71 lines
2.8 KiB
Go
71 lines
2.8 KiB
Go
/*
|
|
* Copyright 2024 the KubeSphere Authors.
|
|
* Please refer to the LICENSE file in the root directory of the project.
|
|
* https://github.com/kubesphere/kubesphere/blob/master/LICENSE
|
|
*/
|
|
|
|
package auditing
|
|
|
|
import (
|
|
"time"
|
|
|
|
"k8s.io/apiserver/pkg/apis/audit"
|
|
|
|
"github.com/spf13/pflag"
|
|
)
|
|
|
|
type WebhookOptions struct {
|
|
WebhookUrl string `json:"webhookUrl" yaml:"webhookUrl"`
|
|
// The maximum concurrent senders which send auditing events to the auditing webhook.
|
|
EventSendersNum int `json:"eventSendersNum" yaml:"eventSendersNum"`
|
|
}
|
|
|
|
type LogOptions struct {
|
|
Path string `json:"path" yaml:"path"`
|
|
MaxAge int `json:"maxAge" yaml:"maxAge"`
|
|
MaxBackups int `json:"maxBackups" yaml:"maxBackups"`
|
|
MaxSize int `json:"maxSize" yaml:"maxSize"`
|
|
}
|
|
|
|
type Options struct {
|
|
Enable bool `json:"enable" yaml:"enable"`
|
|
AuditLevel audit.Level `json:"auditLevel" yaml:"auditLevel"`
|
|
// The batch size of auditing events.
|
|
EventBatchSize int `json:"eventBatchSize" yaml:"eventBatchSize"`
|
|
// The batch interval of auditing events.
|
|
EventBatchInterval time.Duration `json:"eventBatchInterval" yaml:"eventBatchInterval"`
|
|
|
|
WebhookOptions WebhookOptions `json:"webhookOptions" yaml:"webhookOptions"`
|
|
LogOptions LogOptions `json:"logOptions" yaml:"logOptions"`
|
|
}
|
|
|
|
func NewAuditingOptions() *Options {
|
|
return &Options{}
|
|
}
|
|
|
|
func (s *Options) Validate() []error {
|
|
errs := make([]error, 0)
|
|
return errs
|
|
}
|
|
|
|
func (s *Options) AddFlags(fs *pflag.FlagSet, c *Options) {
|
|
fs.BoolVar(&s.Enable, "auditing-enabled", c.Enable, "Enable auditing component or not. ")
|
|
fs.IntVar(&s.EventBatchSize, "auditing-event-batch-size", c.EventBatchSize,
|
|
"The batch size of auditing events.")
|
|
fs.DurationVar(&s.EventBatchInterval, "auditing-event-batch-interval", c.EventBatchInterval,
|
|
"The batch interval of auditing events.")
|
|
|
|
fs.StringVar(&s.WebhookOptions.WebhookUrl, "auditing-webhook-url", c.WebhookOptions.WebhookUrl, "Auditing wehook url")
|
|
fs.IntVar(&s.WebhookOptions.EventSendersNum, "auditing-event-senders-num", c.WebhookOptions.EventSendersNum,
|
|
"The maximum concurrent senders which send auditing events to the auditing webhook.")
|
|
|
|
fs.StringVar(&s.LogOptions.Path, "audit-log-path", s.LogOptions.Path,
|
|
"If set, all requests coming to the apiserver will be logged to this file. '-' means standard out.")
|
|
fs.IntVar(&s.LogOptions.MaxAge, "audit-log-maxage", s.LogOptions.MaxAge,
|
|
"The maximum number of days to retain old audit log files based on the timestamp encoded in their filename.")
|
|
fs.IntVar(&s.LogOptions.MaxBackups, "audit-log-maxbackup", s.LogOptions.MaxBackups,
|
|
"The maximum number of old audit log files to retain. Setting a value of 0 will mean there's no restriction on the number of files.")
|
|
fs.IntVar(&s.LogOptions.MaxSize, "audit-log-maxsize", s.LogOptions.MaxSize,
|
|
"The maximum size in megabytes of the audit log file before it gets rotated.")
|
|
}
|