/
audit.go
54 lines (46 loc) · 1.58 KB
/
audit.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
package configflags
import (
"io/ioutil"
"os"
"path/filepath"
"strconv"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
configv1 "github.com/openshift/api/config/v1"
)
const defaultAuditPolicyFilePath = "openshift.local.audit/policy.yaml"
func AuditFlags(c *configv1.AuditConfig, args map[string][]string) map[string][]string {
if !c.Enabled {
return args
}
auditPolicyFilePath := c.PolicyFile
if len(c.PolicyConfiguration.Raw) > 0 && string(c.PolicyConfiguration.Raw) != "null" {
if len(auditPolicyFilePath) == 0 {
auditPolicyFilePath = defaultAuditPolicyFilePath
}
if err := os.MkdirAll(filepath.Dir(auditPolicyFilePath), 0755); err != nil {
utilruntime.HandleError(err)
}
if err := ioutil.WriteFile(auditPolicyFilePath, c.PolicyConfiguration.Raw, 0644); err != nil {
utilruntime.HandleError(err)
}
}
SetIfUnset(args, "audit-log-maxbackup", strconv.Itoa(int(c.MaximumRetainedFiles)))
SetIfUnset(args, "audit-log-maxsize", strconv.Itoa(int(c.MaximumFileSizeMegabytes)))
SetIfUnset(args, "audit-log-maxage", strconv.Itoa(int(c.MaximumFileRetentionDays)))
auditFilePath := c.AuditFilePath
if len(auditFilePath) == 0 {
auditFilePath = "-"
}
SetIfUnset(args, "audit-log-path", auditFilePath)
if len(auditPolicyFilePath) > 0 {
SetIfUnset(args, "audit-policy-file", auditPolicyFilePath)
}
if len(c.LogFormat) > 0 {
SetIfUnset(args, "audit-log-format", string(c.LogFormat))
}
if len(c.WebHookMode) > 0 {
SetIfUnset(args, "audit-webhook-mode", string(c.WebHookMode))
}
SetIfUnset(args, "audit-webhook-config-file", string(c.WebHookKubeConfig))
return args
}