kubernetes
/
minikube
mirror of https://github.com/kubernetes/minikube.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #10106 from spowelljr/userFlag 

Add new flag --user and to log executed commands
pull/10293/head
Medya Ghazizadeh 2021-01-26 15:44:58 -08:00 committed by GitHub
parent c636bfe7de 44e3aedaa6
commit 597091d84b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
41 changed files with 506 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
cmd/minikube/cmd/root.go
View File

@ -23,6 +23,7 @@ import (
"path/filepath"
"runtime"
"strings"
"time"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
@ -31,10 +32,12 @@ import (
"k8s.io/kubectl/pkg/util/templates"
configCmd "k8s.io/minikube/cmd/minikube/cmd/config"
"k8s.io/minikube/pkg/drivers/kic/oci"
"k8s.io/minikube/pkg/minikube/audit"
"k8s.io/minikube/pkg/minikube/config"
"k8s.io/minikube/pkg/minikube/constants"
"k8s.io/minikube/pkg/minikube/exit"
"k8s.io/minikube/pkg/minikube/localpath"
"k8s.io/minikube/pkg/minikube/out"
"k8s.io/minikube/pkg/minikube/reason"
"k8s.io/minikube/pkg/minikube/translate"
)
@ -62,12 +65,19 @@ var RootCmd = &cobra.Command{
exit.Error(reason.HostHomeMkdir, "Error creating minikube directory", err)
}
}
userName := viper.GetString(config.UserFlag)
if !validateUsername(userName) {
out.WarningT("User name '{{.username}}' is not valid", out.V{"username": userName})
exit.Message(reason.Usage, "User name must be 60 chars or less.")
}
},
}
// Execute adds all child commands to the root command sets flags appropriately.
// This is called by main.main(). It only needs to happen once to the rootCmd.
func Execute() {
defer audit.Log(time.Now())
_, callingCmd := filepath.Split(os.Args[0])
if callingCmd == "kubectl" {
@ -170,6 +180,7 @@ func init() {
RootCmd.PersistentFlags().StringP(config.ProfileName, "p", constants.DefaultClusterName, `The name of the minikube VM being used. This can be set to allow having multiple instances of minikube independently.`)
RootCmd.PersistentFlags().StringP(configCmd.Bootstrapper, "b", "kubeadm", "The name of the cluster bootstrapper that will set up the Kubernetes cluster.")
RootCmd.PersistentFlags().String(config.UserFlag, "", "Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.")
groups := templates.CommandGroups{
{
@ -280,3 +291,7 @@ func addToPath(dir string) {
klog.Infof("Updating PATH: %s", dir)
os.Setenv("PATH", new)
}
func validateUsername(name string) bool {
return len(name) <= 60
}

78
pkg/minikube/audit/audit.go Normal file
View File

@ -0,0 +1,78 @@
/*
Copyright 2020 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package audit
import (
"os"
"os/user"
"strings"
"time"
"github.com/spf13/viper"
"k8s.io/klog"
"k8s.io/minikube/pkg/minikube/config"
)
// userName pulls the user flag, if empty gets the os username.
func userName() string {
u := viper.GetString(config.UserFlag)
if u != "" {
return u
}
osUser, err := user.Current()
if err != nil {
return "UNKNOWN"
}
return osUser.Username
}
// args concats the args into space delimited string.
func args() string {
// first arg is binary and second is command, anything beyond is a minikube arg
if len(os.Args) < 3 {
return ""
}
return strings.Join(os.Args[2:], " ")
}
// Log details about the executed command.
func Log(startTime time.Time) {
if !shouldLog() {
return
}
e := newEntry(os.Args[1], args(), userName(), startTime, time.Now())
if err := appendToLog(e); err != nil {
klog.Error(err)
}
}
// shouldLog returns if the command should be logged.
func shouldLog() bool {
// commands that should not be logged.
no := []string{"status", "version"}
// in rare chance we get here without a command, don't log
if len(os.Args) < 2 {
return false
}
a := os.Args[1]
for _, c := range no {
if a == c {
return false
}
}
return true
}

