use Audit v1 api and add it to some unit tests

2025-08-09 03:57:41 +00:00 · 2018-07-27 14:06:29 +08:00 · 2018-07-27 14:06:29 +08:00 · 716dc87a10
commit 716dc87a10
parent 15b800fdf7
11 changed files with 65 additions and 75 deletions
--- a/staging/src/k8s.io/apiserver/pkg/audit/policy/BUILD
+++ b/staging/src/k8s.io/apiserver/pkg/audit/policy/BUILD
@ -35,6 +35,7 @@ go_library(
    deps = [
        "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit/validation:go_default_library",
--- a/staging/src/k8s.io/apiserver/pkg/audit/policy/reader.go
+++ b/staging/src/k8s.io/apiserver/pkg/audit/policy/reader.go
@ -22,6 +22,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	auditinternal "k8s.io/apiserver/pkg/apis/audit"
 	auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
 	auditv1alpha1 "k8s.io/apiserver/pkg/apis/audit/v1alpha1"
 	auditv1beta1 "k8s.io/apiserver/pkg/apis/audit/v1beta1"
 	"k8s.io/apiserver/pkg/apis/audit/validation"
@ -34,6 +35,7 @@ var (
 	apiGroupVersions = []schema.GroupVersion{
 		auditv1beta1.SchemeGroupVersion,
 		auditv1alpha1.SchemeGroupVersion,
 		auditv1.SchemeGroupVersion,
 	}
 	apiGroupVersionSet = map[schema.GroupVersion]bool{}
 )
--- a/staging/src/k8s.io/apiserver/pkg/audit/policy/reader_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/audit/policy/reader_test.go
@ -20,6 +20,7 @@ import (
 	"io/ioutil"
 	"os"
 	"reflect"
 	"strings"
 	"testing"
 	"k8s.io/apimachinery/pkg/util/diff"
@ -31,28 +32,8 @@ import (
 	"github.com/stretchr/testify/require"
 )
-const policyDefV1alpha1 = `
+const policyDefPattern = `
-apiVersion: audit.k8s.io/v1alpha1
+apiVersion: audit.k8s.io/{version}
 kind: Policy
 rules:
  - level: None
    nonResourceURLs:
      - /healthz*
      - /version
  - level: RequestResponse
    users: ["tim"]
    userGroups: ["testers", "developers"]
    verbs: ["patch", "delete", "create"]
    resources:
      - group: ""
      - group: "rbac.authorization.k8s.io"
        resources: ["clusterroles", "clusterrolebindings"]
    namespaces: ["default", "kube-system"]
  - level: Metadata
 `
 const policyDefV1beta1 = `
 apiVersion: audit.k8s.io/v1beta1
 kind: Policy
 rules:
  - level: None
@ -108,17 +89,20 @@ var expectedPolicy = &audit.Policy{
 	}},
 }
-func TestParserV1alpha1(t *testing.T) {
+func TestParser(t *testing.T) {
-	f, err := writePolicy(t, policyDefV1alpha1)
+	for _, version := range []string{"v1", "v1alpha1", "v1beta1"} {
-	require.NoError(t, err)
+		policyDef := strings.Replace(policyDefPattern, "{version}", version, 1)
-	defer os.Remove(f)
+		f, err := writePolicy(t, policyDef)
 		require.NoError(t, err)
 		defer os.Remove(f)
-	policy, err := LoadPolicyFromFile(f)
+		policy, err := LoadPolicyFromFile(f)
-	require.NoError(t, err)
+		require.NoError(t, err)
-	assert.Len(t, policy.Rules, 3) // Sanity check.
+		assert.Len(t, policy.Rules, 3) // Sanity check.
-	if !reflect.DeepEqual(policy, expectedPolicy) {
+		if !reflect.DeepEqual(policy, expectedPolicy) {
-		t.Errorf("Unexpected policy! Diff:\n%s", diff.ObjectDiff(policy, expectedPolicy))
+			t.Errorf("Unexpected policy! Diff:\n%s", diff.ObjectDiff(policy, expectedPolicy))
 		}
 	}
 }
@ -131,27 +115,13 @@ func TestParsePolicyWithNoVersionOrKind(t *testing.T) {
 	assert.Contains(t, err.Error(), "unknown group version field")
 }
 func TestParserV1beta1(t *testing.T) {
 	f, err := writePolicy(t, policyDefV1beta1)
 	require.NoError(t, err)
 	defer os.Remove(f)
 	policy, err := LoadPolicyFromFile(f)
 	require.NoError(t, err)
 	assert.Len(t, policy.Rules, 3) // Sanity check.
