diff --git a/staging/src/k8s.io/apiserver/pkg/apis/audit/types.go b/staging/src/k8s.io/apiserver/pkg/apis/audit/types.go index 0ca857678c..8e8770d008 100644 --- a/staging/src/k8s.io/apiserver/pkg/apis/audit/types.go +++ b/staging/src/k8s.io/apiserver/pkg/apis/audit/types.go @@ -100,8 +100,8 @@ type Event struct { // +optional ObjectRef *ObjectReference // The response status, populated even when the ResponseObject is not a Status type. - // For successful responses, this will only include the Code and StatusSuccess. - // For non-status type error responses, this will be auto-populated with the error Message. + // For successful responses, this will only include the Code. For non-status type + // error responses, this will be auto-populated with the error Message. // +optional ResponseStatus *metav1.Status diff --git a/staging/src/k8s.io/apiserver/pkg/audit/request.go b/staging/src/k8s.io/apiserver/pkg/audit/request.go index 4118d468af..0a1c088a7c 100644 --- a/staging/src/k8s.io/apiserver/pkg/audit/request.go +++ b/staging/src/k8s.io/apiserver/pkg/audit/request.go @@ -170,14 +170,16 @@ func LogRequestPatch(ae *audit.Event, patch []byte) { // LogResponseObject fills in the response object into an audit event. The passed runtime.Object // will be converted to the given gv. func LogResponseObject(ae *audit.Event, obj runtime.Object, gv schema.GroupVersion, s runtime.NegotiatedSerializer) { - if ae == nil || ae.Level.Less(audit.LevelRequestResponse) { + if ae == nil || ae.Level.Less(audit.LevelMetadata) { return } - if status, ok := obj.(*metav1.Status); ok { ae.ResponseStatus = status } + if ae.Level.Less(audit.LevelRequestResponse) { + return + } // TODO(audit): hook into the serializer to avoid double conversion var err error ae.ResponseObject, err = encodeObject(obj, gv, s)