Merge pull request #33170 from soltysh/audit_improvements

Automatic merge from submit-queue Remove closing audit log file and add error check when writing to audit This picks the order fix from #33164. Additionally I've removed entirely closing the log file, since it didn't make sense where it was. I've also added error checks when actually writing to audit logs. @sttts ptal **1.4 justification:** Risk: the code only runs if auditing is enabled with an apiserver flag. So the risk is low. Rollback: nothing should depend on this Cost: the auditing feature is broken because the impersonation filter is applied before and you might not see the proper user when using `--as` flag. Additionally no errors are logged if writing to audit fails.
2016-09-22 05:06:33 -07:00 · 2016-09-22 05:06:33 -07:00 · aa935bb8a4
parent 5af04d1dd1 5873c2679c
commit aa935bb8a4
2 changed files with 11 additions and 4 deletions
--- a/pkg/apiserver/audit/audit.go
+++ b/pkg/apiserver/audit/audit.go
@ -24,6 +24,7 @@ import (
 	"net/http"
 	"time"

+	"github.com/golang/glog"
 	"github.com/pborman/uuid"

 	"k8s.io/kubernetes/pkg/apiserver"
@ -39,7 +40,11 @@ type auditResponseWriter struct {
 }

 func (a *auditResponseWriter) WriteHeader(code int) {
-	fmt.Fprintf(a.out, "%s AUDIT: id=%q response=\"%d\"\n", time.Now().Format(time.RFC3339Nano), a.id, code)
+	line := fmt.Sprintf("%s AUDIT: id=%q response=\"%d\"\n", time.Now().Format(time.RFC3339Nano), a.id, code)
+	if _, err := fmt.Fprint(a.out, line); err != nil {
+		glog.Errorf("Unable to write audit log: %s, the error is: %v", line, err)
+	}
+
 	a.ResponseWriter.WriteHeader(code)
 }

@ -92,8 +97,11 @@ func WithAudit(handler http.Handler, attributeGetter apiserver.RequestAttributeG
 		}
 		id := uuid.NewRandom().String()

-		fmt.Fprintf(out, "%s AUDIT: id=%q ip=%q method=%q user=%q as=%q namespace=%q uri=%q\n",
+		line := fmt.Sprintf("%s AUDIT: id=%q ip=%q method=%q user=%q as=%q namespace=%q uri=%q\n",
 			time.Now().Format(time.RFC3339Nano), id, utilnet.GetClientIP(req), req.Method, attribs.GetUser().GetName(), asuser, namespace, req.URL)
+		if _, err := fmt.Fprint(out, line); err != nil {
+			glog.Errorf("Unable to write audit log: %s, the error is: %v", line, err)
+		}
 		respWriter := decorateResponseWriter(w, out, id)
 		handler.ServeHTTP(respWriter, req)
 	})
--- a/pkg/genericapiserver/config.go
+++ b/pkg/genericapiserver/config.go
@ -377,6 +377,7 @@ func (c Config) New() (*GenericAPIServer, error) {

 	attributeGetter := apiserver.NewRequestAttributeGetter(c.RequestContextMapper, s.NewRequestInfoResolver())
 	handler = apiserver.WithAuthorizationCheck(handler, attributeGetter, c.Authorizer)
+	handler = apiserver.WithImpersonation(handler, c.RequestContextMapper, c.Authorizer)
 	if len(c.AuditLogPath) != 0 {
 		// audit handler must comes before the impersonationFilter to read the original user
 		writer := &lumberjack.Logger{
@ -386,9 +387,7 @@ func (c Config) New() (*GenericAPIServer, error) {
 			MaxSize:    c.AuditLogMaxSize,
 		}
 		handler = audit.WithAudit(handler, attributeGetter, writer)
-		defer writer.Close()
 	}
-	handler = apiserver.WithImpersonation(handler, c.RequestContextMapper, c.Authorizer)

 	// Install Authenticator
 	if c.Authenticator != nil {