 	if !reflect.DeepEqual(policy, expectedPolicy) {
 		t.Errorf("Unexpected policy! Diff:\n%s", diff.ObjectDiff(policy, expectedPolicy))
 	}
 }
 func TestPolicyCntCheck(t *testing.T) {
 	var testCases = []struct {
 		caseName, policy string
 	}{
 		{
 			"policyWithNoRule",
-			`apiVersion: audit.k8s.io/v1beta1
+			`apiVersion: audit.k8s.io/v1
 kind: Policy`,
 		},
 		{"emptyPolicyFile", ""},
--- a/staging/src/k8s.io/apiserver/pkg/server/options/BUILD
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/BUILD
@ -37,6 +37,7 @@ go_library(
        "//staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/apiserver:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1alpha1:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/audit:go_default_library",
--- a/staging/src/k8s.io/apiserver/pkg/server/options/audit.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/audit.go
@ -28,6 +28,7 @@ import (
 	"gopkg.in/natefinch/lumberjack.v2"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
 	auditv1alpha1 "k8s.io/apiserver/pkg/apis/audit/v1alpha1"
 	auditv1beta1 "k8s.io/apiserver/pkg/apis/audit/v1beta1"
 	"k8s.io/apiserver/pkg/audit"
@ -138,7 +139,8 @@ func NewAuditOptions() *AuditOptions {
 				Mode:        ModeBatch,
 				BatchConfig: pluginbuffered.NewDefaultBatchConfig(),
 			},
-			TruncateOptions:    NewAuditTruncateOptions(),
+			TruncateOptions: NewAuditTruncateOptions(),
 			// TODO(audit): use v1 API in release 1.13
 			GroupVersionString: "audit.k8s.io/v1beta1",
 		},
 		LogOptions: AuditLogOptions{
@ -147,7 +149,8 @@ func NewAuditOptions() *AuditOptions {
 				Mode:        ModeBlocking,
 				BatchConfig: defaultLogBatchConfig,
 			},
-			TruncateOptions:    NewAuditTruncateOptions(),
+			TruncateOptions: NewAuditTruncateOptions(),
 			// TODO(audit): use v1 API in release 1.13
 			GroupVersionString: "audit.k8s.io/v1beta1",
 		},
 	}
@ -222,6 +225,7 @@ func validateBackendBatchOptions(pluginName string, options AuditBatchOptions) e
 var knownGroupVersions = []schema.GroupVersion{
 	auditv1alpha1.SchemeGroupVersion,
 	auditv1beta1.SchemeGroupVersion,
 	auditv1.SchemeGroupVersion,
 }
 func validateGroupVersionString(groupVersion string) error {
--- a/staging/src/k8s.io/apiserver/plugin/pkg/audit/log/BUILD
+++ b/staging/src/k8s.io/apiserver/plugin/pkg/audit/log/BUILD
@ -39,9 +39,11 @@ go_test(
    deps = [
        "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit/install:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/audit:go_default_library",
        "//vendor/github.com/pborman/uuid:go_default_library",
--- a/staging/src/k8s.io/apiserver/plugin/pkg/audit/log/backend_test.go
+++ b/staging/src/k8s.io/apiserver/plugin/pkg/audit/log/backend_test.go
@ -27,9 +27,11 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
 	auditinternal "k8s.io/apiserver/pkg/apis/audit"
 	"k8s.io/apiserver/pkg/apis/audit/install"
 	auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
 	auditv1beta1 "k8s.io/apiserver/pkg/apis/audit/v1beta1"
 	"k8s.io/apiserver/pkg/audit"
 )
@ -89,7 +91,7 @@ func TestLogEventsLegacy(t *testing.T) {
 		},
 	} {
 		var buf bytes.Buffer
-		backend := NewBackend(&buf, FormatLegacy, auditv1beta1.SchemeGroupVersion)
+		backend := NewBackend(&buf, FormatLegacy, auditv1.SchemeGroupVersion)
 		backend.ProcessEvents(test.event)
 		match, err := regexp.MatchString(test.expected, buf.String())
 		if err != nil {
@ -141,18 +143,21 @@ func TestLogEventsJson(t *testing.T) {
 			},
 		},
 	} {
-		var buf bytes.Buffer
+		versions := []schema.GroupVersion{auditv1.SchemeGroupVersion, auditv1beta1.SchemeGroupVersion}
-		backend := NewBackend(&buf, FormatJson, auditv1beta1.SchemeGroupVersion)
+		for _, version := range versions {
-		backend.ProcessEvents(event)
+			var buf bytes.Buffer
-		// decode events back and compare with the original one.
+			backend := NewBackend(&buf, FormatJson, version)
-		result := &auditinternal.Event{}
+			backend.ProcessEvents(event)
-		decoder := audit.Codecs.UniversalDecoder(auditv1beta1.SchemeGroupVersion)
+			// decode events back and compare with the original one.