129
pkg/minikube/audit/audit_test.go Normal file
View File

@ -0,0 +1,129 @@
/*
Copyright 2020 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package audit
import (
"os"
"os/user"
"testing"
"github.com/spf13/viper"
"k8s.io/minikube/pkg/minikube/config"
)
func TestAudit(t *testing.T) {
t.Run("Username", func(t *testing.T) {
u, err := user.Current()
if err != nil {
t.Fatal(err)
}
tests := []struct {
userFlag string
want string
}{
{
"testUser",
"testUser",
},
{
"",
u.Username,
},
}
for _, test := range tests {
viper.Set(config.UserFlag, test.userFlag)
got := userName()
if got != test.want {
t.Errorf("userFlag = %q; username() = %q; want %q", test.userFlag, got, test.want)
}
}
})
t.Run("Args", func(t *testing.T) {
oldArgs := os.Args
defer func() { os.Args = oldArgs }()
tests := []struct {
args []string
want string
}{
{
[]string{"minikube", "start"},
"",
},
{
[]string{"minikube", "start", "--user", "testUser"},
"--user testUser",
},
}
for _, test := range tests {
os.Args = test.args
got := args()
if got != test.want {
t.Errorf("os.Args = %q; args() = %q; want %q", os.Args, got, test.want)
}
}
})
t.Run("ShouldLog", func(t *testing.T) {
oldArgs := os.Args
defer func() { os.Args = oldArgs }()
tests := []struct {
args []string
want bool
}{
{
[]string{"minikube", "start"},
true,
},
{
[]string{"minikube", "delete"},
true,
},
{
[]string{"minikube", "status"},
false,
},
{
[]string{"minikube", "version"},
false,
},
{
[]string{"minikube"},
false,
},
}
for _, test := range tests {
os.Args = test.args
got := shouldLog()
if got != test.want {
t.Errorf("os.Args = %q; shouldLog() = %t; want %t", os.Args, got, test.want)
}
}
})
}

49
pkg/minikube/audit/entry.go Normal file
View File

@ -0,0 +1,49 @@
/*
Copyright 2020 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package audit
import (
"time"
"github.com/spf13/viper"
"k8s.io/minikube/pkg/minikube/config"
"k8s.io/minikube/pkg/minikube/constants"
)
// entry represents the execution of a command.
type entry struct {
data map[string]string
}
// Type returns the cloud events compatible type of this struct.
func (e *entry) Type() string {
return "io.k8s.sigs.minikube.audit"
}
// newEntry returns a new audit type.
func newEntry(command string, args string, user string, startTime time.Time, endTime time.Time) *entry {
return &entry{
map[string]string{
"args": args,
"command": command,
"endTime": endTime.Format(constants.TimeFormat),
"profile": viper.GetString(config.ProfileName),
"startTime": startTime.Format(constants.TimeFormat),
"user": user,
},
}
}

57
pkg/minikube/audit/logFile.go Normal file
View File

@ -0,0 +1,57 @@
/*
Copyright 2020 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package audit
import (
"fmt"
"os"
"k8s.io/minikube/pkg/minikube/localpath"
"k8s.io/minikube/pkg/minikube/out/register"
)
// currentLogFile the file that's used to store audit logs
var currentLogFile *os.File
// setLogFile sets the logPath and creates the log file if it doesn't exist.
func setLogFile() error {
lp := localpath.AuditLog()
f, err := os.OpenFile(lp, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
if err != nil {
return fmt.Errorf("unable to open %s: %v", lp, err)
}
currentLogFile = f
return nil
}
// appendToLog appends the audit entry to the log file.
func appendToLog(entry *entry) error {
if currentLogFile == nil {
if err := setLogFile(); err != nil {
return err
}
}
e := register.CloudEvent(entry, entry.data)
bs, err := e.MarshalJSON()
if err != nil {
return fmt.Errorf("error marshalling event: %v", err)
}
if _, err := currentLogFile.WriteString(string(bs) + "\n"); err != nil {
return fmt.Errorf("unable to write to audit log: %v", err)
}
return nil
}

