From 21666682ebc81ca3388a5c40cbd4f1d1d926aeef Mon Sep 17 00:00:00 2001 From: Eric Chiang Date: Tue, 29 Aug 2017 13:58:22 -0700 Subject: [PATCH] test/e2e/auth: fix audit log test format parsing --- test/e2e/auth/BUILD | 1 + test/e2e/auth/audit.go | 24 +++++++++++++++++------- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/test/e2e/auth/BUILD b/test/e2e/auth/BUILD index 6ffc76b7cb8..f830a1ff69c 100644 --- a/test/e2e/auth/BUILD +++ b/test/e2e/auth/BUILD @@ -29,6 +29,7 @@ go_library( "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/util/uuid:go_default_library", "//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library", + "//vendor/k8s.io/apiserver/pkg/apis/audit/v1beta1:go_default_library", "//vendor/k8s.io/client-go/kubernetes:go_default_library", "//vendor/k8s.io/client-go/kubernetes/typed/certificates/v1beta1:go_default_library", "//vendor/k8s.io/client-go/rest:go_default_library", diff --git a/test/e2e/auth/audit.go b/test/e2e/auth/audit.go index fa85aa0d1ba..2f609e39923 100644 --- a/test/e2e/auth/audit.go +++ b/test/e2e/auth/audit.go @@ -18,11 +18,13 @@ package auth import ( "bufio" + "encoding/json" "fmt" "strings" apiv1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apiserver/pkg/apis/audit/v1beta1" "k8s.io/kubernetes/test/e2e/framework" . "github.com/onsi/ginkgo" @@ -66,10 +68,6 @@ var _ = SIGDescribe("Advanced Audit [Feature:Audit]", func() { err = f.ClientSet.Core().Secrets(f.Namespace.Name).Delete(secret.Name, &metav1.DeleteOptions{}) framework.ExpectNoError(err, "failed to delete audit-secret") - // /version should not be audited - _, err = f.ClientSet.Core().RESTClient().Get().AbsPath("/version").DoRaw() - framework.ExpectNoError(err, "failed to query version") - expectedEvents := []auditEvent{{ method: "create", namespace: namespace, @@ -126,9 +124,6 @@ func expectAuditLines(f *framework.Framework, expected []auditEvent) { if _, found := expectations[event]; found { expectations[event] = true } - - // /version should not be audited (filtered in the policy). - Expect(event.uri).NotTo(HavePrefix("/version")) } framework.ExpectNoError(scanner.Err(), "error reading audit log") @@ -138,6 +133,21 @@ func expectAuditLines(f *framework.Framework, expected []auditEvent) { } func parseAuditLine(line string) (auditEvent, error) { + var e v1beta1.Event + if err := json.Unmarshal([]byte(line), &e); err == nil { + event := auditEvent{ + method: e.Verb, + uri: e.RequestURI, + } + if e.ObjectRef != nil { + event.namespace = e.ObjectRef.Namespace + } + if e.ResponseStatus != nil { + event.response = fmt.Sprintf("%d", e.ResponseStatus.Code) + } + return event, nil + } + fields := strings.Fields(line) if len(fields) < 3 { return auditEvent{}, fmt.Errorf("could not parse audit line: %s", line)