Skip to content

Commit

Permalink
WIP: Add user flag and log executed commands
Browse files Browse the repository at this point in the history
  • Loading branch information
spowelljr committed Jan 8, 2021
1 parent 857e0a2 commit 4a7ce31
Show file tree
Hide file tree
Showing 33 changed files with 150 additions and 0 deletions.
5 changes: 5 additions & 0 deletions cmd/minikube/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"path/filepath"
"runtime"
"strings"
"time"

"github.com/spf13/cobra"
"github.com/spf13/pflag"
Expand All @@ -31,6 +32,7 @@ import (
"k8s.io/kubectl/pkg/util/templates"
configCmd "k8s.io/minikube/cmd/minikube/cmd/config"
"k8s.io/minikube/pkg/drivers/kic/oci"
"k8s.io/minikube/pkg/minikube/audit"
"k8s.io/minikube/pkg/minikube/config"
"k8s.io/minikube/pkg/minikube/constants"
"k8s.io/minikube/pkg/minikube/exit"
Expand Down Expand Up @@ -68,6 +70,8 @@ var RootCmd = &cobra.Command{
// Execute adds all child commands to the root command sets flags appropriately.
// This is called by main.main(). It only needs to happen once to the rootCmd.
func Execute() {
defer audit.Log(time.Now())

_, callingCmd := filepath.Split(os.Args[0])

if callingCmd == "kubectl" {
Expand Down Expand Up @@ -170,6 +174,7 @@ func init() {

RootCmd.PersistentFlags().StringP(config.ProfileName, "p", constants.DefaultClusterName, `The name of the minikube VM being used. This can be set to allow having multiple instances of minikube independently.`)
RootCmd.PersistentFlags().StringP(configCmd.Bootstrapper, "b", "kubeadm", "The name of the cluster bootstrapper that will set up the Kubernetes cluster.")
RootCmd.PersistentFlags().String(config.User, "", "Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.")

groups := templates.CommandGroups{
{
Expand Down
56 changes: 56 additions & 0 deletions pkg/minikube/audit/audit.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
/*
Copyright 2020 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package audit

import (
"os"
"os/user"
"strings"
"time"

"github.com/spf13/viper"
"k8s.io/minikube/pkg/minikube/config"
"k8s.io/minikube/pkg/minikube/localpath"
"k8s.io/minikube/pkg/minikube/out/register"
)

// auditUser pulls the user flag, if empty gets the os user
func auditUser() string {
u := viper.GetString(config.User)
if u != "" {
return u
}
osUser, err := user.Current()
if err != nil {
return "UNKNOWN"
}
return osUser.Username
}

// auditArgs concats the args into space delimited string
func auditArgs() string {
if len(os.Args) < 3 {
return ""
}
return strings.Join(os.Args[2:], " ")
}

// Log details about the executed command
func Log(startTime time.Time) {
register.SetEventLogPath(localpath.EventLog("audit"))
register.RecordAudit(os.Args[1], auditArgs(), auditUser(), startTime, time.Now())
}
2 changes: 2 additions & 0 deletions pkg/minikube/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ const (
ShowDriverDeprecationNotification = "ShowDriverDeprecationNotification"
// ShowBootstrapperDeprecationNotification is the key for ShowBootstrapperDeprecationNotification
ShowBootstrapperDeprecationNotification = "ShowBootstrapperDeprecationNotification"
// User represents the key for the global user parameter
User = "user"
)

var (
Expand Down
8 changes: 8 additions & 0 deletions pkg/minikube/out/register/json.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ limitations under the License.

package register

import "time"

// PrintStep prints a Step type in JSON format
func PrintStep(message string) {
s := NewStep(message)
Expand Down Expand Up @@ -69,3 +71,9 @@ func PrintWarning(warning string) {
w := NewWarning(warning)
printAndRecordCloudEvent(w, w.data)
}

// RecordAudit records an Audit type in JSON format
func RecordAudit(command string, args string, user string, startTime time.Time, endTime time.Time) {
a := NewAudit(command, args, user, startTime, endTime)
recordCloudEvent(a, a.data)
}
24 changes: 24 additions & 0 deletions pkg/minikube/out/register/log.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package register
import (
"fmt"
"strings"
"time"
)

// Log represents the different types of logs that can be output as JSON
Expand Down Expand Up @@ -154,3 +155,26 @@ func NewErrorExitCode(err string, exitcode int, additionalData ...map[string]str
func (s *Error) Type() string {
return "io.k8s.sigs.minikube.error"
}

// Audit represents the execution of a command
type Audit struct {
data map[string]string
}

// Type returns the cloud events compatible type of this struct
func (a *Audit) Type() string {
return "io.k8s.sigs.minikube.audit"
}

// NewAudit returns a new audit type
func NewAudit(command string, args string, user string, startTime time.Time, endTime time.Time) *Audit {
return &Audit{
map[string]string{
"args": args,
"command": command,
"endTime": endTime.String(),
"startTime": startTime.String(),
"user": user,
},
}
}
7 changes: 7 additions & 0 deletions site/content/en/docs/commands/addons.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ minikube addons SUBCOMMAND [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down Expand Up @@ -67,6 +68,7 @@ minikube addons configure ADDON_NAME [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down Expand Up @@ -100,6 +102,7 @@ minikube addons disable ADDON_NAME [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down Expand Up @@ -133,6 +136,7 @@ minikube addons enable ADDON_NAME [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down Expand Up @@ -167,6 +171,7 @@ minikube addons help [command] [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down Expand Up @@ -206,6 +211,7 @@ minikube addons list [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down Expand Up @@ -249,6 +255,7 @@ minikube addons open ADDON_NAME [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down
6 changes: 6 additions & 0 deletions site/content/en/docs/commands/cache.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ Add, delete, or push a local image into minikube
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down Expand Up @@ -63,6 +64,7 @@ minikube cache add [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down Expand Up @@ -96,6 +98,7 @@ minikube cache delete [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down Expand Up @@ -130,6 +133,7 @@ minikube cache help [command] [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down Expand Up @@ -170,6 +174,7 @@ minikube cache list [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down Expand Up @@ -203,6 +208,7 @@ minikube cache reload [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down
1 change: 1 addition & 0 deletions site/content/en/docs/commands/completion.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ minikube completion SHELL [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down
7 changes: 7 additions & 0 deletions site/content/en/docs/commands/config.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ minikube config SUBCOMMAND [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down Expand Up @@ -106,6 +107,7 @@ minikube config defaults PROPERTY_NAME [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down Expand Up @@ -139,6 +141,7 @@ minikube config get PROPERTY_NAME [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down Expand Up @@ -173,6 +176,7 @@ minikube config help [command] [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down Expand Up @@ -207,6 +211,7 @@ minikube config set PROPERTY_NAME PROPERTY_VALUE [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down Expand Up @@ -240,6 +245,7 @@ minikube config unset PROPERTY_NAME [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down Expand Up @@ -280,6 +286,7 @@ minikube config view [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
Expand Down
Loading

0 comments on commit 4a7ce31

Please sign in to comment.