"Total number of messages sent since start",
		targetID)
)

// loadAuditMetrics - `MetricsLoaderFn` for audit
// such as failed messages and total messages.
func loadAuditMetrics(_ context.Context, m MetricValues, c *metricsCache) error {
	audit := logger.CurrentStats()
	for id, st := range audit {
		labels := []string{targetID, id}
		m.Set(auditFailedMessages, float64(st.FailedMessages), labels...)

type RequestAuditConfig struct {
	// Level at which the request is being audited at
	Level audit.Level

	// OmitStages is the stages that need to be omitted from being audited.
	OmitStages []audit.Stage

	// OmitManagedFields indicates whether to omit the managed fields of the request
	// and response bodies from being written to the API audit log.
	OmitManagedFields bool
}

// PolicyRuleEvaluator exposes methods for evaluating the policy rules.

	"k8s.io/apimachinery/pkg/runtime/serializer"
	auditinternal "k8s.io/apiserver/pkg/apis/audit"
	auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
	"k8s.io/apiserver/pkg/apis/audit/validation"
	"k8s.io/apiserver/pkg/audit"
	"k8s.io/klog/v2"
)

var (
	apiGroupVersions = []schema.GroupVersion{
		auditv1.SchemeGroupVersion,
	}
	apiGroupVersionSet = map[schema.GroupVersion]bool{}
)

func init() {

name: envoy.filters.http.rbac
typedConfig:
  '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC
  rules:
    action: LOG
    policies:
      ns[foo]-policy[audit-all]-rule[0]:
        permissions:
        - andRules:
            rules:
            - any: true
        principals:
        - andIds:
            ids:
            - any: true

name: envoy.filters.network.rbac
typedConfig:
  '@type': type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC
  rules:
    action: LOG
    policies:
      ns[foo]-policy[httpbin-audit]-rule[0]:
        permissions:
        - andRules:
            rules:
            - orRules:
                rules:
                - destinationPort: 80
            - notRule:
                orRules:
                  rules:

}

// CurrentStats returns the current statistics.
func CurrentStats() map[string]types.TargetStats {
	sys := SystemTargets()
	audit := AuditTargets()
	res := make(map[string]types.TargetStats, len(sys)+len(audit))
	cnt := make(map[string]int, len(sys)+len(audit))

	// Add system and audit.
	for _, t := range sys {
		key := strings.ToLower(t.Type().String())
		n := cnt[key]
		cnt[key]++

Harshavardhana <******@****.***> 1701446184 -0800

import (
	"strings"

	"k8s.io/apiserver/pkg/apis/audit"
	auditinternal "k8s.io/apiserver/pkg/audit"
	"k8s.io/apiserver/pkg/authorization/authorizer"
)

const (
	// DefaultAuditLevel is the default level to audit at, if no policy rules are matched.
	DefaultAuditLevel = audit.LevelNone
)

// NewPolicyRuleEvaluator creates a new policy rule evaluator.
func NewPolicyRuleEvaluator(policy *audit.Policy) auditinternal.PolicyRuleEvaluator {

				audit.Stage("RequestReceived"),
			},
		},
	}
	successCases := []audit.Policy{}
	for _, rule := range validRules {
		successCases = append(successCases, audit.Policy{Rules: []audit.PolicyRule{rule}})
	}
	successCases = append(successCases, audit.Policy{})                         // Empty policy is valid.
	successCases = append(successCases, audit.Policy{OmitStages: []audit.Stage{ // Policy with omitStages
		audit.Stage("RequestReceived")}})

			name: "user does not specify a value for Audit-ID in the request header",
			newAuditIDFunc: func() string {
				return "foo-bar-baz"
			},
			auditIDExpected: "foo-bar-baz",
		},
		{
			name:             "the value in Audit-ID request header is too large, should not be truncated",
			auditIDSpecified: largeAuditID,
			auditIDExpected:  largeAuditID,
		},
		{
			name: "the generated Audit-ID is too large, should not be truncated",