Skip to content

Commit 9550f50

Browse files
liggittliggitt
committed
Add audit annotation for requests to deprecated API endpoints
1 parent a17e297 commit 9550f50

File tree

2 files changed

+16
-0
lines changed

2 files changed

+16
-0
lines changed

staging/src/k8s.io/apiserver/pkg/endpoints/metrics/BUILD

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ go_library(
1515
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/validation:go_default_library",
1616
"//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
1717
"//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
18+
"//staging/src/k8s.io/apiserver/pkg/audit:go_default_library",
1819
"//staging/src/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
1920
"//staging/src/k8s.io/apiserver/pkg/features:go_default_library",
2021
"//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",

staging/src/k8s.io/apiserver/pkg/endpoints/metrics/metrics.go

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ import (
3131
"k8s.io/apimachinery/pkg/apis/meta/v1/validation"
3232
"k8s.io/apimachinery/pkg/types"
3333
utilsets "k8s.io/apimachinery/pkg/util/sets"
34+
"k8s.io/apiserver/pkg/audit"
3435
"k8s.io/apiserver/pkg/endpoints/request"
3536
"k8s.io/apiserver/pkg/features"
3637
utilfeature "k8s.io/apiserver/pkg/util/feature"
@@ -223,6 +224,16 @@ const (
223224
MutatingKind = "mutating"
224225
)
225226

227+
const (
228+
// deprecatedAnnotationKey is a key for an audit annotation set to
229+
// "true" on requests made to deprecated API versions
230+
deprecatedAnnotationKey = "k8s.io/deprecated"
231+
// removedReleaseAnnotationKey is a key for an audit annotation set to
232+
// the target removal release, in "<major>.<minor>" format,
233+
// on requests made to deprecated API versions with a target removal release
234+
removedReleaseAnnotationKey = "k8s.io/removed-release"
235+
)
236+
226237
var registerMetrics sync.Once
227238

228239
// Register all metrics.
@@ -306,6 +317,10 @@ func MonitorRequest(req *http.Request, verb, group, version, resource, subresour
306317
requestCounter.WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component, cleanContentType, codeToString(httpCode)).Inc()
307318
if deprecated {
308319
deprecatedRequestGauge.WithLabelValues(group, version, resource, subresource, removedRelease).Set(1)
320+
audit.AddAuditAnnotation(req.Context(), deprecatedAnnotationKey, "true")
321+
if len(removedRelease) > 0 {
322+
audit.AddAuditAnnotation(req.Context(), removedReleaseAnnotationKey, removedRelease)
323+
}
309324
}
310325
requestLatencies.WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component).Observe(elapsedSeconds)
311326
// We are only interested in response sizes of read requests.

0 commit comments

Comments
 (0)