diff --git a/staging/src/k8s.io/apiserver/pkg/audit/policy/BUILD b/staging/src/k8s.io/apiserver/pkg/audit/policy/BUILD index 06cee6100f6..a844d732132 100644 --- a/staging/src/k8s.io/apiserver/pkg/audit/policy/BUILD +++ b/staging/src/k8s.io/apiserver/pkg/audit/policy/BUILD @@ -35,6 +35,7 @@ go_library( deps = [ "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", "//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library", + "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1:go_default_library", "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1:go_default_library", "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1:go_default_library", "//staging/src/k8s.io/apiserver/pkg/apis/audit/validation:go_default_library", diff --git a/staging/src/k8s.io/apiserver/pkg/audit/policy/reader.go b/staging/src/k8s.io/apiserver/pkg/audit/policy/reader.go index 1d02e1a3fb9..d582cda88d3 100644 --- a/staging/src/k8s.io/apiserver/pkg/audit/policy/reader.go +++ b/staging/src/k8s.io/apiserver/pkg/audit/policy/reader.go @@ -22,6 +22,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" auditinternal "k8s.io/apiserver/pkg/apis/audit" + auditv1 "k8s.io/apiserver/pkg/apis/audit/v1" auditv1alpha1 "k8s.io/apiserver/pkg/apis/audit/v1alpha1" auditv1beta1 "k8s.io/apiserver/pkg/apis/audit/v1beta1" "k8s.io/apiserver/pkg/apis/audit/validation" @@ -34,6 +35,7 @@ var ( apiGroupVersions = []schema.GroupVersion{ auditv1beta1.SchemeGroupVersion, auditv1alpha1.SchemeGroupVersion, + auditv1.SchemeGroupVersion, } apiGroupVersionSet = map[schema.GroupVersion]bool{} ) diff --git a/staging/src/k8s.io/apiserver/pkg/audit/policy/reader_test.go b/staging/src/k8s.io/apiserver/pkg/audit/policy/reader_test.go index b05297a983a..003bf9133ac 100644 --- a/staging/src/k8s.io/apiserver/pkg/audit/policy/reader_test.go +++ b/staging/src/k8s.io/apiserver/pkg/audit/policy/reader_test.go @@ -20,6 +20,7 @@ import ( "io/ioutil" "os" "reflect" + "strings" "testing" "k8s.io/apimachinery/pkg/util/diff" @@ -31,28 +32,8 @@ import ( "github.com/stretchr/testify/require" ) -const policyDefV1alpha1 = ` -apiVersion: audit.k8s.io/v1alpha1 -kind: Policy -rules: - - level: None - nonResourceURLs: - - /healthz* - - /version - - level: RequestResponse - users: ["tim"] - userGroups: ["testers", "developers"] - verbs: ["patch", "delete", "create"] - resources: - - group: "" - - group: "rbac.authorization.k8s.io" - resources: ["clusterroles", "clusterrolebindings"] - namespaces: ["default", "kube-system"] - - level: Metadata -` - -const policyDefV1beta1 = ` -apiVersion: audit.k8s.io/v1beta1 +const policyDefPattern = ` +apiVersion: audit.k8s.io/{version} kind: Policy rules: - level: None @@ -108,17 +89,20 @@ var expectedPolicy = &audit.Policy{ }}, } -func TestParserV1alpha1(t *testing.T) { - f, err := writePolicy(t, policyDefV1alpha1) - require.NoError(t, err) - defer os.Remove(f) +func TestParser(t *testing.T) { + for _, version := range []string{"v1", "v1alpha1", "v1beta1"} { + policyDef := strings.Replace(policyDefPattern, "{version}", version, 1) + f, err := writePolicy(t, policyDef) + require.NoError(t, err) + defer os.Remove(f) - policy, err := LoadPolicyFromFile(f) - require.NoError(t, err) + policy, err := LoadPolicyFromFile(f) + require.NoError(t, err) - assert.Len(t, policy.Rules, 3) // Sanity check. - if !reflect.DeepEqual(policy, expectedPolicy) { - t.Errorf("Unexpected policy! Diff:\n%s", diff.ObjectDiff(policy, expectedPolicy)) + assert.Len(t, policy.Rules, 3) // Sanity check. + if !reflect.DeepEqual(policy, expectedPolicy) { + t.Errorf("Unexpected policy! Diff:\n%s", diff.ObjectDiff(policy, expectedPolicy)) + } } } @@ -131,27 +115,13 @@ func TestParsePolicyWithNoVersionOrKind(t *testing.T) { assert.Contains(t, err.Error(), "unknown