From b48ac54e1c97a2e72a55aa2214efd9d6126bf0fe Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Mon, 26 Sep 2016 11:20:04 +0200 Subject: [PATCH] Make audit writer accessible from Config ... such that it can be used for a custom handler chain. --- pkg/genericapiserver/config.go | 33 +++++++++++------------- pkg/genericapiserver/genericapiserver.go | 4 --- 2 files changed, 15 insertions(+), 22 deletions(-) diff --git a/pkg/genericapiserver/config.go b/pkg/genericapiserver/config.go index 89aed26e6f2..d9645163f69 100644 --- a/pkg/genericapiserver/config.go +++ b/pkg/genericapiserver/config.go @@ -19,6 +19,7 @@ package genericapiserver import ( "crypto/tls" "fmt" + "io" "mime" "net" "net/http" @@ -53,10 +54,8 @@ import ( // Config is a structure used to configure a GenericAPIServer. type Config struct { - AuditLogPath string - AuditLogMaxAge int - AuditLogMaxBackups int - AuditLogMaxSize int + // Destination for audit logs + AuditWriter io.Writer // Allow downstream consumers to disable swagger. // This includes returning the generated swagger spec at /swaggerapi and swagger ui at /swagger-ui. EnableSwaggerSupport bool @@ -165,14 +164,21 @@ type Config struct { } func NewConfig(options *options.ServerRunOptions) *Config { + var auditWriter io.Writer + if len(options.AuditLogPath) != 0 { + auditWriter = &lumberjack.Logger{ + Filename: options.AuditLogPath, + MaxAge: options.AuditLogMaxAge, + MaxBackups: options.AuditLogMaxBackups, + MaxSize: options.AuditLogMaxSize, + } + } + return &Config{ APIGroupPrefix: options.APIGroupPrefix, APIPrefix: options.APIPrefix, CorsAllowedOriginList: options.CorsAllowedOriginList, - AuditLogPath: options.AuditLogPath, - AuditLogMaxAge: options.AuditLogMaxAge, - AuditLogMaxBackups: options.AuditLogMaxBackups, - AuditLogMaxSize: options.AuditLogMaxSize, + AuditWriter: auditWriter, EnableGarbageCollection: options.EnableGarbageCollection, EnableIndex: true, EnableProfiling: options.EnableProfiling, @@ -332,15 +338,6 @@ func (c Config) New() (*GenericAPIServer, error) { }) } - if len(c.AuditLogPath) != 0 { - s.auditWriter = &lumberjack.Logger{ - Filename: c.AuditLogPath, - MaxAge: c.AuditLogMaxAge, - MaxBackups: c.AuditLogMaxBackups, - MaxSize: c.AuditLogMaxSize, - } - } - // Send correct mime type for .svg files. // TODO: remove when https://github.com/golang/go/commit/21e47d831bafb59f22b1ea8098f709677ec8ce33 // makes it into all of our supported go versions (only in v1.7.1 now). @@ -371,7 +368,7 @@ func (s *GenericAPIServer) buildHandlerChains(c *Config, handler http.Handler) ( secure = handler secure = apiserverfilters.WithAuthorization(secure, attributeGetter, c.Authorizer) secure = apiserverfilters.WithImpersonation(secure, c.RequestContextMapper, c.Authorizer) - secure = apiserverfilters.WithAudit(secure, attributeGetter, s.auditWriter) // before impersonation to read original user + secure = apiserverfilters.WithAudit(secure, attributeGetter, c.AuditWriter) // before impersonation to read original user secure = authhandlers.WithAuthentication(secure, c.RequestContextMapper, c.Authenticator, authhandlers.Unauthorized(c.SupportsBasicAuth)) secure = genericfilters.WithPanicRecovery(secure, s.NewRequestInfoResolver()) secure = genericfilters.WithTimeoutForNonLongRunningRequests(secure, longRunningFunc) diff --git a/pkg/genericapiserver/genericapiserver.go b/pkg/genericapiserver/genericapiserver.go index f7432b41e9d..107b6abb0fc 100644 --- a/pkg/genericapiserver/genericapiserver.go +++ b/pkg/genericapiserver/genericapiserver.go @@ -19,7 +19,6 @@ package genericapiserver import ( "crypto/tls" "fmt" - "io" "net" "net/http" "path" @@ -166,9 +165,6 @@ type GenericAPIServer struct { postStartHooks map[string]PostStartHookFunc postStartHookLock sync.Mutex postStartHooksCalled bool - - // Writer to write the audit log to. - auditWriter io.Writer } // RequestContextMapper is exposed so that third party resource storage can be build in a different location.