-
Notifications
You must be signed in to change notification settings - Fork 66
/
event_filter.go
45 lines (38 loc) · 986 Bytes
/
event_filter.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
package audit
import (
"regexp"
"k8s.io/apiserver/pkg/apis/audit"
"k8s.io/klog"
)
func FilterEvent(event *audit.Event, userRegex *regexp.Regexp, UserFilterInverse bool, nsRegex *regexp.Regexp) bool {
eventUser := &event.User
if event.ImpersonatedUser != nil {
eventUser = event.ImpersonatedUser
}
match := userRegex.MatchString(eventUser.Username)
// match inverse
// -----------------
// true true --> skip
// true false --> keep
// false true --> keep
// false false --> skip
if match {
if UserFilterInverse {
klog.V(5).Infof("skip %v", eventUser.Username)
return false
}
} else {
if !UserFilterInverse {
klog.V(5).Infof("skip %v", eventUser.Username)
return false
}
}
if event.ObjectRef != nil && event.ObjectRef.Namespace != "" {
match := nsRegex.MatchString(event.ObjectRef.Namespace)
if !match {
klog.V(5).Infof("skip namespace %v", event.ObjectRef.Namespace)
return false
}
}
return true
}