From a380ef5c416194826b70ae75dc4e86776e1a3afe Mon Sep 17 00:00:00 2001
From: Vladimir Nachev <vladimir.nachev@sap.com>
Date: Mon, 27 Jun 2022 17:21:02 +0300
Subject: [PATCH] Ensure the dir of --audit-log-path exists

Signed-off-by: Vladimir Nachev <vladimir.nachev@sap.com>
---
 staging/src/k8s.io/apiserver/pkg/server/options/audit.go | 4 ++++
 .../k8s.io/apiserver/pkg/server/options/audit_test.go    | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/audit.go b/staging/src/k8s.io/apiserver/pkg/server/options/audit.go
index 06e7f940862..f3c9adba04f 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/options/audit.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/audit.go
@@ -20,6 +20,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"path/filepath"
 	"strings"
 	"time"
 
@@ -525,6 +526,9 @@ func (o *AuditLogOptions) getWriter() (io.Writer, error) {
 }
 
 func (o *AuditLogOptions) ensureLogFile() error {
+	if err := os.MkdirAll(filepath.Dir(o.Path), 0700); err != nil {
+		return err
+	}
 	mode := os.FileMode(0600)
 	f, err := os.OpenFile(o.Path, os.O_CREATE|os.O_APPEND|os.O_RDWR, mode)
 	if err != nil {
diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/audit_test.go b/staging/src/k8s.io/apiserver/pkg/server/options/audit_test.go
index 074e75192ca..5ff1e349621 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/options/audit_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/audit_test.go
@@ -69,6 +69,15 @@ func TestAuditValidOptions(t *testing.T) {
 			return o
 		},
 		expected: "ignoreErrors<log>",
+	}, {
+		name: "create audit log path dir",
+		options: func() *AuditOptions {
+			o := NewAuditOptions()
+			o.LogOptions.Path = filepath.Join(tmpDir, "non-existing-dir1", "non-existing-dir2", "audit")
+			o.PolicyFile = policy
+			return o
+		},
+		expected: "ignoreErrors<log>",
 	}, {
 		name: "default log no policy",
 		options: func() *AuditOptions {