webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

k8s-operator,kube: allowing k8s api request events to be enabled via grants (#18393)

Browse Source 
Updates #35796

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
This commit is contained in:
Tom Meadows
2026-01-16 13:29:12 +00:00
committed by GitHub
parent 54d77898da
commit 1cc6f3282e
6 changed files with 118 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files
k8s-operator/api-proxy/proxy_events_test.go
+15 -3
View File
@@ -61,7 +61,6 @@ func TestRecordRequestAsEvent(t *testing.T) {
log: zl.Sugar(),
ts: &tsnet.Server{},
sendEventFunc: sender.Send,
eventsEnabled: true,
}
defaultWho := &apitype.WhoIsResponse{
@@ -76,7 +75,7 @@ func TestRecordRequestAsEvent(t *testing.T) {
CapMap: tailcfg.PeerCapMap{
tailcfg.PeerCapabilityKubernetes: []tailcfg.RawMessage{
tailcfg.RawMessage(`{"recorderAddrs":["127.0.0.1:1234"]}`),
tailcfg.RawMessage(`{"enforceRecorder": true}`),
tailcfg.RawMessage(`{"enforceRecorder": true, "enableEvents": true}`),
},
},
}
@@ -310,6 +309,7 @@ func TestRecordRequestAsEvent(t *testing.T) {
CapMap: tailcfg.PeerCapMap{
tailcfg.PeerCapabilityKubernetes: []tailcfg.RawMessage{
tailcfg.RawMessage(`{"recorderAddrs":["127.0.0.1:1234", "127.0.0.1:5678"]}`),
tailcfg.RawMessage(`{"enforceRecorder": true, "enableEvents": true}`),
},
},
},
@@ -398,6 +398,7 @@ func TestRecordRequestAsEvent(t *testing.T) {
},
setupSender: func() { sender.Reset() },
wantNumCalls: 0,
wantErr: true,
},
{
name: "error-sending",
@@ -510,8 +511,19 @@ func TestRecordRequestAsEvent(t *testing.T) {
tt.setupSender()
req := tt.req()
err := ap.recordRequestAsEvent(req, tt.who)
c, err := determineRecorderConfig(tt.who)
if err != nil {
t.Fatalf("error trying to determine whether the kubernetes api request %q needs to be recorded: %v", req.URL.String(), err)
return
}
if !c.enableEvents && tt.wantEvent != nil {
t.Errorf("expected event but events not enabled in CapMap. Want: %#v", tt.wantEvent)
return
}
err = ap.recordRequestAsEvent(req, tt.who, c.recorderAddresses, c.failOpen)
if (err != nil) != tt.wantErr {
t.Fatalf("recordRequestAsEvent() error = %v, wantErr %v", err, tt.wantErr)
}