Merge pull request #45315 from timstclair/audit-api
Automatic merge from submit-queue
Advanced audit logging API
This is an initial implementation of the API proposed in https://github.com/kubernetes/community/blob/master/contributors/design-proposals/auditing.md
This deviates from the exact API specified in the proposal in a number of ways. Here's a list of some of the changes I made, and why:
- General API conformance (`metav1.{Type,List}Meta`, +optional, etc.)
- Dropped fields that won't be part of the initial implementation (storage objects & filters), to be added later
- {Request,Response}Body -> {Request,Response}Object - This is actually what the proposal originally had, and will be much better for adding Filters later, and provides a less protocol-dependent API. Note that there is currently no way to include Response body for non-resource requests.
- Drop HttpMethod - redundant with verb
- Response{StatusCode,ErrorMessage} collapsed into `ResponseStatus *metav1.Status` - This is the standard response type for resourec errors, but can hold genereric error responses too. Note that this is part of the `Metadata` Level.
/cc @kubernetes/sig-auth-api-reviews @kubernetes/api-reviewers
Showing
This diff is collapsed.
Click to expand it.
This diff is collapsed.
Click to expand it.
This diff is collapsed.
Click to expand it.
This diff is collapsed.
Click to expand it.
This diff is collapsed.
Click to expand it.
This diff is collapsed.
Click to expand it.
This diff is collapsed.
Click to expand it.
This diff is collapsed.
Click to expand it.
This diff is collapsed.
Click to expand it.
This diff is collapsed.
Click to expand it.
This diff is collapsed.
Click to expand it.
This diff is collapsed.
Click to expand it.
This diff is collapsed.
Click to expand it.
Please
register
or
sign in
to comment