Add more config options; make optional config to pointer; add defaults for new options

Author: dergeberl

pkg/apis/audit/types.go

@@ -69,6 +69,7 @@ type AuditBackendClusterForwarding struct {
 	Enabled bool
 
 	// FilesystemBufferSize is the maximum disk space for the fluent-bit file system buffer.
+	// +optional
 	FilesystemBufferSize *string
 }
 
@@ -77,6 +78,7 @@ type AuditBackendSplunk struct {
 	Enabled bool
 
 	// FilesystemBufferSize is the maximum disk space for the fluent-bit file system buffer.
+	// +optional
 	FilesystemBufferSize *string
 
 	// Index is the splunk index that should be used.
@@ -111,6 +113,7 @@ type AuditBackendS3 struct {
 	Enabled bool
 
 	// FilesystemBufferSize is the maximum disk space for the fluent-bit file system buffer.
+	// +optional
 	FilesystemBufferSize *string
 
 	// Bucket is the S3 bucket name where audit logs will be stored.
@@ -119,9 +122,13 @@ type AuditBackendS3 struct {
 	// Region is the AWS region where the bucket is located.
 	Region string
 
-	// Prefix is the prefix (folder path) where audit logs will be stored in the bucket.
+	// Prefix is the prefix (folder path) where audit logs will be stored in the bucket. Defaults to "/audit-logs".
 	// +optional
-	Prefix string
+	Prefix *string
+
+	// S3KeyFormat is the folder structure in which the audit logs will be stored in the bucket. Defaults to "/%Y/%m/%d/%H/%M/%S/$UUID".
+	// +optional
+	S3KeyFormat *string
 
 	// SecretResourceName is a reference under Shoot.spec.resources to the secret used to authenticate against AWS.
 	// The referenced secret must contain:
@@ -131,9 +138,21 @@ type AuditBackendS3 struct {
 
 	// Endpoint is the custom S3 endpoint URL (optional, for S3-compatible storage).
 	// +optional
-	Endpoint string
+	Endpoint *string
 
 	// TlsEnabled determines whether TLS should be used to communicate with S3.
 	// +optional
-	TlsEnabled bool
+	TlsEnabled *bool
+
+	// TotalFileSize specify file size in S3. Minimum size is 1M, maximum size is 1G. Defaults to 100M.
+	// +optional
+	TotalFileSize *string
+
+	// UploadTimeout specify the amount of time in which the logs are uploaded and creates a new file in S3. Defaults to 10m.
+	// +optional
+	UploadTimeout *string
+
+	// UseCompression enables gzip compression for the S3 objects.
+	// +optional
+	UseCompression *bool
 }

pkg/apis/audit/v1alpha1/defaults.go

@@ -65,4 +65,24 @@ func defaultBackendS3(backend *AuditBackendS3) {
 	if backend.FilesystemBufferSize == nil {
 		backend.FilesystemBufferSize = pointer.Pointer("900M")
 	}
+
+	if backend.TlsEnabled == nil {
+		backend.TlsEnabled = pointer.Pointer(true)
+	}
+
+	if backend.TotalFileSize == nil {
+		backend.TotalFileSize = pointer.Pointer("100M")
+	}
+
+	if backend.UploadTimeout == nil {
+		backend.UploadTimeout = pointer.Pointer("10m")
+	}
+
+	if backend.Prefix == nil {
+		backend.Prefix = pointer.Pointer("/audit-logs")
+	}
+
+	if backend.S3KeyFormat == nil {
+		backend.S3KeyFormat = pointer.Pointer("/%Y/%m/%d/%H/%M/%S/$UUID")
+	}
 }

pkg/apis/audit/v1alpha1/types.go

@@ -92,13 +92,15 @@ type AuditBackendClusterForwarding struct {
 	Enabled bool `json:"enabled"`
 
 	// FilesystemBufferSize is the maximum disk space for the fluent-bit file system buffer.
+	// +optional
 	FilesystemBufferSize *string `json:"bufferSize,omitempty"`
 }
 type AuditBackendSplunk struct {
 	// Enabled allows to turn this backend on.
 	Enabled bool `json:"enabled"`
 
 	// FilesystemBufferSize is the maximum disk space for the fluent-bit file system buffer.
+	// +optional
 	FilesystemBufferSize *string `json:"bufferSize,omitempty"`
 
 	// Index is the splunk index that should be used.
@@ -134,6 +136,7 @@ type AuditBackendS3 struct {
 	Enabled bool `json:"enabled"`
 
 	// FilesystemBufferSize is the maximum disk space for the fluent-bit file system buffer.
+	// +optional
 	FilesystemBufferSize *string `json:"bufferSize,omitempty"`
 
 	// Bucket is the S3 bucket name where audit logs will be stored.
@@ -142,9 +145,13 @@ type AuditBackendS3 struct {
 	// Region is the AWS region where the bucket is located.
 	Region string `json:"region"`
 
-	// Prefix is the prefix (folder path) where audit logs will be stored in the bucket.
+	// Prefix is the prefix (folder path) where audit logs will be stored in the bucket. Defaults to "/audit-logs".
 	// +optional
-	Prefix string `json:"prefix,omitempty"`
+	Prefix *string `json:"prefix,omitempty"`
+
+	// S3KeyFormat is the folder structure in which the audit logs will be stored in the bucket. Defaults to "/%Y/%m/%d/%H/%M/%S/$UUID".
+	// +optional
+	S3KeyFormat *string `json:"s3KeyFormat,omitempty"`
 
 	// SecretResourceName is a reference under Shoot.spec.resources to the secret used to authenticate against AWS.
 	// The referenced secret must contain:
@@ -154,9 +161,21 @@ type AuditBackendS3 struct {
 
 	// Endpoint is the custom S3 endpoint URL (optional, for S3-compatible storage).
 	// +optional
-	Endpoint string `json:"endpoint,omitempty"`
+	Endpoint *string `json:"endpoint,omitempty"`
+
+	// TlsEnabled determines whether TLS should be used to communicate with S3. Defaults to "true".
+	// +optional
+	TlsEnabled *bool `json:"tlsEnabled,omitempty"`
+
+	// TotalFileSize specify file size in S3. Minimum size is 1M, maximum size is 1G. Defaults to 100M.
+	// +optional
+	TotalFileSize *string `json:"totalFileSize,omitempty"`
+
+	// UploadTimeout specify the amount of time in which the logs are uploaded and creates a new file in S3. Defaults to 10m.
+	// +optional
+	UploadTimeout *string `json:"uploadTimeout,omitempty"`
 
-	// TlsEnabled determines whether TLS should be used to communicate with S3.
+	// UseCompression enables gzip compression for the S3 objects.
 	// +optional
-	TlsEnabled bool `json:"tlsEnabled,omitempty"`
+	UseCompression *bool `json:"useCompression,omitempty"`
 }