group version field") } -func TestParserV1beta1(t *testing.T) { - f, err := writePolicy(t, policyDefV1beta1) - require.NoError(t, err) - defer os.Remove(f) - - policy, err := LoadPolicyFromFile(f) - require.NoError(t, err) - - assert.Len(t, policy.Rules, 3) // Sanity check. - if !reflect.DeepEqual(policy, expectedPolicy) { - t.Errorf("Unexpected policy! Diff:\n%s", diff.ObjectDiff(policy, expectedPolicy)) - } -} - func TestPolicyCntCheck(t *testing.T) { var testCases = []struct { caseName, policy string }{ { "policyWithNoRule", - `apiVersion: audit.k8s.io/v1beta1 + `apiVersion: audit.k8s.io/v1 kind: Policy`, }, {"emptyPolicyFile", ""}, diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/BUILD b/staging/src/k8s.io/apiserver/pkg/server/options/BUILD index 019465ab27c..07c28712b34 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/BUILD +++ b/staging/src/k8s.io/apiserver/pkg/server/options/BUILD @@ -37,6 +37,7 @@ go_library( "//staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating:go_default_library", "//staging/src/k8s.io/apiserver/pkg/apis/apiserver:go_default_library", "//staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1:go_default_library", + "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1:go_default_library", "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1:go_default_library", "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1:go_default_library", "//staging/src/k8s.io/apiserver/pkg/audit:go_default_library", diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/audit.go b/staging/src/k8s.io/apiserver/pkg/server/options/audit.go index ad4d65b115a..d06fffe406a 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/audit.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/audit.go @@ -28,6 +28,7 @@ import ( "gopkg.in/natefinch/lumberjack.v2" "k8s.io/apimachinery/pkg/runtime/schema" + auditv1 "k8s.io/apiserver/pkg/apis/audit/v1" auditv1alpha1 "k8s.io/apiserver/pkg/apis/audit/v1alpha1" auditv1beta1 "k8s.io/apiserver/pkg/apis/audit/v1beta1" "k8s.io/apiserver/pkg/audit" @@ -138,7 +139,8 @@ func NewAuditOptions() *AuditOptions { Mode: ModeBatch, BatchConfig: pluginbuffered.NewDefaultBatchConfig(), }, - TruncateOptions: NewAuditTruncateOptions(), + TruncateOptions: NewAuditTruncateOptions(), + // TODO(audit): use v1 API in release 1.13 GroupVersionString: "audit.k8s.io/v1beta1", }, LogOptions: AuditLogOptions{ @@ -147,7 +149,8 @@ func NewAuditOptions() *AuditOptions { Mode: ModeBlocking, BatchConfig: defaultLogBatchConfig, }, - TruncateOptions: NewAuditTruncateOptions(), + TruncateOptions: NewAuditTruncateOptions(), + // TODO(audit): use v1 API in release 1.13 GroupVersionString: "audit.k8s.io/v1beta1", }, } @@ -222,6 +225,7 @@ func validateBackendBatchOptions(pluginName string, options AuditBatchOptions) e var knownGroupVersions = []schema.GroupVersion{ auditv1alpha1.SchemeGroupVersion, auditv1beta1.SchemeGroupVersion, + auditv1.SchemeGroupVersion, } func validateGroupVersionString(groupVersion string) error { diff --git a/staging/src/k8s.io/apiserver/plugin/pkg/audit/log/BUILD b/staging/src/k8s.io/apiserver/plugin/pkg/audit/log/BUILD index acfa9e828d2..0c8fa3a11a0 100644 --- a/staging/src/k8s.io/apiserver/plugin/pkg/audit/log/BUILD +++ b/staging/src/k8s.io/apiserver/plugin/pkg/audit/log/BUILD @@ -39,9 +39,11 @@ go_test( deps = [ "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library", + "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library", "//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library", "//staging/src/k8s.io/apiserver/pkg/apis/audit/install:go_default_library", + "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1:go_default_library", "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1:go_default_library", "//staging/src/k8s.io/apiserver/pkg/audit:go_default_library", "//vendor/github.com/pborman/uuid:go_default_library", diff --git a/staging/src/k8s.io/apiserver/plugin/pkg/audit/log/backend_test.go b/staging/src/k8s.io/apiserver/plugin/pkg/audit/log/backend_test.go index 68932d9319d..5d534670b26 100644 --- a/staging/src/k8s.io/apiserver/plugin/pkg/audit/log/backend_test.go +++ b/staging/src/k8s.io/apiserver/plugin/pkg/audit/log/backend_test.go @@ -27,9 +27,11 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" auditinternal "k8s.io/apiserver/pkg/apis/audit" "k8s.io/apiserver/pkg/apis/audit/install" + auditv1 "k8s.io/apiserver/pkg/apis/audit/v1" auditv1beta1 "k8s.io/apiserver/pkg/apis/audit/v1beta1" "k8s.io/apiserver/pkg/audit" ) @@ -89,7 +91,7 @@ func TestLogEventsLegacy(t *testing.T) { }, } { var buf bytes.Buffer - backend := NewBackend(&buf, FormatLegacy, auditv1beta1.SchemeGroupVersion) + backend := NewBackend(&buf, FormatLegacy, auditv1.SchemeGroupVersion) backend.ProcessEvents(test.event) match, err := regexp.MatchString(test.expected, buf.String()) if err != nil { @@ -141,18 +143,21 @@ func TestLogEventsJson(t *testing.T) { }, }, } { - var buf bytes.Buffer - backend := NewBackend(&buf, FormatJson, auditv1beta1.SchemeGroupVersion) - backend.ProcessEvents(event) - // decode events back and compare with the original one. - result := &auditinternal.Event{} - decoder := audit.Codecs.UniversalDecoder(auditv1beta1.SchemeGroupVersion) - if err := runtime.DecodeInto(decoder, buf.Bytes(), result); err != nil { - t.Errorf("failed decoding buf: %s", buf.String()) - continue - } - if !reflect.DeepEqual(event, result) { - t.Errorf("The result event should be the same with the original one, \noriginal: \n%#v\n result: \n%#v", event, result) + versions := []schema.GroupVersion{auditv1.SchemeGroupVersion, auditv1beta1.SchemeGroupVersion} + for _, version := range versions { + var buf bytes.Buffer + backend := NewBackend(&buf, FormatJson, version) + backend.ProcessEvents(event) + // decode events back and compare with the original one. + result := &auditinternal.Event{} + decoder := audit.Codecs.UniversalDecoder(version) + if err := runtime.DecodeInto(decoder, buf.Bytes(), result); err != nil { + t.Errorf("failed decoding buf: %s, apiVersion: %s", buf.String(), version) + continue + } + if !reflect.DeepEqual(event, result) { + t.Errorf("The result event should be the same with the original one, \noriginal: \n%#v\n result: \n%#v, apiVersion: %s", event, result, version) + } } } } diff --git a/staging/src/k8s.io/apiserver/plugin/pkg/audit/truncate/BUILD b/staging/src/k8s.io/apiserver/plugin/pkg/audit/truncate/BUILD index 4bd97fe6b58..93d6730d49f 100644 --- a/staging/src/k8s.io/apiserver/plugin/pkg/audit/truncate/BUILD +++ b/staging/src/k8s.io/apiserver/plugin/pkg/audit/truncate/BUILD @@ -25,7 +25,7 @@ go_test( deps = [ "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library", "//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library", - "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1:go_default_library", + "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1:go_default_library", "//staging/src/k8s.io/apiserver/plugin/pkg/audit/fake:go_default_library", "//staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook:go_default_library", "//vendor/github.com/stretchr/testify/require:go_default_library", diff --git a/staging/src/k8s.io/apiserver/plugin/pkg/audit/truncate/truncate_test.go b/staging/src/k8s.io/apiserver/plugin/pkg/audit/truncate/truncate_test.go index 9b0d5c14269..de6ce504001 100644 --- a/staging/src/k8s.io/apiserver/plugin/pkg/audit/truncate/truncate_test.go +++ b/staging/src/k8s.io/apiserver/plugin/pkg/audit/truncate/truncate_test.go @@ -24,7 +24,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" auditinternal "k8s.io/apiserver/pkg/apis/audit" - auditv1beta1 "k8s.io/apiserver/pkg/apis/audit/v1beta1" + auditv1 "k8s.io/apiserver/pkg/apis/audit/v1" "k8s.io/apiserver/plugin/pkg/audit/fake" // Importing just for the schema definitions. _ "k8s.io/apiserver/plugin/pkg/audit/webhook" @@ -82,7 +82,7 @@ func TestTruncatingEvents(t *testing.T) { event = events[0] }, } - b := NewBackend(fb, defaultConfig, auditv1beta1.SchemeGroupVersion) + b := NewBackend(fb, defaultConfig, auditv1.SchemeGroupVersion) b.ProcessEvents(tc.event) require.Equal(t, !tc.wantDropped, event != nil, "Incorrect event presence") @@ -132,7 +132,7 @@ func TestSplittingBatches(t *testing.T) { gotBatchCount++ }, } - b := NewBackend(fb, tc.config, auditv1beta1.SchemeGroupVersion) + b := NewBackend(fb, tc.config, auditv1.SchemeGroupVersion) b.ProcessEvents(tc.events...) require.Equal(t, tc.wantBatchCount, gotBatchCount) diff --git a/staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook/BUILD b/staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook/BUILD index 003aae86417..34a88f438b0 100644 --- a/staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook/BUILD +++ b/staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook/BUILD @@ -15,6 +15,7 @@ go_test( "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/runtime/serializer/json:go_default_library", "//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library", + "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1:go_default_library", "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1:go_default_library", "//staging/src/k8s.io/apiserver/pkg/audit:go_default_library", "//staging/src/k8s.io/client-go/tools/clientcmd/api/v1:go_default_library", diff --git a/staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook/webhook_test.go b/staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook/webhook_test.go index 909c2b85d9a..7d5dfd0c842 100644 --- a/staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook/webhook_test.go +++ b/staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook/webhook_test.go @@ -34,6 +34,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/serializer/json" auditinternal "k8s.io/apiserver/pkg/apis/audit" + auditv1 "k8s.io/apiserver/pkg/apis/audit/v1" auditv1beta1 "k8s.io/apiserver/pkg/apis/audit/v1beta1" "k8s.io/apiserver/pkg/audit" "k8s.io/client-go/tools/clientcmd/api/v1" @@ -112,17 +113,20 @@ func newWebhook(t *testing.T, endpoint string, groupVersion schema.GroupVersion) } func TestWebhook(t *testing.T) { - gotEvents := false - defer func() { require.True(t, gotEvents, "no events received") }() + versions := []schema.GroupVersion{auditv1.SchemeGroupVersion, auditv1beta1.SchemeGroupVersion} + for _, version := range versions { + gotEvents := false - s := httptest.NewServer(newWebhookHandler(t, &auditv1beta1.EventList{}, func(events runtime.Object) { - gotEvents = true - })) - defer s.Close() + s := httptest.NewServer(newWebhookHandler(t, &auditv1.EventList{}, func(events runtime.Object) { + gotEvents = true + })) + defer s.Close() - backend := newWebhook(t, s.URL, auditv1beta1.SchemeGroupVersion) + backend := newWebhook(t, s.URL, auditv1.SchemeGroupVersion) - // Ensure this doesn't return a serialization error. - event := &auditinternal.Event{} - require.NoError(t, backend.processEvents(event), "failed to send events") + // Ensure this doesn't return a serialization error. + event := &auditinternal.Event{} + require.NoError(t, backend.processEvents(event), fmt.Sprintf("failed to send events, apiVersion: %s", version)) + require.True(t, gotEvents, fmt.Sprintf("no events received, apiVersion: %s", version)) + } }