ignore dryRun k8s request when auditing

Signed-off-by: wanjunlei <wanjunlei@yunify.com>

pkg/apiserver/auditing/types.go

@@ -33,7 +33,7 @@ type Auditing interface {
 	Enabled() bool
 	K8sAuditingEnabled() bool
 	LogRequestObject(req *http.Request, info *request.RequestInfo) *auditv1alpha1.Event
-	LogResponseObject(e *auditv1alpha1.Event, resp *ResponseCapture, info *request.RequestInfo)
+	LogResponseObject(e *auditv1alpha1.Event, resp *ResponseCapture)
 }
 
 type auditing struct {
@@ -96,6 +96,17 @@ func (a *auditing) K8sAuditingEnabled() bool {
 //
 func (a *auditing) LogRequestObject(req *http.Request, info *request.RequestInfo) *auditv1alpha1.Event {
 
+	// Ignore the dryRun k8s request.
+	if info.IsKubernetesRequest {
+		values := req.URL.Query()
+		if v, ok := values["dryRun"]; ok {
+			if len(v) > 0 && v[0] == v1.DryRunAll {
+				klog.V(6).Infof("ignore dryRun request %s", req.URL.Path)
+				return nil
+			}
+		}
+	}
+
 	e := &auditv1alpha1.Event{
 		Workspace: info.Workspace,
 		Cluster:   info.Cluster,
@@ -175,7 +186,7 @@ func (a *auditing) LogRequestObject(req *http.Request, info *request.RequestInfo
 	return e
 }
 
-func (a *auditing) LogResponseObject(e *auditv1alpha1.Event, resp *ResponseCapture, info *request.RequestInfo) {
+func (a *auditing) LogResponseObject(e *auditv1alpha1.Event, resp *ResponseCapture) {
 
 	e.StageTimestamp = v1.NewMicroTime(time.Now())
 	e.ResponseStatus = &v1.Status{Code: int32(resp.StatusCode())}

pkg/apiserver/auditing/types_test.go

@@ -252,7 +252,7 @@ func TestAuditing_LogResponseObject(t *testing.T) {
 	resp := NewResponseCapture(httptest.NewRecorder())
 	resp.WriteHeader(200)
 
-	a.LogResponseObject(e, resp, info)
+	a.LogResponseObject(e, resp)
 
 	expectedEvent := &v1alpha12.Event{
 		Event: audit.Event{