Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[audit] Figure out timestamps in event objects #52160

Closed
crassirostris opened this issue Sep 8, 2017 · 10 comments · Fixed by #52981
Closed

[audit] Figure out timestamps in event objects #52160

crassirostris opened this issue Sep 8, 2017 · 10 comments · Fixed by #52981
Assignees
@CaoShuFeng
Labels
area/audit kind/bug Categorizes issue or PR as related to a bug. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. milestone/removed priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. sig/auth Categorizes an issue or PR as relevant to SIG Auth.

Comments

@crassirostris
Copy link

crassirostris commented Sep 8, 2017
edited
Loading

Ref #48561

Currently, there's a Timestamp field in the audit.Event object, which represents Time the request reached the apiserver.. There're several problems with it:

  1. Since auditing process has several stages, each one generating a separate event object in the sink, name can be confusing: a person can understand it as a timestamp of the last auditing process stage.
  2. There's another field in the Event, inherited from the ObjectMeta: CreationTimestamps. It's also confusing what it means: either the same what Timestamp currently means or the stage timestmap.
  3. CreationTimestamp has seconds precision.
  4. Currently CreationTimestamp is not populated and left as nil in the serialized object.
  5. Currently there's no stage timestamp in the object, so it's not possible to understand from the last audit object, how much time the request took: you have to correlate events by the AuditId (which can be spoofed).

We agreed that the @soltysh's PR (#52030) will addressed the latter two points by populating the CreationTimestamp field with the stage timestamp, exposing this information and making CreationTimestamp field useful. However, that doesn't solve the problem of ambiguous names or CreationTimestamp precision. There are three options:

  1. Leave it as it is.
  2. Rename Timestamp field e.g. to RequestStartTimestamp
  3. Remove Timestamp field, introduce two new fields RequestStartTimestamp and StageTimestamp and remove ObjectMeta. This is the only option that will allow to use timestamps to make an accurate estimation of how much time the request took, since CreationTimestamp has only seconds precision.

Renaming/removing field ofc will happen in the backward-compatible way, by creating a new field that will hold the same value and then actually removing the field in the next API release.

Because of the precision problem, the last options seems like the best approach.

/cc @sttts @soltysh @ericchiang @CaoShuFeng
@crassirostris crassirostris added area/audit kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. sig/auth Categorizes an issue or PR as relevant to SIG Auth. labels Sep 8, 2017
@crassirostris crassirostris added this to the v1.9 milestone Sep 8, 2017
@crassirostris crassirostris changed the title [advanced-audit] Figure out timestamps in event objects [audit] Figure out timestamps in event objects Sep 8, 2017
@soltysh
Copy link
Contributor

soltysh commented Sep 8, 2017

  1. Remove Timestamp field, introduce two new fields RequestStartTimestamp and StageTimestamp and remove ObjectMeta (which is possible now, but not tested)

I thought during our discussion we agreed on CreationTimestap being what you call here RequestStartTimestamp (unless we get rid of ObjectMeta if that's possible), introducing a new StageTimestamp (or other name tbd), finally deprecating Timestamp since its name provides no information what kind of time it is.

@sttts
Copy link
Contributor

sttts commented Sep 8, 2017

I thought during our discussion we agreed on CreationTimestap being what you call here RequestStartTimestamp

The opposite. CreationTimestamp is the event object creation time by definition of that field. The Event.Timestamp is the request time (also by definition, i.e. by our godoc).

@sttts
Copy link
Contributor

sttts commented Sep 8, 2017

event object creation time by definition of that field

That we re-use that event object throughout the handler chain is our optimization and an implementation detail. From the outside we create one event per stage.

@CaoShuFeng
Copy link
Contributor

CaoShuFeng commented Sep 8, 2017
edited
Loading

  1. Rename Timestamp field e.g. to RequestStartTimestamp

I vote for this option.
But I suggest to rename RequestStartTimestamp to RequestReceivedTimestamp.
And in the RequestReceivedStage:
ObjectMeta.CreationTimestamp is equal to RequestReceivedTimestamp

@crassirostris
Copy link
Author

crassirostris commented Sep 8, 2017
edited
Loading

@soltysh Yeah, sorry for confusion earlier, I meant what @sttts said

@CaoShuFeng I also like this option better, b/c removing ObjectMeta will require some testing and even after that something can break, and leaving CreationTimestamp empty doesn't look good

@soltysh
Copy link
Contributor

soltysh commented Sep 8, 2017

Important requirement for this is that it should give very good precision, micro- or milisecond precision so we can measure actual time spent for processing requests.

