From 5971f7dd92aaf149ff1d746deeaa1404b2b1aac4 Mon Sep 17 00:00:00 2001
From: Patrick Barker <patrickbarkerco@gmail.com>
Date: Fri, 4 Jan 2019 16:06:52 -0700
Subject: [PATCH 1/4] adds audit-proxy image for dynamic audit e2e test

---
 test/images/BUILD                  |  1 +
 test/images/audit-proxy/BUILD      | 35 +++++++++++++++
 test/images/audit-proxy/Dockerfile | 17 ++++++++
 test/images/audit-proxy/Makefile   | 26 +++++++++++
 test/images/audit-proxy/README.md  |  4 ++
 test/images/audit-proxy/VERSION    |  1 +
 test/images/audit-proxy/main.go    | 70 ++++++++++++++++++++++++++++++
 7 files changed, 154 insertions(+)
 create mode 100644 test/images/audit-proxy/BUILD
 create mode 100644 test/images/audit-proxy/Dockerfile
 create mode 100644 test/images/audit-proxy/Makefile
 create mode 100644 test/images/audit-proxy/README.md
 create mode 100644 test/images/audit-proxy/VERSION
 create mode 100644 test/images/audit-proxy/main.go

diff --git a/test/images/BUILD b/test/images/BUILD
index a7f93f6cf3..bf4e0b639b 100644
--- a/test/images/BUILD
+++ b/test/images/BUILD
@@ -12,6 +12,7 @@ filegroup(
     srcs = [
         ":package-srcs",
         "//test/images/apparmor-loader:all-srcs",
+        "//test/images/audit-proxy:all-srcs",
         "//test/images/crd-conversion-webhook:all-srcs",
         "//test/images/echoserver:all-srcs",
         "//test/images/entrypoint-tester:all-srcs",
diff --git a/test/images/audit-proxy/BUILD b/test/images/audit-proxy/BUILD
new file mode 100644
index 0000000000..20b59a8215
--- /dev/null
+++ b/test/images/audit-proxy/BUILD
@@ -0,0 +1,35 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["main.go"],
+    importpath = "k8s.io/kubernetes/test/images/audit-proxy",
+    visibility = ["//visibility:private"],
+    deps = [
+        "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/runtime/serializer/json:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/apis/audit/install:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/apis/audit/v1:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/audit:go_default_library",
+    ],
+)
+
+go_binary(
+    name = "audit-proxy",
+    embed = [":go_default_library"],
+    visibility = ["//visibility:public"],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
diff --git a/test/images/audit-proxy/Dockerfile b/test/images/audit-proxy/Dockerfile
new file mode 100644
index 0000000000..e200a839b4
--- /dev/null
+++ b/test/images/audit-proxy/Dockerfile
@@ -0,0 +1,17 @@
+# Copyright 2018 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM scratch
+COPY audit-proxy /
+ENTRYPOINT ["/audit-proxy"]
\ No newline at end of file
diff --git a/test/images/audit-proxy/Makefile b/test/images/audit-proxy/Makefile
new file mode 100644
index 0000000000..3657cc5746
--- /dev/null
+++ b/test/images/audit-proxy/Makefile
@@ -0,0 +1,26 @@
+# Copyright 2018 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+SRCS=audit-proxy
+ARCH ?= amd64
+TARGET ?= $(CURDIR)
+GOARM=7
+GOLANG_VERSION ?= latest
+SRC_DIR = $(notdir $(shell pwd))
+export
+
+bin:
+	../image-util.sh bin $(SRCS)
+
+.PHONY: bin
diff --git a/test/images/audit-proxy/README.md b/test/images/audit-proxy/README.md
new file mode 100644
index 0000000000..488d9b4176
--- /dev/null
+++ b/test/images/audit-proxy/README.md
@@ -0,0 +1,4 @@
+# Audit Proxy
+
+The audit proxy is used to test dynamic auditing. It listens on port 8080 for incoming audit events and 
+writes them in a uniform manner to stdout.
\ No newline at end of file
diff --git a/test/images/audit-proxy/VERSION b/test/images/audit-proxy/VERSION
new file mode 100644
index 0000000000..9f8e9b69a3
--- /dev/null
+++ b/test/images/audit-proxy/VERSION
@@ -0,0 +1 @@
+1.0
\ No newline at end of file
diff --git a/test/images/audit-proxy/main.go b/test/images/audit-proxy/main.go
new file mode 100644
index 0000000000..313a0b28c1
--- /dev/null
+++ b/test/images/audit-proxy/main.go
@@ -0,0 +1,70 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"io/ioutil"
+	"log"
+	"net/http"
+	"os"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/serializer/json"
+	auditinstall "k8s.io/apiserver/pkg/apis/audit/install"
+	auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
+	"k8s.io/apiserver/pkg/audit"
+)
+
+var (
+	events  = []auditv1.Event{}
+	encoder runtime.Encoder
+	decoder runtime.Decoder
+)
+
+func main() {
+	scheme := runtime.NewScheme()
+	auditinstall.Install(scheme)
+	serializer := json.NewSerializer(json.DefaultMetaFactory, scheme, scheme, false)
+	encoder = audit.Codecs.EncoderForVersion(serializer, auditv1.SchemeGroupVersion)
+	decoder = audit.Codecs.UniversalDecoder(auditv1.SchemeGroupVersion)
+
+	http.HandleFunc("/", handler)
+	log.Fatal(http.ListenAndServe(":8080", nil))
+}
+
+func handler(w http.ResponseWriter, req *http.Request) {
+	body, err := ioutil.ReadAll(req.Body)
+	if err != nil {
+		log.Fatalf("could not read request body: %v", err)
+	}
+	el := &auditv1.EventList{}
+
+	if err := runtime.DecodeInto(decoder, body, el); err != nil {
+		log.Fatalf("failed decoding buf: %b, apiVersion: %s", body, auditv1.SchemeGroupVersion)
+	}
+	defer req.Body.Close()
+
+	// write events to stdout
+	for _, event := range el.Items {
+		err := encoder.Encode(&event, os.Stdout)
+		if err != nil {
+			log.Fatalf("could not encode audit event: %v", err)
+		}
+	}
+	w.WriteHeader(http.StatusOK)
+	return
+}