55
pkg/minikube/audit/logFile_test.go Normal file
View File

@ -0,0 +1,55 @@
/*
Copyright 2020 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package audit
import (
"io"
"io/ioutil"
"os"
"testing"
"time"
)
func TestLogFile(t *testing.T) {
t.Run("SetLogFile", func(t *testing.T) {
if err := setLogFile(); err != nil {
t.Error(err)
}
})
t.Run("AppendToLog", func(t *testing.T) {
f, err := ioutil.TempFile("", "audit.json")
if err != nil {
t.Fatalf("Error creating temporary file: %v", err)
}
defer os.Remove(f.Name())
oldLogFile := *currentLogFile
defer func() { currentLogFile = &oldLogFile }()
currentLogFile = f
e := newEntry("start", "-v", "user1", time.Now(), time.Now())
if err := appendToLog(e); err != nil {
t.Fatalf("Error appendingToLog: %v", err)
}
b := make([]byte, 100)
if _, err := f.Read(b); err != nil && err != io.EOF {
t.Errorf("Log was not appended to file: %v", err)
}
})
}

2
pkg/minikube/config/config.go
View File

@ -48,6 +48,8 @@ const (
ShowDriverDeprecationNotification = "ShowDriverDeprecationNotification"
// ShowBootstrapperDeprecationNotification is the key for ShowBootstrapperDeprecationNotification
ShowBootstrapperDeprecationNotification = "ShowBootstrapperDeprecationNotification"
// UserFlag is the key for the global user flag (ex. --user=user1)
UserFlag = "user"
)
var (

4
pkg/minikube/constants/constants.go
View File

@ -19,6 +19,7 @@ package constants
import (
"errors"
"path/filepath"
"time"
"k8s.io/client-go/tools/clientcmd"
"k8s.io/client-go/util/homedir"
@ -98,6 +99,9 @@ const (
// ExistingContainerHostEnv is used to save original podman environment
ExistingContainerHostEnv = MinikubeExistingPrefix + "CONTAINER_HOST"
// TimeFormat is the format that should be used when outputting time
TimeFormat = time.RFC1123
)
var (

7
pkg/minikube/localpath/localpath.go
View File

@ -63,10 +63,17 @@ func Profile(name string) string {
}
// EventLog returns the path to a CloudEvents log
// This log contains the transient state of minikube and the completed steps on start.
func EventLog(name string) string {
return filepath.Join(Profile(name), "events.json")
}
// AuditLog returns the path to the audit log.
// This log contains a history of commands run, by who, when, and what arguments.
func AuditLog() string {
return filepath.Join(MiniPath(), "logs", "audit.json")
}
// ClientCert returns client certificate path, used by kubeconfig
func ClientCert(name string) string {
new := filepath.Join(Profile(name), "client.crt")

10
pkg/minikube/out/register/cloud_events.go
View File

@ -63,8 +63,8 @@ func SetEventLogPath(path string) {
eventFile = f
}
// cloudEvent creates a CloudEvent from a log object & associated data
func cloudEvent(log Log, data map[string]string) cloudevents.Event {
// CloudEvent creates a CloudEvent from a log object & associated data
func CloudEvent(log Log, data map[string]string) cloudevents.Event {
event := cloudevents.NewEvent()
event.SetSource("https://minikube.sigs.k8s.io/")
event.SetType(log.Type())
@ -78,7 +78,7 @@ func cloudEvent(log Log, data map[string]string) cloudevents.Event {
// print JSON output to configured writer
func printAsCloudEvent(log Log, data map[string]string) {
event := cloudEvent(log, data)
event := CloudEvent(log, data)
bs, err := event.MarshalJSON()
if err != nil {
@ -90,7 +90,7 @@ func printAsCloudEvent(log Log, data map[string]string) {
// print JSON output to configured writer, and record it to disk
func printAndRecordCloudEvent(log Log, data map[string]string) {
event := cloudEvent(log, data)
event := CloudEvent(log, data)
bs, err := event.MarshalJSON()
if err != nil {
@ -118,7 +118,7 @@ func recordCloudEvent(log Log, data map[string]string) {
}
go func() {
event := cloudEvent(log, data)
event := CloudEvent(log, data)
bs, err := event.MarshalJSON()
if err != nil {
klog.Errorf("error marshalling event: %v", err)