@crassirostris
Copy link
Author

Important requirement for this is that it should give very good precision, micro- or milisecond precision so we can measure actual time spent for processing requests.

+1, I'll add this to the issue description

@hzxuzhonghu
Copy link
Member

  1. Remove Timestamp field, introduce two new fields RequestStartTimestamp and StageTimestamp and remove ObjectMeta. This is the only option that will allow to use timestamps to make an accurate estimation of how much time the request took, since CreationTimestamp has only seconds precision.

In order to improve precision, I think no use of CreationTimestamp is a better choise. We can define two new fields RequestStartTimestamp and StageTimestamp with a more precise time metric type.

@CaoShuFeng
Copy link
Contributor

/assign

@CaoShuFeng CaoShuFeng mentioned this issue Sep 25, 2017
Merged
@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Oct 7, 2017
@k8s-github-robot
Copy link

[MILESTONENOTIFIER] Milestone Removed

@CaoShuFeng @crassirostris

Important: This issue was missing labels required for the v1.9 milestone for more than 3 days:

kind: Must specify exactly one of kind/bug, kind/cleanup or kind/feature.

Help

@k8s-github-robot k8s-github-robot removed this from the v1.9 milestone Oct 11, 2017
k8s-github-robot pushed a commit that referenced this issue Oct 12, 2017
Merge pull request #52981 from CaoShuFeng/audit_v1beta2
6901fc3 
Automatic merge from submit-queue (batch tested with PRs 53119, 53753, 53795, 52981). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

add RequestReceivedTimestamp and StageTimestamp to audit event

fixes #52160

**Release note**:
```
Add RequestReceivedTimestamp and StageTimestamp with micro seconds to audit events.
```
sttts pushed a commit to sttts/apiserver that referenced this issue Oct 13, 2017
@k8s-publish-robot
Merge pull request #52981 from CaoShuFeng/audit_v1beta2
1546d52 
Automatic merge from submit-queue (batch tested with PRs 53119, 53753, 53795, 52981). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

add RequestReceivedTimestamp and StageTimestamp to audit event

fixes kubernetes/kubernetes#52160

**Release note**:
```
Add RequestReceivedTimestamp and StageTimestamp with micro seconds to audit events.
```

Kubernetes-commit: 6901fc37d1f74d131100997bd497f0d3c4ad9515
sttts pushed a commit to sttts/apiserver that referenced this issue Oct 14, 2017
@k8s-publish-robot
Merge pull request #52981 from CaoShuFeng/audit_v1beta2
c9bb058 
Automatic merge from submit-queue (batch tested with PRs 53119, 53753, 53795, 52981). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

add RequestReceivedTimestamp and StageTimestamp to audit event

fixes kubernetes/kubernetes#52160

**Release note**:
```
Add RequestReceivedTimestamp and StageTimestamp with micro seconds to audit events.
```

Kubernetes-commit: 6901fc37d1f74d131100997bd497f0d3c4ad9515
sttts pushed a commit to sttts/apiserver that referenced this issue Oct 16, 2017
@k8s-publish-robot
Merge pull request #52981 from CaoShuFeng/audit_v1beta2
b25f7a0 
Automatic merge from submit-queue (batch tested with PRs 53119, 53753, 53795, 52981). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

add RequestReceivedTimestamp and StageTimestamp to audit event

fixes kubernetes/kubernetes#52160

**Release note**:
```
Add RequestReceivedTimestamp and StageTimestamp with micro seconds to audit events.
```

Kubernetes-commit: 6901fc37d1f74d131100997bd497f0d3c4ad9515
@crassirostris crassirostris mentioned this issue Oct 25, 2017
Closed
14 tasks
@CaoShuFeng CaoShuFeng mentioned this issue Jul 3, 2018
Closed
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@CaoShuFeng CaoShuFeng

Labels
area/audit kind/bug Categorizes issue or PR as related to a bug. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. milestone/removed priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. sig/auth Categorizes an issue or PR as relevant to SIG Auth.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add RequestReceivedTimestamp and StageTimestamp to audit event CaoShuFeng/kubernetes
7 participants
@soltysh @sttts @crassirostris @hzxuzhonghu @k8s-github-robot @k8s-ci-robot @CaoShuFeng