[advanced audit]invalid audit saved for meta.k8s.io/v1.DeleteOptions

[CaoShuFeng]

Run this command:

curl -k -v -XDELETE  -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: kubectl/v1.10.0 (linux/amd64) kubernetes/d7e5bd1" http://172.16.29.130:8080/apis/extensions/v1beta1/namespaces/default/deployments/nginx --data '{"propagationPolicy":"Foreground","apiVersion":"meta.k8s.io/v1","kind":"DeleteOptions"}'

In this command we have such request body:

'{"propagationPolicy":"Foreground","apiVersion":"meta.k8s.io/v1","kind":"DeleteOptions"}'

But in the saved audit events, we have:

"requestObject":{"kind":"DeleteOptions","apiVersion":"extensions/v1beta1","propagationPolicy":"Foreground"}

/cc @sttts

[CaoShuFeng]

It has something to do with this:

kubernetes/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/delete.go

Line 68 in e823c47

// For backwards compatibility, we need to allow existing clients to submit per group DeleteOptions

[soltysh]

Hmm... I'm not sure we can do anything with it for now, until the DeletionOptions are handled properly. In my scale of seriousness this falls in the the category of not that much. We do record 90% of relevant information, the only wrong information is the api groups which is sort of ok, imho. At least for now.

[caesarxuchao]

cc @tallclair

[lavalamp]

I don't think this is an API machinery thing, @tallclair is there a better SIG?

[tallclair]

cc @crassirostris

Audit logging is sort of a collaboration of sig-apimachinery & sig-auth

[liggitt]

I don't think this is really worth fixing, as it is specific to the meta options structs

[CaoShuFeng]

I don't think this is really worth fixing, as it is specific to the meta options structs

/close