mirror of
https://github.com/k3s-io/kubernetes.git
synced 2026-01-17 15:27:42 +00:00
1f45c4846b
Automatic merge from submit-queue (batch tested with PRs 45766, 46223) Audit: fill audit.Event in handler chain Related: - external API types https://github.com/kubernetes/kubernetes/pull/45315 - policy checker https://github.com/kubernetes/kubernetes/pull/46009 Decisions: - ~~[ ] decide whether we want to send an event before `WriteHeader` https://github.com/kubernetes/kubernetes/pull/45766#pullrequestreview-38664161~~ Follow-up described in https://github.com/kubernetes/kubernetes/pull/46065/files#r117438531 - [ ] decide how to handle `AuditID`s and the IP chain https://github.com/kubernetes/kubernetes/pull/45766#pullrequestreview-38659371. Is the variant in the proposal (https://github.com/kubernetes/community/pull/625) final? Then we need the API type update. - ~~[ ] decide how to mark intermediate/incomplete events? set a special reason in `ResponseStatus.Reason` vs. having extra fields for that `Event.NonFinal` https://github.com/kubernetes/kubernetes/pull/45766#discussion_r116795888~~ Follow-up of #46065 - [ ] decide whether and how to protect the `Audit-Level` header https://github.com/kubernetes/kubernetes/pull/45766#pullrequestreview-38937691 TODOs: - ~~[ ] move `AuditIDHeader`, `AuditLevelHeader` to types https://github.com/kubernetes/kubernetes/pull/45766#discussion_r117064094, @timstclair for the type PR~~ Follow-up of https://github.com/kubernetes/kubernetes/pull/46065 - [x] add SourceIP/ForwardedFor support https://github.com/kubernetes/kubernetes/pull/45766#discussion_r116778101 - [x] adapt ObjectReference.Resource to API PR https://github.com/kubernetes/kubernetes/pull/45766#pullrequestreview-38656828