/* Copyright (c) Edgeless Systems GmbH SPDX-License-Identifier: AGPL-3.0-only */ package resources import ( "github.com/edgelesssys/constellation/v2/internal/kubernetes" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" auditv1 "k8s.io/apiserver/pkg/apis/audit/v1" ) // AuditPolicy defines rulesets for what should be logged in the kube-apiserver audit log. // reference: https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/ . type AuditPolicy struct { Policy auditv1.Policy } // NewDefaultAuditPolicy create a new default Constellation audit policty. func NewDefaultAuditPolicy() *AuditPolicy { return &AuditPolicy{ Policy: auditv1.Policy{ TypeMeta: v1.TypeMeta{ APIVersion: "audit.k8s.io/v1", Kind: "Policy", }, Rules: []auditv1.PolicyRule{ { Level: auditv1.LevelMetadata, }, }, }, } } // Marshal marshals the audit policy as a YAML document. func (p *AuditPolicy) Marshal() ([]byte, error) { return kubernetes.MarshalK8SResources(p) }