7
site/content/en/docs/commands/addons.md
View File

@ -34,6 +34,7 @@ minikube addons SUBCOMMAND [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -67,6 +68,7 @@ minikube addons configure ADDON_NAME [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -100,6 +102,7 @@ minikube addons disable ADDON_NAME [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -133,6 +136,7 @@ minikube addons enable ADDON_NAME [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -167,6 +171,7 @@ minikube addons help [command] [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -206,6 +211,7 @@ minikube addons list [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -249,6 +255,7 @@ minikube addons open ADDON_NAME [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

6
site/content/en/docs/commands/cache.md
View File

@ -30,6 +30,7 @@ Add, delete, or push a local image into minikube
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -63,6 +64,7 @@ minikube cache add [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -96,6 +98,7 @@ minikube cache delete [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -130,6 +133,7 @@ minikube cache help [command] [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -170,6 +174,7 @@ minikube cache list [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -203,6 +208,7 @@ minikube cache reload [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/completion.md
View File

@ -55,6 +55,7 @@ minikube completion SHELL [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

7
site/content/en/docs/commands/config.md
View File

@ -64,6 +64,7 @@ minikube config SUBCOMMAND [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -106,6 +107,7 @@ minikube config defaults PROPERTY_NAME [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -139,6 +141,7 @@ minikube config get PROPERTY_NAME [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -173,6 +176,7 @@ minikube config help [command] [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -207,6 +211,7 @@ minikube config set PROPERTY_NAME PROPERTY_VALUE [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -240,6 +245,7 @@ minikube config unset PROPERTY_NAME [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -280,6 +286,7 @@ minikube config view [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/dashboard.md
View File

@ -40,6 +40,7 @@ minikube dashboard [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/delete.md
View File

@ -42,6 +42,7 @@ minikube delete [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/docker-env.md
View File

@ -44,6 +44,7 @@ minikube docker-env [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/help.md
View File

@ -35,6 +35,7 @@ minikube help [command] [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/ip.md
View File

@ -40,6 +40,7 @@ minikube ip [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/kubectl.md
View File

@ -38,6 +38,7 @@ minikube kubectl [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/logs.md
View File

@ -43,6 +43,7 @@ minikube logs [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/mount.md
View File

@ -48,6 +48,7 @@ minikube mount [flags] <source directory>:<target directory>
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

7
site/content/en/docs/commands/node.md
View File

@ -34,6 +34,7 @@ minikube node [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -75,6 +76,7 @@ minikube node add [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -108,6 +110,7 @@ minikube node delete [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -142,6 +145,7 @@ minikube node help [command] [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -175,6 +179,7 @@ minikube node list [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -214,6 +219,7 @@ minikube node start [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -247,6 +253,7 @@ minikube node stop [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/pause.md
View File

@ -42,6 +42,7 @@ minikube pause [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/podman-env.md
View File

@ -41,6 +41,7 @@ minikube podman-env [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

3
site/content/en/docs/commands/profile.md
View File

@ -34,6 +34,7 @@ minikube profile [MINIKUBE_PROFILE_NAME]. You can return to the default minikub
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -68,6 +69,7 @@ minikube profile help [command] [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -107,6 +109,7 @@ minikube profile list [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

3
site/content/en/docs/commands/service.md
View File

@ -45,6 +45,7 @@ minikube service [flags] SERVICE
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -80,6 +81,7 @@ minikube service help [command] [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```
@ -120,6 +122,7 @@ minikube service list [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/ssh-host.md
View File

@ -41,6 +41,7 @@ minikube ssh-host [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/ssh-key.md
View File

@ -40,6 +40,7 @@ minikube ssh-key [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/ssh.md
View File

@ -41,6 +41,7 @@ minikube ssh [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/start.md
View File

