github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 19:56:01 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #51560 from ericchiang/fix-audit-log-test

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 51632, 51055, 51676, 51560, 50007)

test/e2e/auth: fix audit log test format parsing

Fixes https://github.com/kubernetes/kubernetes/issues/51556

```release-note
NONE
```

cc @CaoShuFeng

Still need to figure out how to run this test locally.
This commit is contained in:
Kubernetes Submit Queue 2017-09-01 08:27:18 -07:00 committed by GitHub
commit 7da58e29d2
2 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
test/e2e/auth/BUILD
View File

@ -29,6 +29,7 @@ go_library(
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/uuid:go_default_library", "//vendor/k8s.io/apimachinery/pkg/util/uuid:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library", "//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library",
"//vendor/k8s.io/apiserver/pkg/apis/audit/v1beta1:go_default_library",
"//vendor/k8s.io/client-go/kubernetes:go_default_library", "//vendor/k8s.io/client-go/kubernetes:go_default_library",
"//vendor/k8s.io/client-go/kubernetes/typed/certificates/v1beta1:go_default_library", "//vendor/k8s.io/client-go/kubernetes/typed/certificates/v1beta1:go_default_library",
"//vendor/k8s.io/client-go/rest:go_default_library", "//vendor/k8s.io/client-go/rest:go_default_library",

24
test/e2e/auth/audit.go
View File

@ -18,11 +18,13 @@ package auth
import ( import (
"bufio" "bufio"
"encoding/json"
"fmt" "fmt"
"strings" "strings"
apiv1 "k8s.io/api/core/v1" apiv1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apiserver/pkg/apis/audit/v1beta1"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"
. "github.com/onsi/ginkgo" . "github.com/onsi/ginkgo"
@ -66,10 +68,6 @@ var _ = SIGDescribe("Advanced Audit [Feature:Audit]", func() {
err = f.ClientSet.Core().Secrets(f.Namespace.Name).Delete(secret.Name, &metav1.DeleteOptions{}) err = f.ClientSet.Core().Secrets(f.Namespace.Name).Delete(secret.Name, &metav1.DeleteOptions{})
framework.ExpectNoError(err, "failed to delete audit-secret") framework.ExpectNoError(err, "failed to delete audit-secret")
// /version should not be audited
_, err = f.ClientSet.Core().RESTClient().Get().AbsPath("/version").DoRaw()
framework.ExpectNoError(err, "failed to query version")
expectedEvents := []auditEvent{{ expectedEvents := []auditEvent{{
method: "create", method: "create",
namespace: namespace, namespace: namespace,
@ -126,9 +124,6 @@ func expectAuditLines(f *framework.Framework, expected []auditEvent) {
if _, found := expectations[event]; found { if _, found := expectations[event]; found {
expectations[event] = true expectations[event] = true
} }
// /version should not be audited (filtered in the policy).
Expect(event.uri).NotTo(HavePrefix("/version"))
} }
framework.ExpectNoError(scanner.Err(), "error reading audit log") framework.ExpectNoError(scanner.Err(), "error reading audit log")
@ -138,6 +133,21 @@ func expectAuditLines(f *framework.Framework, expected []auditEvent) {
} }
func parseAuditLine(line string) (auditEvent, error) { func parseAuditLine(line string) (auditEvent, error) {
var e v1beta1.Event
if err := json.Unmarshal([]byte(line), &e); err == nil {
event := auditEvent{
method: e.Verb,
uri: e.RequestURI,
}
if e.ObjectRef != nil {
event.namespace = e.ObjectRef.Namespace
}
if e.ResponseStatus != nil {
event.response = fmt.Sprintf("%d", e.ResponseStatus.Code)
}
return event, nil
}
fields := strings.Fields(line) fields := strings.Fields(line)
if len(fields) < 3 { if len(fields) < 3 {
return auditEvent{}, fmt.Errorf("could not parse audit line: %s", line) return auditEvent{}, fmt.Errorf("could not parse audit line: %s", line)