Merge pull request kubernetes#52981 from CaoShuFeng/audit_v1beta2

Automatic merge from submit-queue (batch tested with PRs 53119, 53753, 53795, 52981). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. add RequestReceivedTimestamp and StageTimestamp to audit event fixes kubernetes#52160 **Release note**: ``` Add RequestReceivedTimestamp and StageTimestamp with micro seconds to audit events. ```
johnowennixon · Oct 12, 2017 · 6901fc3 · 6901fc3
2 parents 1289fac + b69285a
commit 6901fc3
Show file tree

Hide file tree

Showing 22 changed files with 778 additions and 211 deletions.
diff --git a/staging/src/k8s.io/apiserver/pkg/apis/audit/types.go b/staging/src/k8s.io/apiserver/pkg/apis/audit/types.go
@@ -77,15 +77,10 @@ const (
 // Event captures all the information that can be included in an API audit log.
 type Event struct {
 	metav1.TypeMeta
-	// ObjectMeta is included for interoperability with API infrastructure.
-	// +optional
-	metav1.ObjectMeta
 
 	// AuditLevel at which event was generated
 	Level Level
 
-	// Time the request reached the apiserver.
-	Timestamp metav1.Time
 	// Unique audit ID, generated for each request.
 	AuditID types.UID
 	// Stage of the request handling when this event instance was generated.
@@ -121,10 +116,15 @@ type Event struct {
 	// +optional
 	RequestObject *runtime.Unknown
 	// API object returned in the response, in JSON. The ResponseObject is recorded after conversion
-	// to the external type, and serialized as JSON.  Omitted for non-resource requests.  Only logged
+	// to the external type, and serialized as JSON. Omitted for non-resource requests.  Only logged
 	// at Response Level.
 	// +optional
 	ResponseObject *runtime.Unknown
+
+	// Time the request reached the apiserver.
+	RequestReceivedTimestamp metav1.MicroTime
+	// Time the request reached current audit stage.
+	StageTimestamp metav1.MicroTime
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

diff --git a/staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1/BUILD b/staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1/BUILD
@@ -54,6 +54,7 @@ go_test(
     srcs = ["conversion_test.go"],
     library = ":go_default_library",
     deps = [
+        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
         "//vendor/k8s.io/apiserver/pkg/apis/audit:go_default_library",

diff --git a/staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1/conversion.go b/staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1/conversion.go
@@ -19,6 +19,7 @@ package v1alpha1
 import (
 	"strings"
 
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/conversion"
 	"k8s.io/apiserver/pkg/apis/audit"
 )
@@ -52,3 +53,26 @@ func Convert_v1alpha1_ObjectReference_To_audit_ObjectReference(in *ObjectReferen
 	}
 	return nil
 }
+
+func Convert_v1alpha1_Event_To_audit_Event(in *Event, out *audit.Event, s conversion.Scope) error {
+	if err := autoConvert_v1alpha1_Event_To_audit_Event(in, out, s); err != nil {
+		return err
+	}
+	if out.StageTimestamp.IsZero() {
+		out.StageTimestamp = metav1.NewMicroTime(in.CreationTimestamp.Time)
+	}
+	if out.RequestReceivedTimestamp.IsZero() {
+		out.RequestReceivedTimestamp = metav1.NewMicroTime(in.Timestamp.Time)
+	}
+	return nil
+}
+
+func Convert_audit_Event_To_v1alpha1_Event(in *audit.Event, out *Event, s conversion.Scope) error {
+	if err := autoConvert_audit_Event_To_v1alpha1_Event(in, out, s); err != nil {
+		return err
+	}
+	out.CreationTimestamp = metav1.NewTime(in.StageTimestamp.Time)
+	out.Timestamp = metav1.NewTime(in.RequestReceivedTimestamp.Time)
+	return nil
+
+}
diff --git a/staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1/conversion_test.go b/staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1/conversion_test.go
@@ -19,7 +19,9 @@ package v1alpha1
 import (
 	"reflect"
 	"testing"
+	"time"
 
