Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var AclAuthorizerRegex = regroup.MustCompile(
`^\[\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d+\] [A-Z]+ Principal = \S+ is (?P<access>\S+) Operation = (?P<operation>\S+) from host = (?P<host>\S+) on resource = Topic:LITERAL:(?P<topic>.+) for request = \S+ with resourceRefCount = \d+ \(kafka\.authorizer\.logger\)$`,
)
AclAuthorizerRegex matches & decodes AclAuthorizer log records. Sample log record for reference: [2023-03-12 13:51:55,904] INFO Principal = User:2.5.4.45=#13206331373734376636373865323137613636346130653335393130326638303662,CN=myclient.otterize-tutorial-kafka-mtls,O=SPIRE,C=US is Denied Operation = Describe from host = 10.244.0.27 on resource = Topic:LITERAL:mytopic for request = Metadata with resourceRefCount = 1 (kafka.authorizer.logger)
Functions ¶
This section is empty.
Types ¶
type AuthorizerRecord ¶
type KubernetesLogWatcher ¶
type KubernetesLogWatcher struct {
// contains filtered or unexported fields
}
func NewKubernetesLogWatcher ¶
func NewKubernetesLogWatcher(mapperClient mapperclient.MapperClient, kafkaServers []types.NamespacedName) (*KubernetesLogWatcher, error)
func (*KubernetesLogWatcher) RunForever ¶
func (w *KubernetesLogWatcher) RunForever(ctx context.Context) error
type LogFileWatcher ¶
type LogFileWatcher struct {
// contains filtered or unexported fields
}
func NewLogFileWatcher ¶
func NewLogFileWatcher(mapperClient mapperclient.MapperClient, authzFilePath string, server types.NamespacedName) (*LogFileWatcher, error)
func (*LogFileWatcher) RunForever ¶
func (w *LogFileWatcher) RunForever(ctx context.Context) error
type SeenRecordsStore ¶
type SeenRecordsStore map[AuthorizerRecord]time.Time
Click to show internal directories.
Click to hide internal directories.