-		if err := runtime.DecodeInto(decoder, buf.Bytes(), result); err != nil {
+			result := &auditinternal.Event{}
-			t.Errorf("failed decoding buf: %s", buf.String())
+			decoder := audit.Codecs.UniversalDecoder(version)
-			continue
+			if err := runtime.DecodeInto(decoder, buf.Bytes(), result); err != nil {
-		}
+				t.Errorf("failed decoding buf: %s, apiVersion: %s", buf.String(), version)
-		if !reflect.DeepEqual(event, result) {
+				continue
-			t.Errorf("The result event should be the same with the original one, \noriginal: \n%#v\n result: \n%#v", event, result)
+			}
 			if !reflect.DeepEqual(event, result) {
 				t.Errorf("The result event should be the same with the original one, \noriginal: \n%#v\n result: \n%#v, apiVersion: %s", event, result, version)
 			}
 		}
 	}
 }
--- a/staging/src/k8s.io/apiserver/plugin/pkg/audit/truncate/BUILD
+++ b/staging/src/k8s.io/apiserver/plugin/pkg/audit/truncate/BUILD
@ -25,7 +25,7 @@ go_test(
    deps = [
        "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library",
-        "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1:go_default_library",
        "//staging/src/k8s.io/apiserver/plugin/pkg/audit/fake:go_default_library",
        "//staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook:go_default_library",
        "//vendor/github.com/stretchr/testify/require:go_default_library",
--- a/staging/src/k8s.io/apiserver/plugin/pkg/audit/truncate/truncate_test.go
+++ b/staging/src/k8s.io/apiserver/plugin/pkg/audit/truncate/truncate_test.go
@ -24,7 +24,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	auditinternal "k8s.io/apiserver/pkg/apis/audit"
-	auditv1beta1 "k8s.io/apiserver/pkg/apis/audit/v1beta1"
+	auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
 	"k8s.io/apiserver/plugin/pkg/audit/fake"
 	// Importing just for the schema definitions.
 	_ "k8s.io/apiserver/plugin/pkg/audit/webhook"
@ -82,7 +82,7 @@ func TestTruncatingEvents(t *testing.T) {
 					event = events[0]
 				},
 			}
-			b := NewBackend(fb, defaultConfig, auditv1beta1.SchemeGroupVersion)
+			b := NewBackend(fb, defaultConfig, auditv1.SchemeGroupVersion)
 			b.ProcessEvents(tc.event)
 			require.Equal(t, !tc.wantDropped, event != nil, "Incorrect event presence")
@ -132,7 +132,7 @@ func TestSplittingBatches(t *testing.T) {
 					gotBatchCount++
 				},
 			}
-			b := NewBackend(fb, tc.config, auditv1beta1.SchemeGroupVersion)
+			b := NewBackend(fb, tc.config, auditv1.SchemeGroupVersion)
 			b.ProcessEvents(tc.events...)
 			require.Equal(t, tc.wantBatchCount, gotBatchCount)
--- a/staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook/BUILD
+++ b/staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook/BUILD
@ -15,6 +15,7 @@ go_test(
        "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/runtime/serializer/json:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/audit:go_default_library",
        "//staging/src/k8s.io/client-go/tools/clientcmd/api/v1:go_default_library",
--- a/staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook/webhook_test.go
+++ b/staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook/webhook_test.go
@ -34,6 +34,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/runtime/serializer/json"
 	auditinternal "k8s.io/apiserver/pkg/apis/audit"
 	auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
 	auditv1beta1 "k8s.io/apiserver/pkg/apis/audit/v1beta1"
 	"k8s.io/apiserver/pkg/audit"
 	"k8s.io/client-go/tools/clientcmd/api/v1"
@ -112,17 +113,20 @@ func newWebhook(t *testing.T, endpoint string, groupVersion schema.GroupVersion)
 }
 func TestWebhook(t *testing.T) {
-	gotEvents := false
+	versions := []schema.GroupVersion{auditv1.SchemeGroupVersion, auditv1beta1.SchemeGroupVersion}
-	defer func() { require.True(t, gotEvents, "no events received") }()
+	for _, version := range versions {
 		gotEvents := false
-	s := httptest.NewServer(newWebhookHandler(t, &auditv1beta1.EventList{}, func(events runtime.Object) {
+		s := httptest.NewServer(newWebhookHandler(t, &auditv1.EventList{}, func(events runtime.Object) {
-		gotEvents = true
+			gotEvents = true
-	}))
+		}))
-	defer s.Close()
+		defer s.Close()
-	backend := newWebhook(t, s.URL, auditv1beta1.SchemeGroupVersion)
+		backend := newWebhook(t, s.URL, auditv1.SchemeGroupVersion)
-	// Ensure this doesn't return a serialization error.
+		// Ensure this doesn't return a serialization error.
-	event := &auditinternal.Event{}
+		event := &auditinternal.Event{}
-	require.NoError(t, backend.processEvents(event), "failed to send events")
+		require.NoError(t, backend.processEvents(event), fmt.Sprintf("failed to send events, apiVersion: %s", version))
 		require.True(t, gotEvents, fmt.Sprintf("no events received, apiVersion: %s", version))
 	}
 }