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	auditinternal "k8s.io/apiserver/pkg/apis/audit"
@@ -36,7 +38,7 @@ func init() {
 	RegisterConversions(scheme)
 }
 
-func TestConversion(t *testing.T) {
+func TestConversionObjectReference(t *testing.T) {
 	scheme.Log(t)
 
 	testcases := []struct {
@@ -92,3 +94,114 @@ func TestConversion(t *testing.T) {
 		})
 	}
 }
+
+func TestConversionEventToInternal(t *testing.T) {
+	scheme.Log(t)
+
+	time1 := time.Now()
+	time2 := time.Now()
+	testcases := []struct {
+		desc     string
+		old      *Event
+		expected *auditinternal.Event
+	}{
+		{
+			"StageTimestamp is empty",
+			&Event{
+				ObjectMeta: metav1.ObjectMeta{
+					CreationTimestamp: metav1.NewTime(time1),
+				},
+			},
+			&auditinternal.Event{
+				StageTimestamp: metav1.NewMicroTime(time1),
+			},
+		},
+		{
+			"StageTimestamp is not empty",
+			&Event{
+				ObjectMeta: metav1.ObjectMeta{
+					CreationTimestamp: metav1.NewTime(time1),
+				},
+				StageTimestamp: metav1.NewMicroTime(time2),
+			},
+			&auditinternal.Event{
+				StageTimestamp: metav1.NewMicroTime(time2),
+			},
+		},
+		{
+			"RequestReceivedTimestamp is empty",
+			&Event{
+				Timestamp: metav1.NewTime(time1),
+			},
+			&auditinternal.Event{
+				RequestReceivedTimestamp: metav1.NewMicroTime(time1),
+			},
+		},
+		{
+			"RequestReceivedTimestamp is not empty",
+			&Event{
+				Timestamp:                metav1.NewTime(time1),
+				RequestReceivedTimestamp: metav1.NewMicroTime(time2),
+			},
+			&auditinternal.Event{
+				RequestReceivedTimestamp: metav1.NewMicroTime(time2),
+			},
+		},
+	}
+	for _, tc := range testcases {
+		t.Run(tc.desc, func(t *testing.T) {
+			internal := &auditinternal.Event{}
+			if err := scheme.Convert(tc.old, internal, nil); err != nil {
+				t.Errorf("unexpected error: %v", err)
+			}
+			if !reflect.DeepEqual(internal, tc.expected) {
+				t.Errorf("expected\n\t%#v, got \n\t%#v", tc.expected, internal)
+			}
+		})
+	}
+}
+
+func TestConversionInternalToEvent(t *testing.T) {
+	scheme.Log(t)
+
+	now := time.Now()
+	testcases := []struct {
+		desc     string
+		old      *auditinternal.Event
+		expected *Event
+	}{
+		{
+			"convert stageTimestamp",
+			&auditinternal.Event{
+				StageTimestamp: metav1.NewMicroTime(now),
+			},
+			&Event{
+				ObjectMeta: metav1.ObjectMeta{
+					CreationTimestamp: metav1.NewTime(now),
+				},
+				StageTimestamp: metav1.NewMicroTime(now),
+			},
+		},
+		{
+			"convert RequestReceivedTimestamp",
+			&auditinternal.Event{
+				RequestReceivedTimestamp: metav1.NewMicroTime(now),
+			},
+			&Event{
+				Timestamp:                metav1.NewTime(now),
+				RequestReceivedTimestamp: metav1.NewMicroTime(now),
+			},
+		},
+	}
+	for _, tc := range testcases {
+		t.Run(tc.desc, func(t *testing.T) {
+			event := &Event{}
+			if err := scheme.Convert(tc.old, event, nil); err != nil {
+				t.Errorf("unexpected error: %v", err)
+			}
+			if !reflect.DeepEqual(event, tc.expected) {
+				t.Errorf("expected\n\t%#v, got \n\t%#v", tc.expected, event)
+			}
+		})
+	}
+}