
|
|
||||||
|
|
||||||
import (
|
|
||||||
"io/ioutil"
|
|
||||||
"os"
|
|
||||||
"path/filepath"
|
|
||||||
"testing"
|
|
||||||
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime/serializer"
|
|
||||||
"k8s.io/apiserver/pkg/apis/audit/install"
|
|
||||||
auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
|
|
||||||
)
|
|
||||||
|
|
||||||
func cleanup(t *testing.T, path string) {
|
|
||||||
err := os.RemoveAll(path)
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("Failed to clean up %v: %v", path, err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestCreateDefaultAuditLogPolicy(t *testing.T) {
|
|
||||||
// make a tempdir
|
|
||||||
tempDir, err := ioutil.TempDir("/tmp", "audit-test")
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("could not create a tempdir: %v", err)
|
|
||||||
}
|
|
||||||
defer cleanup(t, tempDir)
|
|
||||||
auditPolicyFile := filepath.Join(tempDir, "test.yaml")
|
|
||||||
if err = CreateDefaultAuditLogPolicy(auditPolicyFile); err != nil {
|
|
||||||
t.Fatalf("failed to create audit log policy: %v", err)
|
|
||||||
}
|
|
||||||
// turn the audit log back into a policy
|
|
||||||
policyBytes, err := ioutil.ReadFile(auditPolicyFile)
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("failed to read %v: %v", auditPolicyFile, err)
|
|
||||||
}
|
|
||||||
scheme := runtime.NewScheme()
|
|
||||||
install.Install(scheme)
|
|
||||||
codecs := serializer.NewCodecFactory(scheme)
|
|
||||||
policy := auditv1.Policy{}
|
|
||||||
err = runtime.DecodeInto(codecs.UniversalDecoder(), policyBytes, &policy)
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("failed to decode written policy: %v", err)
|
|
||||||
}
|
|
||||||
if policy.Kind != "Policy" {
|
|
||||||
t.Fatalf("did not decode policy properly")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Loading…
Reference in New Issue
Block a user