Skip to content

Commit a86a82a

Browse files
ivelichkovichivelichkovich
authored
🌱 Enable audit logs for envtest-based unit tests if ARTIFACTS env var is set (#12847)
* add ability to enable audit logs for envtest * cleanup * dir format * fix lint
1 parent 8a02bd2 commit a86a82a

File tree

1 file changed

+49
-0
lines changed

1 file changed

+49
-0
lines changed

‎internal/test/envtest/environment.go‎

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -296,6 +296,37 @@ func newEnvironment(scheme *runtime.Scheme, additionalCRDDirectoryPaths []string
296296
WebhookInstallOptions: initWebhookInstallOptions(),
297297
}
298298

299+
// if ARTIFACTS is setup, configure apiserver audit logs to log to ARTIFACTS dir
300+
if os.Getenv("ARTIFACTS") != "" {
301+
_, packageFileName, _, _ := goruntime.Caller(2)
302+
relativePathPackageCallerFile, err := filepath.Rel(root, packageFileName)
303+
if err != nil {
304+
klog.Fatalf("unable to get relative path of calling package %+v", err)
305+
}
306+
307+
relativePathPackageCallerDir := filepath.Dir(relativePathPackageCallerFile)
308+
auditLogsDir := filepath.Join(os.Getenv("ARTIFACTS"), relativePathPackageCallerDir)
309+
auditLogsFilePath := filepath.Join(auditLogsDir, "apiserver-audit-logs")
310+
311+
if err = os.MkdirAll(auditLogsDir, 0750); err != nil {
312+
klog.Fatalf("failed to create audit logs dir: %+v", err)
313+
}
314+
315+
auditPolicyPath, err := writeAuditPolicy(auditLogsDir)
316+
if err != nil {
317+
klog.Fatalf("failed to write audit logs policy file: %+v", err)
318+
}
319+
320+
env.ControlPlane = envtest.ControlPlane{}
321+
env.ControlPlane.APIServer = &envtest.APIServer{}
322+
env.ControlPlane.APIServer.Configure().Set("audit-log-path", auditLogsFilePath)
323+
env.ControlPlane.APIServer.Configure().Set("audit-log-format", "json")
324+
env.ControlPlane.APIServer.Configure().Set("audit-policy-file", auditPolicyPath)
325+
env.ControlPlane.APIServer.Configure().Set("audit-log-maxage", "0")
326+
env.ControlPlane.APIServer.Configure().Set("audit-log-maxbackup", "0")
327+
env.ControlPlane.APIServer.Configure().Set("audit-log-maxsize", "0")
328+
}
329+
299330
if _, err := env.Start(); err != nil {
300331
err = kerrors.NewAggregate([]error{err, env.Stop()})
301332
panic(err)
@@ -405,6 +436,24 @@ func newEnvironment(scheme *runtime.Scheme, additionalCRDDirectoryPaths []string
405436
}
406437
}
407438

439+
func writeAuditPolicy(dir string) (string, error) {
440+
policyFile := filepath.Join(dir, "audit-policy.yaml")
441+
442+
policyYAML := []byte(`
443+
apiVersion: audit.k8s.io/v1
444+
kind: Policy
445+
rules:
446+
- level: RequestResponse
447+
resources:
448+
- resources: ["*"]
449+
`)
450+
451+
if err := os.WriteFile(policyFile, policyYAML, 0600); err != nil {
452+
return "", err
453+
}
454+
return policyFile, nil
455+
}
456+
408457
// start starts the manager.
409458
func (e *Environment) start(ctx context.Context) {
410459
go func() {

0 commit comments

Comments
 (0)