admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #2155 from wanjunlei/master

Browse Source 
add response_code_filter parameter in auditing events search api
This commit is contained in:
KubeSphere CI Bot
2020-06-05 14:56:38 +08:00
committed by GitHub
parent 38274c61f9 3d3b9d5af5
commit df348b199f
7 changed files with 172 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/simple/client/auditing/elasticsearch/elasticsearch.go
View File

@@ -361,10 +361,10 @@ func parseToQueryPart(f *auditing.Filter) interface{} {
}
}
if f.ResponseStatus != nil && len(f.ResponseStatus) > 0 {
if f.ResponseCodes != nil && len(f.ResponseCodes) > 0 {
bi := BoolBody{MinimumShouldMatch: &mini}
for _, v := range f.ResponseStatus {
for _, v := range f.ResponseCodes {
bi.Should = append(bi.Should, map[string]interface{}{
"term": map[string]int32{"ResponseStatus.code": v},
})
@@ -373,6 +373,13 @@ func parseToQueryPart(f *auditing.Filter) interface{} {
b.Filter = append(b.Filter, map[string]interface{}{"bool": bi})
}
if len(f.ResponseStatus) > 0 {
if bi := shouldBoolbody("match_phrase", "ResponseStatus.status",
f.ResponseStatus, nil); bi != nil {
b.Filter = append(b.Filter, map[string]interface{}{"bool": bi})
}
}
if f.StartTime != nil || f.EndTime != nil {
m := make(map[string]*time.Time)
if f.StartTime != nil {

152
pkg/simple/client/auditing/elasticsearch/elasticsearch_test.go
View File

@@ -171,6 +171,18 @@ func TestParseToQueryPart(t *testing.T) {
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"match_phrase_prefix": {
"ObjectRef.Name.keyword": "istio"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
@@ -183,10 +195,131 @@ func TestParseToQueryPart(t *testing.T) {
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"match_phrase": {
"Verb": "create"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"match_phrase": {
"Level": "Metadata"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"wildcard": {
"SourceIPs": "*192.168*"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"match_phrase": {
"User.Username.keyword": "system:serviceaccount:kubesphere-system:kubesphere"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"wildcard": {
"User.Username": "*system:serviceaccount*"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"wildcard": {
"User.Groups": "*system:serviceaccounts*"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"match_phrase_prefix": {
"ObjectRef.Resource.keyword": "devops"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"match_phrase_prefix": {
"ObjectRef.Subresource.keyword": "pipeline"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"term": {
"ResponseStatus.code": 404
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"match_phrase": {
"ResponseStatus.status": "Failure"
}
}
],
"minimum_should_match": 1
}
},
{
"range": {
"RequestReceivedTimestamp": {
"gte": "2019-12-01T01:01:01.000000001Z"
"gte": "2019-12-01T01:01:01.000000001Z",
"lte": "2020-01-01T01:01:01.000000001Z"
}
}
}
@@ -196,13 +329,26 @@ func TestParseToQueryPart(t *testing.T) {
`
nsCreateTime := time.Date(2020, time.Month(1), 1, 1, 1, 1, 1, time.UTC)
startTime := nsCreateTime.AddDate(0, -1, 0)
endTime := nsCreateTime.AddDate(0, 0, 0)
filter := &auditing.Filter{
ObjectRefNamespaceMap: map[string]time.Time{
"kubesphere-system": nsCreateTime,
},
ObjectRefNameFuzzy: []string{"istio"},
StartTime: &startTime,
ObjectRefNames: []string{"istio"},
ObjectRefNameFuzzy: []string{"istio"},
Levels: []string{"Metadata"},
Verbs: []string{"create"},
Users: []string{"system:serviceaccount:kubesphere-system:kubesphere"},
UserFuzzy: []string{"system:serviceaccount"},
GroupFuzzy: []string{"system:serviceaccounts"},
SourceIpFuzzy: []string{"192.168"},
ObjectRefResources: []string{"devops"},
ObjectRefSubresources: []string{"pipeline"},
ResponseCodes: []int32{404},
ResponseStatus: []string{"Failure"},
StartTime: &startTime,
EndTime: &endTime,
}
qp := parseToQueryPart(filter)

6
pkg/simple/client/auditing/elasticsearch/options.go
View File

@@ -47,15 +47,15 @@ func (s *Options) Validate() []error {
}
func (s *Options) AddFlags(fs *pflag.FlagSet, c *Options) {
fs.StringVar(&s.Host, "elasticsearch-host", c.Host, ""+
fs.StringVar(&s.Host, "auditing-elasticsearch-host", c.Host, ""+
"Elasticsearch service host. KubeSphere is using elastic as auditing store, "+
"if this filed left blank, KubeSphere will use kubernetes builtin event API instead, and"+
" the following elastic search options will be ignored.")
fs.StringVar(&s.IndexPrefix, "index-prefix", c.IndexPrefix, ""+
fs.StringVar(&s.IndexPrefix, "auditing-index-prefix", c.IndexPrefix, ""+
"Index name prefix. KubeSphere will retrieve auditing against indices matching the prefix.")
fs.StringVar(&s.Version, "elasticsearch-version", c.Version, ""+
fs.StringVar(&s.Version, "auditing-elasticsearch-version", c.Version, ""+
"Elasticsearch major version, e.g. 5/6/7, if left blank, will detect automatically."+
"Currently, minimum supported version is 5.x")
}

3
pkg/simple/client/auditing/interface.go
View File

@@ -38,7 +38,8 @@ type Filter struct {
SourceIpFuzzy []string
ObjectRefResources []string
ObjectRefSubresources []string
ResponseStatus []int32
ResponseCodes []int32
ResponseStatus []string
StartTime *time.Time
EndTime *time.Time
}