Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test/e2e/auth: fix audit log test format parsing #51560

Merged
merged 1 commit into from Sep 1, 2017
Merged

test/e2e/auth: fix audit log test format parsing #51560

merged 1 commit into from Sep 1, 2017

Conversation

ericchiang
Copy link
Contributor

Fixes #51556

NONE

cc @CaoShuFeng

Still need to figure out how to run this test locally.

@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Aug 29, 2017
@k8s-github-robot k8s-github-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. release-note-none Denotes a PR that doesn't merit a release note. labels Aug 29, 2017
liggitt
liggitt reviewed Aug 29, 2017
View reviewed changes
test/e2e/auth/audit.go Outdated
@@ -138,6 +139,26 @@ func expectAuditLines(f *framework.Framework, expected []auditEvent) {
}

func parseAuditLine(line string) (auditEvent, error) {
var e struct {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this struct not already defined in API types we can reference?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated to use the audit Event type.

ericchiang
ericchiang commented Aug 30, 2017
View reviewed changes
test/e2e/auth/audit.go
@@ -126,9 +124,6 @@ func expectAuditLines(f *framework.Framework, expected []auditEvent) {
if _, found := expectations[event]; found {
expectations[event] = true
}

// /version should not be audited (filtered in the policy).
Expect(event.uri).NotTo(HavePrefix("/version"))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed since non-resource URL requests are now tracked.

@ericchiang
Copy link
Contributor Author

Managed to run this locally with some local-up modifications and modifying the test to read a file on disk

[eric@localhost e2e]$ ginkgo -- --provider=local '--ginkgo.focus=\[Feature:Audit\]' --ginkgo.v --kubeconfig=/var/run/kubernetes/admin.kubeconfig
2017/08/29 17:02:39 proto: duplicate proto type registered: google.protobuf.Any
2017/08/29 17:02:39 proto: duplicate proto type registered: google.protobuf.Duration
2017/08/29 17:02:39 proto: duplicate proto type registered: google.protobuf.Timestamp
Aug 29 17:02:39.677: INFO: Overriding default scale value of zero to 1
Aug 29 17:02:39.677: INFO: Overriding default milliseconds value of zero to 5000
=== RUN   TestE2E
I0829 17:02:39.790684   27185 e2e.go:363] Starting e2e run "899fdff8-8d16-11e7-9443-54ee7553240e" on Ginkgo node 1
Running Suite: Kubernetes e2e suite
===================================
Random Seed: 1504051359 - Will randomize all specs
Will run 1 of 682 specs

Aug 29 17:02:39.833: INFO: >>> kubeConfig: /var/run/kubernetes/admin.kubeconfig
Aug 29 17:02:39.842: INFO: Waiting up to 4h0m0s for all (but 0) nodes to be schedulable
Aug 29 17:02:39.859: INFO: Waiting up to 10m0s for all pods (need at least 0) in namespace 'kube-system' to be running and ready
Aug 29 17:02:39.867: INFO: 1 / 1 pods in namespace 'kube-system' are running and ready (0 seconds elapsed)
Aug 29 17:02:39.867: INFO: expected 1 pod replicas in namespace 'kube-system', 1 are Running and Ready.
Aug 29 17:02:39.872: INFO: Waiting for pods to enter Success, but no pods in "kube-system" match label map[name:e2e-image-puller]
Aug 29 17:02:39.872: INFO: Dumping network health container logs from all nodes...
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
------------------------------
[sig-auth] Advanced Audit [Feature:Audit] 
  should audit API calls
  /home/eric/src/k8s.io/kubernetes/test/e2e/auth/audit.go:38
[BeforeEach] [sig-auth] Advanced Audit [Feature:Audit]
  /home/eric/src/k8s.io/kubernetes/test/e2e/framework/framework.go:141
STEP: Creating a kubernetes client
Aug 29 17:02:39.880: INFO: >>> kubeConfig: /var/run/kubernetes/admin.kubeconfig
STEP: Building a namespace api object
STEP: Waiting for a default service account to be provisioned in namespace
[It] should audit API calls
  /home/eric/src/k8s.io/kubernetes/test/e2e/auth/audit.go:38
Aug 29 17:02:43.930: INFO: Waiting for pod audit-pod to disappear
Aug 29 17:02:43.933: INFO: Pod audit-pod still exists
Aug 29 17:02:45.933: INFO: Waiting for pod audit-pod to disappear
Aug 29 17:02:45.936: INFO: Pod audit-pod still exists
Aug 29 17:02:47.933: INFO: Waiting for pod audit-pod to disappear
Aug 29 17:02:47.935: INFO: Pod audit-pod no longer exists
[AfterEach] [sig-auth] Advanced Audit [Feature:Audit]
  /home/eric/src/k8s.io/kubernetes/test/e2e/framework/framework.go:142
Aug 29 17:02:48.388: INFO: Waiting up to 3m0s for all (but 0) nodes to be ready
STEP: Destroying namespace "e2e-tests-audit-f9745" for this suite.
Aug 29 17:02:54.437: INFO: namespace: e2e-tests-audit-f9745, resource: bindings, ignored listing per whitelist
Aug 29 17:02:54.498: INFO: namespace e2e-tests-audit-f9745 deletion completed in 6.108438895s

• [SLOW TEST:14.618 seconds]
[sig-auth] Advanced Audit [Feature:Audit]
/home/eric/src/k8s.io/kubernetes/test/e2e/auth/framework.go:22
  should audit API calls
  /home/eric/src/k8s.io/kubernetes/test/e2e/auth/audit.go:38
------------------------------
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSAug 29 17:02:54.499: INFO: Running AfterSuite actions on all node
Aug 29 17:02:54.499: INFO: Running AfterSuite actions on node 1

Ran 1 of 682 Specs in 14.666 seconds
SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 681 Skipped --- PASS: TestE2E (14.71s)
PASS

@liggitt
Copy link
Member

liggitt commented Aug 30, 2017

LGTM. @sttts?

@CaoShuFeng
Copy link
Contributor

If we are in a hurry to fix this we can add --audit-log-format=legacy to api-server.
But I don't know where to put it. ref: #50971 (comment)

@ericchiang
Copy link
Contributor Author

I think this fix is fine. It supports both formats now, so it'll work regardless of the setup, which seems more ideal.

@CaoShuFeng
Copy link
Contributor

I think this fix is fine. It supports both formats now, so it'll work regardless of the setup, which seems more ideal.

Agree! Thanks.

@CaoShuFeng
Copy link
Contributor

/test pull-kubernetes-e2e-gce-bazel
/test pull-kubernetes-e2e-kops-aws

@ericchiang ericchiang added the kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. label Aug 30, 2017
@ericchiang ericchiang added this to the v1.8 milestone Aug 30, 2017
@sttts
Copy link
Contributor

sttts commented Aug 31, 2017

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 31, 2017
@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ericchiang, sttts

Associated issue: 51556

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 51632, 51055, 51676, 51560, 50007)

@k8s-github-robot k8s-github-robot merged commit 7da58e2 into kubernetes:master Sep 1, 2017
@ericchiang ericchiang deleted the fix-audit-log-test branch September 1, 2017 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liggitt liggitt liggitt left review comments

Assignees

@sttts sttts

@liggitt liggitt

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/audit cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v1.8
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@ericchiang @liggitt @CaoShuFeng @sttts @k8s-github-robot @k8s-ci-robot