From 5873c2679cc7db3c7265fb00dceddb8bf475fcd4 Mon Sep 17 00:00:00 2001
From: Maciej Szulik <maszulik@redhat.com>
Date: Wed, 21 Sep 2016 15:23:38 +0200
Subject: [PATCH] Remove closing audit log file and add error check when
 writing to audit

---
 pkg/apiserver/audit/audit.go   | 12 ++++++++++--
 pkg/genericapiserver/config.go |  3 +--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/pkg/apiserver/audit/audit.go b/pkg/apiserver/audit/audit.go
index b2859014bc..63803d2203 100644
--- a/pkg/apiserver/audit/audit.go
+++ b/pkg/apiserver/audit/audit.go
@@ -24,6 +24,7 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/golang/glog"
 	"github.com/pborman/uuid"
 
 	"k8s.io/kubernetes/pkg/apiserver"
@@ -39,7 +40,11 @@ type auditResponseWriter struct {
 }
 
 func (a *auditResponseWriter) WriteHeader(code int) {
-	fmt.Fprintf(a.out, "%s AUDIT: id=%q response=\"%d\"\n", time.Now().Format(time.RFC3339Nano), a.id, code)
+	line := fmt.Sprintf("%s AUDIT: id=%q response=\"%d\"\n", time.Now().Format(time.RFC3339Nano), a.id, code)
+	if _, err := fmt.Fprint(a.out, line); err != nil {
+		glog.Errorf("Unable to write audit log: %s, the error is: %v", line, err)
+	}
+
 	a.ResponseWriter.WriteHeader(code)
 }
 
@@ -92,8 +97,11 @@ func WithAudit(handler http.Handler, attributeGetter apiserver.RequestAttributeG
 		}
 		id := uuid.NewRandom().String()
 
-		fmt.Fprintf(out, "%s AUDIT: id=%q ip=%q method=%q user=%q as=%q namespace=%q uri=%q\n",
+		line := fmt.Sprintf("%s AUDIT: id=%q ip=%q method=%q user=%q as=%q namespace=%q uri=%q\n",
 			time.Now().Format(time.RFC3339Nano), id, utilnet.GetClientIP(req), req.Method, attribs.GetUser().GetName(), asuser, namespace, req.URL)
+		if _, err := fmt.Fprint(out, line); err != nil {
+			glog.Errorf("Unable to write audit log: %s, the error is: %v", line, err)
+		}
 		respWriter := decorateResponseWriter(w, out, id)
 		handler.ServeHTTP(respWriter, req)
 	})
diff --git a/pkg/genericapiserver/config.go b/pkg/genericapiserver/config.go
index a1ab057c6c..f1b776928c 100644
--- a/pkg/genericapiserver/config.go
+++ b/pkg/genericapiserver/config.go
@@ -377,6 +377,7 @@ func (c Config) New() (*GenericAPIServer, error) {
 
 	attributeGetter := apiserver.NewRequestAttributeGetter(c.RequestContextMapper, s.NewRequestInfoResolver())
 	handler = apiserver.WithAuthorizationCheck(handler, attributeGetter, c.Authorizer)
+	handler = apiserver.WithImpersonation(handler, c.RequestContextMapper, c.Authorizer)
 	if len(c.AuditLogPath) != 0 {
 		// audit handler must comes before the impersonationFilter to read the original user
 		writer := &lumberjack.Logger{
@@ -386,9 +387,7 @@ func (c Config) New() (*GenericAPIServer, error) {
 			MaxSize:    c.AuditLogMaxSize,
 		}
 		handler = audit.WithAudit(handler, attributeGetter, writer)
-		defer writer.Close()
 	}
-	handler = apiserver.WithImpersonation(handler, c.RequestContextMapper, c.Authorizer)
 
 	// Install Authenticator
 	if c.Authenticator != nil {