-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
apiserver/httplog: pretty up impersonation output #119795
apiserver/httplog: pretty up impersonation output #119795
Conversation
Please note that we're already in Test Freeze for the Fast forwards are scheduled to happen every 6 hours, whereas the most recent run was: Mon Aug 7 04:30:46 UTC 2023. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sttts The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
staging/src/k8s.io/apiserver/pkg/endpoints/filters/impersonation.go
Outdated
Show resolved
Hide resolved
@@ -183,6 +183,23 @@ func WithImpersonation(handler http.Handler, a authorizer.Authorizer, s runtime. | |||
}) | |||
} | |||
|
|||
func userString(u user.Info) string { | |||
if u == nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
are you sure u
will be nil
? Maybe we could pass/use the second arg from the request.UserFrom
? (line 166).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's never nil in practice. So I think whatever we do here is fine.
fcc6fa4
to
db9cbf9
Compare
return "<none>" | ||
} | ||
b := strings.Builder{} | ||
b.WriteString(u.GetName()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we have to consider cases where a user name is empty?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
of course that's not documented in the struct :)
db9cbf9
to
b1871cf
Compare
/lgtm |
LGTM label has been added. Git tree hash: 3340ca563d608d2f9dae6f631492df53bc6156d0
|
``` I0807 09:09:16.419239 1 httplog.go:132] "HTTP" verb="GET" URI="/apis/batch/v1?timeout=32s" latency="214.666µs" userAgent="kubernetes-provider/v0.0.0 (linux/arm64) kubernetes/$Format" audit-ID="948ef6b2-474d-45a7-ad5f-894ce93d05f7" srcIP="192.168.139.202:35542" apf_pl="exempt" apf_fs="exempt" apf_execution_time="129.5µs" resp=200 addedInfo=< &{kubernetes-admin [system:masters system:authenticated] map[]} is acting as &{foo [system:authenticated] map[]} > ``` to ``` I0807 09:09:16.419239 1 httplog.go:132] "HTTP" verb="GET" URI="/apis/batch/v1?timeout=32s" latency="214.666µs" userAgent="kubernetes-provider/v0.0.0 (linux/arm64) kubernetes/$Format" audit-ID="948ef6b2-474d-45a7-ad5f-894ce93d05f7" srcIP="192.168.139.202:35542" apf_pl="exempt" apf_fs="exempt" apf_execution_time="129.5µs" resp=200 addedInfo="kubernetes-admin[system:masters system:authenticated] is impersonating foo[system:authenticated]" ``` Signed-off-by: Dr. Stefan Schimanski <[email protected]>
b1871cf
to
37730c0
Compare
/lgtm |
LGTM label has been added. Git tree hash: 0cd7e02ac1368cd27bdc552f9bdf292c13ad48ce
|
/triage accepted |
to
What type of PR is this?
/kind cleanup