From 93e1e54e290325d82e41d50f64057323879bdef2 Mon Sep 17 00:00:00 2001
From: "Tim St. Clair" <stclair@google.com>
Date: Fri, 26 May 2017 16:31:00 -0700
Subject: [PATCH] Fix audit level none

---
 .../apiserver/pkg/endpoints/filters/audit.go  |  1 +
 .../pkg/endpoints/filters/audit_test.go       | 25 ++++++++++++++++---
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/audit.go b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/audit.go
index 9a3083960dc..edc45a28137 100644
--- a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/audit.go
+++ b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/audit.go
@@ -71,6 +71,7 @@ func WithAudit(handler http.Handler, requestContextMapper request.RequestContext
 		if level == auditinternal.LevelNone {
 			// Don't audit.
 			handler.ServeHTTP(w, req)
+			return
 		}
 
 		ev, err := audit.NewEventFromRequest(req, level, attribs)
diff --git a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/audit_test.go b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/audit_test.go
index e312680a3a7..b4fb7175efb 100644
--- a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/audit_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/audit_test.go
@@ -333,15 +333,12 @@ func TestAudit(t *testing.T) {
 		req, _ := http.NewRequest("GET", test.path, nil)
 		req.RemoteAddr = "127.0.0.1"
 
-		done := make(chan struct{})
-		go func() {
+		func() {
 			defer func() {
 				recover()
-				close(done)
 			}()
 			handler.ServeHTTP(httptest.NewRecorder(), req)
 		}()
-		<-done
 
 		t.Logf("[%s] audit log: %v", test.desc, buf.String())
 
@@ -394,3 +391,23 @@ func TestAuditNoPanicOnNilUser(t *testing.T) {
 	req.RemoteAddr = "127.0.0.1"
 	handler.ServeHTTP(httptest.NewRecorder(), req)
 }
+
+func TestAuditLevelNone(t *testing.T) {
+	sink := &fakeAuditSink{}
+	var handler http.Handler
+	handler = http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		w.WriteHeader(200)
+	})
+	policyChecker := policy.FakeChecker(auditinternal.LevelNone)
+	handler = WithAudit(handler, &fakeRequestContextMapper{
+		user: &user.DefaultInfo{Name: "admin"},
+	}, sink, policyChecker, nil)
+
+	req, _ := http.NewRequest("GET", "/api/v1/namespaces/default/pods", nil)
+	req.RemoteAddr = "127.0.0.1"
+
+	handler.ServeHTTP(httptest.NewRecorder(), req)
+	if len(sink.events) > 0 {
+		t.Errorf("Generated events, but should not have: %#v", sink.events)
+	}
+}