@ -117,6 +117,7 @@ minikube start [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/status.md
View File

@ -47,6 +47,7 @@ minikube status [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/stop.md
View File

@ -44,6 +44,7 @@ minikube stop [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/tunnel.md
View File

@ -40,6 +40,7 @@ minikube tunnel [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/unpause.md
View File

@ -42,6 +42,7 @@ minikube unpause [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/update-check.md
View File

@ -34,6 +34,7 @@ minikube update-check [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/update-context.md
View File

@ -35,6 +35,7 @@ minikube update-context [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

1
site/content/en/docs/commands/version.md
View File

@ -41,6 +41,7 @@ minikube version [flags]
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--user string Specifies the user executing the operation. Useful for auditing operations executed by 3rd party tools. Defaults to the operating system username.
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
```

19
test/integration/functional_test.go
View File

@ -243,6 +243,16 @@ func validateStartWithProxy(ctx context.Context, t *testing.T, profile string) {
if !strings.Contains(rr.Stderr.String(), want) {
t.Errorf("start stderr=%s, want: *%s*", rr.Stderr.String(), want)
}
t.Run("Audit", func(t *testing.T) {
got, err := auditContains(profile)
if err != nil {
t.Fatalf("failed to check audit log: %v", err)
}
if !got {
t.Errorf("audit.json does not contain the profile %q", profile)
}
})
}
// validateSoftStart validates that after minikube already started, a "minikube start" should not change the configs.
@ -276,6 +286,15 @@ func validateSoftStart(ctx context.Context, t *testing.T, profile string) {
t.Errorf("expected node port in the config not change after soft start. exepceted node port to be %d but got %d.", apiPortTest, afterCfg.Config.KubernetesConfig.NodePort)
}
t.Run("Audit", func(t *testing.T) {
got, err := auditContains(profile)
if err != nil {
t.Fatalf("failed to check audit log: %v", err)
}
if !got {
t.Errorf("audit.json does not contain the profile %q", profile)
}
})
}
// validateKubeContext asserts that kubectl is properly configured (race-condition prone!)

12
test/integration/json_output_test.go
View File

@ -54,7 +54,7 @@ func TestJSONOutput(t *testing.T) {
for _, test := range tests {
t.Run(test.command, func(t *testing.T) {
args := []string{test.command, "-p", profile, "--output=json"}
args := []string{test.command, "-p", profile, "--output=json", "--user=testUser"}
args = append(args, test.args...)
rr, err := Run(t, exec.CommandContext(ctx, Target(), args...))
@ -67,6 +67,16 @@ func TestJSONOutput(t *testing.T) {
t.Fatalf("converting to cloud events: %v\n", err)
}
t.Run("Audit", func(t *testing.T) {
got, err := auditContains("testUser")
if err != nil {
t.Fatalf("failed to check audit log: %v", err)
}
if !got {
t.Errorf("audit.json does not contain the user testUser")
}
})
type validateJSONOutputFunc func(context.Context, *testing.T, []*cloudEvent)
t.Run("parallel", func(t *testing.T) {
parallelTests := []struct {

20
test/integration/util_test.go
View File

@ -20,7 +20,10 @@ import (
"bufio"
"fmt"
"os"
"strings"
"time"
"k8s.io/minikube/pkg/minikube/localpath"
)
// ReadLineWithTimeout reads a line of text from a buffer with a timeout
@ -59,3 +62,20 @@ func UniqueProfileName(prefix string) string {
// example: prefix-20200413162239-3215
return fmt.Sprintf("%s-%s-%d", prefix, time.Now().Format("20060102150405"), os.Getpid())
}
// auditContains checks if the provided string is contained within the logs.
func auditContains(substr string) (bool, error) {
f, err := os.Open(localpath.AuditLog())
if err != nil {
return false, fmt.Errorf("Unable to open file %s: %v", localpath.AuditLog(), err)
}
defer f.Close()
s := bufio.NewScanner(f)
for s.Scan() {
if strings.Contains(s.Text(), substr) {
return true, nil
}
}
return false, nil
}