- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 12 for AddAuditAnnotation (0.18 sec)
-
staging/src/k8s.io/apiserver/pkg/audit/context_test.go
go func(i int) { AddAuditAnnotation(test.ctx, fmt.Sprintf(annotationKeyTemplate, i), annotationValue) wg.Done() }(i) } wg.Wait() test.validator(t, test.ctx) }) } } func TestAuditAnnotationsWithAuditLoggingSetup(t *testing.T) { // No audit context data in the request context ctx := context.Background() AddAuditAnnotation(ctx, "nil", "0")
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Jul 03 16:16:51 UTC 2023 - 5K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/audit/context.go
// as at that point the audit event has already been sent to the audit sink. // Handlers that are unaware of their position in the overall request flow should // prefer AddAuditAnnotation over LogAnnotation to avoid dropping annotations. func AddAuditAnnotation(ctx context.Context, key, value string) { ac := AuditContextFrom(ctx) if !ac.Enabled() { return } ac.annotationMutex.Lock() defer ac.annotationMutex.Unlock()
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Jul 03 16:16:51 UTC 2023 - 6.1K bytes - Viewed (0) -
pkg/serviceaccount/legacy.go
audit.AddAuditAnnotation(ctx, "authentication.k8s.io/legacy-token-autogenerated-secret", secret.Name) autoGeneratedTokensTotal.WithContext(ctx).Inc() break } } // Check if it's a manually created secret-based token if !autoGenerated { audit.AddAuditAnnotation(ctx, "authentication.k8s.io/legacy-token-manual-secret", secret.Name)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Nov 01 08:32:23 UTC 2023 - 8.4K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/authentication/token/cache/cached_token_authenticator_test.go
c := make(chan struct{}) a := New(authenticator.TokenFunc(func(ctx context.Context, token string) (*authenticator.Response, bool, error) { <-c atomic.AddUint32(&lookups, 1) audit.AddAuditAnnotation(ctx, "snorlax", "rocks") audit.AddAuditAnnotation(ctx, "pandas", "are amazing") return snorlax, true, nil }), false, time.Minute, 0) allAnnotations := make(chan map[string]string, 10) defer close(allAnnotations)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Jul 03 16:16:51 UTC 2023 - 20.3K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/endpoints/filters/authorization.go
audit.AddAuditAnnotations(ctx, decisionAnnotationKey, decisionAllow, reasonAnnotationKey, reason) handler.ServeHTTP(w, req) return } if err != nil { audit.AddAuditAnnotation(ctx, reasonAnnotationKey, reasonError) responsewriters.InternalError(w, req, err) return } klog.V(4).InfoS("Forbidden", "URI", req.RequestURI, "reason", reason) audit.AddAuditAnnotations(ctx,
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Apr 20 13:35:55 UTC 2023 - 3.8K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/authentication/token/cache/cached_token_authenticator.go
type cacheRecord struct { resp *authenticator.Response ok bool err error // this cache assumes token authn has no side-effects or temporal dependence. // neither of these are true for audit annotations set via AddAuditAnnotation. // // for audit annotations, the assumption is that for some period of time (cache TTL), // all requests with the same API audiences and the same bearer token result in the
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Jul 03 16:16:51 UTC 2023 - 9.8K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/server/config_test.go
authn := authenticator.RequestFunc(func(req *http.Request) (*authenticator.Response, bool, error) { // confirm that we can set an audit annotation in a handler before WithAudit audit.AddAuditAnnotation(req.Context(), "pandas", "are awesome") return &authenticator.Response{User: &user.DefaultInfo{}}, true, nil }) backend := &testBackend{} c := &Config{
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Apr 29 18:59:21 UTC 2024 - 13.1K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/util/x509metrics/server_cert_deprecations.go
if hostname := req.URL.Hostname(); len(hostname) > 0 { prefix := fmt.Sprintf("%s.invalid-cert.kubernetes.io", c.id) klog.Infof("%s: invalid certificate detected connecting to %q: %s", prefix, hostname, c.reason) audit.AddAuditAnnotation(req.Context(), prefix+"/"+hostname, c.reason) } } c.counter.Inc() } // NewDeprecatedCertificateRoundTripperWrapperConstructor returns a RoundTripper wrapper that's usable within ClientConfig.Wrap. //
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jul 26 17:14:05 UTC 2022 - 7.3K bytes - Viewed (0) -
pkg/serviceaccount/jwt.go
} tokenAudiences := authenticator.Audiences(public.Audience) if len(tokenAudiences) == 0 { // only apiserver audiences are allowed for legacy tokens audit.AddAuditAnnotation(ctx, "authentication.k8s.io/legacy-token", public.Subject) legacyTokensTotal.WithContext(ctx).Inc() tokenAudiences = j.implicitAuds } requestedAudiences, ok := authenticator.AudiencesFrom(ctx) if !ok {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Feb 27 22:16:08 UTC 2024 - 10.7K bytes - Viewed (0) -
pkg/registry/core/serviceaccount/storage/token.go
ExpirationTimestamp: metav1.Time{Time: nowTime.Add(time.Duration(out.Spec.ExpirationSeconds) * time.Second)}, } if utilfeature.DefaultFeatureGate.Enabled(features.ServiceAccountTokenJTI) && len(sc.ID) > 0 { audit.AddAuditAnnotation(ctx, serviceaccount.IssuedCredentialIDAuditAnnotationKey, serviceaccount.CredentialIDForJTI(sc.ID)) } return out, nil } func (r *TokenREST) GroupVersionKind(schema.GroupVersion) schema.GroupVersionKind {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Feb 05 10:24:31 UTC 2024 - 10K bytes - Viewed (0)