feat: kubesphere 4.0 (#6115)
* feat: kubesphere 4.0 Signed-off-by: ci-bot <ci-bot@kubesphere.io> * feat: kubesphere 4.0 Signed-off-by: ci-bot <ci-bot@kubesphere.io> --------- Signed-off-by: ci-bot <ci-bot@kubesphere.io> Co-authored-by: ks-ci-bot <ks-ci-bot@example.com> Co-authored-by: joyceliu <joyceliu@yunify.com>
This commit is contained in:
KubeSphere CI Bot
committed by
GitHub
GitHub
parent
b5015ec7b9
commit
447a51f08b
29
vendor/k8s.io/apiserver/pkg/audit/request.go
generated
vendored
29
vendor/k8s.io/apiserver/pkg/audit/request.go
generated
vendored
@@ -28,14 +28,11 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
utilnet "k8s.io/apimachinery/pkg/util/net"
|
||||
auditinternal "k8s.io/apiserver/pkg/apis/audit"
|
||||
"k8s.io/apiserver/pkg/authentication/user"
|
||||
"k8s.io/apiserver/pkg/authorization/authorizer"
|
||||
"k8s.io/klog/v2"
|
||||
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -43,20 +40,18 @@ const (
|
||||
userAgentTruncateSuffix = "...TRUNCATED"
|
||||
)
|
||||
|
||||
func NewEventFromRequest(req *http.Request, requestReceivedTimestamp time.Time, level auditinternal.Level, attribs authorizer.Attributes) (*auditinternal.Event, error) {
|
||||
ev := &auditinternal.Event{
|
||||
RequestReceivedTimestamp: metav1.NewMicroTime(requestReceivedTimestamp),
|
||||
Verb: attribs.GetVerb(),
|
||||
RequestURI: req.URL.RequestURI(),
|
||||
UserAgent: maybeTruncateUserAgent(req),
|
||||
Level: level,
|
||||
func LogRequestMetadata(ctx context.Context, req *http.Request, requestReceivedTimestamp time.Time, level auditinternal.Level, attribs authorizer.Attributes) {
|
||||
ac := AuditContextFrom(ctx)
|
||||
if !ac.Enabled() {
|
||||
return
|
||||
}
|
||||
ev := &ac.Event
|
||||
|
||||
auditID, found := AuditIDFrom(req.Context())
|
||||
if !found {
|
||||
auditID = types.UID(uuid.New().String())
|
||||
}
|
||||
ev.AuditID = auditID
|
||||
ev.RequestReceivedTimestamp = metav1.NewMicroTime(requestReceivedTimestamp)
|
||||
ev.Verb = attribs.GetVerb()
|
||||
ev.RequestURI = req.URL.RequestURI()
|
||||
ev.UserAgent = maybeTruncateUserAgent(req)
|
||||
ev.Level = level
|
||||
|
||||
ips := utilnet.SourceIPs(req)
|
||||
ev.SourceIPs = make([]string, len(ips))
|
||||
@@ -84,10 +79,6 @@ func NewEventFromRequest(req *http.Request, requestReceivedTimestamp time.Time,
|
||||
APIVersion: attribs.GetAPIVersion(),
|
||||
}
|
||||
}
|
||||
|
||||
addAuditAnnotationsFrom(req.Context(), ev)
|
||||
|
||||
return ev, nil
|
||||
}
|
||||
|
||||
// LogImpersonatedUser fills in the impersonated user attributes into an audit event.
|
||||
|
||||
Reference in New Issue
Block a user