From 772360c8830b36dd2751c6f1f4de6ed79a6b9a44 Mon Sep 17 00:00:00 2001 From: davis-haba Date: Fri, 21 Oct 2022 15:13:23 -0700 Subject: [PATCH 1/2] add resource labels to audit logs Signed-off-by: davis-haba --- pkg/audit/manager.go | 5 +++-- pkg/logging/logging.go | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/pkg/audit/manager.go b/pkg/audit/manager.go index 3062c067870..52bcfe3b466 100644 --- a/pkg/audit/manager.go +++ b/pkg/audit/manager.go @@ -754,7 +754,7 @@ func (am *Manager) addAuditResponsesToUpdateLists( } totalViolationsPerEnforcementAction[ea]++ - logViolation(am.log, r.Constraint, ea, gvk, namespace, name, r.Msg, details) + logViolation(am.log, r.Constraint, ea, gvk, namespace, name, r.Msg, details, r.obj.GetLabels()) if *emitAuditEvents { emitEvent(r.Constraint, timestamp, ea, gvk, namespace, name, r.Msg, am.gkNamespace, am.eventRecorder) } @@ -1012,7 +1012,7 @@ func logConstraint(l logr.Logger, gvknn *util.KindVersionName, enforcementAction func logViolation(l logr.Logger, constraint *unstructured.Unstructured, - enforcementAction util.EnforcementAction, resourceGroupVersionKind schema.GroupVersionKind, rnamespace, rname, message string, details interface{}, + enforcementAction util.EnforcementAction, resourceGroupVersionKind schema.GroupVersionKind, rnamespace, rname, message string, details interface{}, rlabels map[string]string, ) { l.Info( message, @@ -1029,6 +1029,7 @@ func logViolation(l logr.Logger, logging.ResourceKind, resourceGroupVersionKind.Kind, logging.ResourceNamespace, rnamespace, logging.ResourceName, rname, + logging.ResourceLabels, rlabels, ) } diff --git a/pkg/logging/logging.go b/pkg/logging/logging.go index 9617fa20d45..685ac00c379 100644 --- a/pkg/logging/logging.go +++ b/pkg/logging/logging.go @@ -17,6 +17,7 @@ const ( ConstraintViolations = "constraint_violations" ResourceGroup = "resource_group" ResourceKind = "resource_kind" + ResourceLabels = "resource_labels" ResourceAPIVersion = "resource_api_version" ResourceNamespace = "resource_namespace" ResourceName = "resource_name" From b2a9f43e67f4f708a552bd48c880ec275efb8236 Mon Sep 17 00:00:00 2001 From: davis-haba Date: Tue, 25 Oct 2022 14:42:27 -0700 Subject: [PATCH 2/2] update audit docs with resource_labels example Signed-off-by: davis-haba --- website/docs/audit.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/website/docs/audit.md b/website/docs/audit.md index b5b381e5302..0963996219e 100644 --- a/website/docs/audit.md +++ b/website/docs/audit.md @@ -97,6 +97,10 @@ The audit pod emits JSON-formatted audit logs to stdout. The following is an exa "resource_kind": "Pod", "resource_namespace": "kube-system", "resource_name": "kube-scheduler-kind-control-plane" + "resource_labels": { + "env": "prod", + "my-app-system": "true" + } } ```