Merge pull request #2187 from wanjunlei/master

add audit components
2020-06-15 11:40:40 +08:00
parent 0ff0ab3f10 a3561550bb
commit 977e30700e
40 changed files with 2558 additions and 12 deletions
--- a/pkg/apiserver/apiserver.go
+++ b/pkg/apiserver/apiserver.go
@@ -27,6 +27,7 @@ import (
 	unionauth "k8s.io/apiserver/pkg/authentication/request/union"
 	"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
 	"k8s.io/klog"
+	audit "kubesphere.io/kubesphere/pkg/apiserver/auditing"
 	"kubesphere.io/kubesphere/pkg/apiserver/authentication/authenticators/basic"
 	"kubesphere.io/kubesphere/pkg/apiserver/authentication/authenticators/jwttoken"
 	"kubesphere.io/kubesphere/pkg/apiserver/authentication/request/anonymous"
@@ -139,7 +140,7 @@ type APIServer struct {
 	AuditingClient auditing.Client
 }

-func (s *APIServer) PrepareRun() error {
+func (s *APIServer) PrepareRun(stopCh <-chan struct{}) error {

 	s.container = restful.NewContainer()
 	s.container.Filter(logRequestAndResponse)
@@ -156,7 +157,7 @@ func (s *APIServer) PrepareRun() error {

 	s.Server.Handler = s.container

-	s.buildHandlerChain()
+	s.buildHandlerChain(stopCh)

 	return nil
 }
@@ -232,7 +233,7 @@ func (s *APIServer) Run(stopCh <-chan struct{}) (err error) {
 	return err
 }

-func (s *APIServer) buildHandlerChain() {
+func (s *APIServer) buildHandlerChain(stopCh <-chan struct{}) {
 	requestInfoResolver := &request.RequestInfoFactory{
 		APIPrefixes:          sets.NewString("api", "apis", "kapis", "kapi"),
 		GrouplessAPIPrefixes: sets.NewString("api", "kapi"),
@@ -241,6 +242,12 @@ func (s *APIServer) buildHandlerChain() {
 	handler := s.Server.Handler
 	handler = filters.WithKubeAPIServer(handler, s.KubernetesClient.Config(), &errorResponder{})

+	if s.Config.AuditingOptions.Enable {
+		handler = filters.WithAuditing(handler,
+			audit.NewAuditing(s.InformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Lister(),
+				s.Config.AuditingOptions.WebhookUrl, stopCh))
+	}
+
 	if s.Config.MultiClusterOptions.Enable {
 		clusterDispatcher := dispatch.NewClusterDispatch(s.InformerFactory.KubeSphereSharedInformerFactory().Cluster().V1alpha1().Clusters(),
 			s.InformerFactory.KubeSphereSharedInformerFactory().Cluster().V1alpha1().Clusters().Lister())