From d066d547cce64a4f02bb05d718bc53fe71d06ad3 Mon Sep 17 00:00:00 2001 From: xuzhonghu Date: Wed, 6 Jun 2018 10:53:03 +0800 Subject: [PATCH] logging user-agent in audit --- staging/src/k8s.io/apiserver/pkg/apis/audit/types.go | 4 ++++ staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1/types.go | 4 ++++ staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1/types.go | 4 ++++ staging/src/k8s.io/apiserver/pkg/audit/request.go | 1 + 4 files changed, 13 insertions(+) diff --git a/staging/src/k8s.io/apiserver/pkg/apis/audit/types.go b/staging/src/k8s.io/apiserver/pkg/apis/audit/types.go index d72505d10b9..5503ed64eb0 100644 --- a/staging/src/k8s.io/apiserver/pkg/apis/audit/types.go +++ b/staging/src/k8s.io/apiserver/pkg/apis/audit/types.go @@ -99,6 +99,10 @@ type Event struct { // Source IPs, from where the request originated and intermediate proxies. // +optional SourceIPs []string + // UserAgent is an optional field that specifies the caller of this request. + // Note that the UserAgent is provided by the client, and must not be trusted. + // +optional + UserAgent string // Object reference this request is targeted at. // Does not apply for List-type requests, or non-resource requests. // +optional diff --git a/staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1/types.go b/staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1/types.go index 7e8af12b87f..064fc487454 100644 --- a/staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1/types.go +++ b/staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1/types.go @@ -105,6 +105,10 @@ type Event struct { // Source IPs, from where the request originated and intermediate proxies. // +optional SourceIPs []string `json:"sourceIPs,omitempty" protobuf:"bytes,10,rep,name=sourceIPs"` + // UserAgent is an optional field that specifies the caller of this request. + // Note that the UserAgent is provided by the client, and must not be trusted. + // +optional + UserAgent string `json:"userAgent,omitempty" protobuf:"bytes,18,opt,name=userAgent"` // Object reference this request is targeted at. // Does not apply for List-type requests, or non-resource requests. // +optional diff --git a/staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1/types.go b/staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1/types.go index 0c3299b4ac3..27e338cac10 100644 --- a/staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1/types.go +++ b/staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1/types.go @@ -101,6 +101,10 @@ type Event struct { // Source IPs, from where the request originated and intermediate proxies. // +optional SourceIPs []string `json:"sourceIPs,omitempty" protobuf:"bytes,10,rep,name=sourceIPs"` + // UserAgent is an optional field that specifies the caller of this request. + // Note that the UserAgent is provided by the client, and must not be trusted. + // +optional + UserAgent string `json:"userAgent,omitempty" protobuf:"bytes,18,opt,name=userAgent"` // Object reference this request is targeted at. // Does not apply for List-type requests, or non-resource requests. // +optional diff --git a/staging/src/k8s.io/apiserver/pkg/audit/request.go b/staging/src/k8s.io/apiserver/pkg/audit/request.go index 25d6c33ebad..f62b0359f53 100644 --- a/staging/src/k8s.io/apiserver/pkg/audit/request.go +++ b/staging/src/k8s.io/apiserver/pkg/audit/request.go @@ -42,6 +42,7 @@ func NewEventFromRequest(req *http.Request, level auditinternal.Level, attribs a RequestReceivedTimestamp: metav1.NewMicroTime(time.Now()), Verb: attribs.GetVerb(), RequestURI: req.URL.RequestURI(), + UserAgent: req.UserAgent(), } ev.Level = level