From c1b4ec298f7a38877c4bda2fecc044134c27be8d Mon Sep 17 00:00:00 2001
From: Patrick Barker <patrickbarkerco@gmail.com>
Date: Mon, 7 Jan 2019 10:32:14 -0700
Subject: [PATCH 2/4] removes unneeded event var from audit-proxy image

---
 test/images/audit-proxy/main.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/test/images/audit-proxy/main.go b/test/images/audit-proxy/main.go
index 313a0b28c1..4cfc7cb3da 100644
--- a/test/images/audit-proxy/main.go
+++ b/test/images/audit-proxy/main.go
@@ -30,7 +30,6 @@ import (
 )
 
 var (
-	events  = []auditv1.Event{}
 	encoder runtime.Encoder
 	decoder runtime.Decoder
 )

From ef50829773fcd7a2b1654642d17319f18d3ca974 Mon Sep 17 00:00:00 2001
From: Patrick Barker <barkerp@vmware.com>
Date: Thu, 24 Jan 2019 10:54:36 -0700
Subject: [PATCH 3/4] adds newlines to audit proxy dockerfile and version file

---
 test/images/audit-proxy/Dockerfile | 2 +-
 test/images/audit-proxy/VERSION    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/images/audit-proxy/Dockerfile b/test/images/audit-proxy/Dockerfile
index e200a839b4..c5d927b07d 100644
--- a/test/images/audit-proxy/Dockerfile
+++ b/test/images/audit-proxy/Dockerfile
@@ -14,4 +14,4 @@
 
 FROM scratch
 COPY audit-proxy /
-ENTRYPOINT ["/audit-proxy"]
\ No newline at end of file
+ENTRYPOINT ["/audit-proxy"]
diff --git a/test/images/audit-proxy/VERSION b/test/images/audit-proxy/VERSION
index 9f8e9b69a3..d3827e75a5 100644
--- a/test/images/audit-proxy/VERSION
+++ b/test/images/audit-proxy/VERSION
@@ -1 +1 @@
-1.0
\ No newline at end of file
+1.0

From 451261f8c23fdbe527601557c9ef5404be4624c8 Mon Sep 17 00:00:00 2001
From: Patrick Barker <barkerp@vmware.com>
Date: Tue, 29 Jan 2019 13:34:42 -0700
Subject: [PATCH 4/4] returns 500 on error; updates header dates for audit
 proxy

---
 test/images/audit-proxy/Dockerfile |  2 +-
 test/images/audit-proxy/Makefile   |  2 +-
 test/images/audit-proxy/main.go    | 13 +++++++++----
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/test/images/audit-proxy/Dockerfile b/test/images/audit-proxy/Dockerfile
index c5d927b07d..7bbeb62b45 100644
--- a/test/images/audit-proxy/Dockerfile
+++ b/test/images/audit-proxy/Dockerfile
@@ -1,4 +1,4 @@
-# Copyright 2018 The Kubernetes Authors.
+# Copyright 2019 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
diff --git a/test/images/audit-proxy/Makefile b/test/images/audit-proxy/Makefile
index 3657cc5746..3f7976a459 100644
--- a/test/images/audit-proxy/Makefile
+++ b/test/images/audit-proxy/Makefile
@@ -1,4 +1,4 @@
-# Copyright 2018 The Kubernetes Authors.
+# Copyright 2019 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
diff --git a/test/images/audit-proxy/main.go b/test/images/audit-proxy/main.go
index 4cfc7cb3da..8438e5eda9 100644
--- a/test/images/audit-proxy/main.go
+++ b/test/images/audit-proxy/main.go
@@ -48,12 +48,16 @@ func main() {
 func handler(w http.ResponseWriter, req *http.Request) {
 	body, err := ioutil.ReadAll(req.Body)
 	if err != nil {
-		log.Fatalf("could not read request body: %v", err)
+		log.Printf("could not read request body: %v", err)
+		w.WriteHeader(http.StatusInternalServerError)
+		return
 	}
 	el := &auditv1.EventList{}
 
 	if err := runtime.DecodeInto(decoder, body, el); err != nil {
-		log.Fatalf("failed decoding buf: %b, apiVersion: %s", body, auditv1.SchemeGroupVersion)
+		log.Printf("failed decoding buf: %b, apiVersion: %s", body, auditv1.SchemeGroupVersion)
+		w.WriteHeader(http.StatusInternalServerError)
+		return
 	}
 	defer req.Body.Close()
 
@@ -61,9 +65,10 @@ func handler(w http.ResponseWriter, req *http.Request) {
 	for _, event := range el.Items {
 		err := encoder.Encode(&event, os.Stdout)
 		if err != nil {
-			log.Fatalf("could not encode audit event: %v", err)
+			log.Printf("could not encode audit event: %v", err)
+			w.WriteHeader(http.StatusInternalServerError)
+			return
 		}
 	}
 	w.WriteHeader(http.StatusOK)
-	return
 }