flavio/kwctl.log

## kwctl.log
Running `target/release/kwctl -v run --settings-json '{"allowed_capabilities": ["CHOWN"]}' -r ../psp-capabilities/test_data/req_pod_with_container_with_capabilities_added.json ../psp-capabilities/target/wasm32-unknown-unknown/release/psp_capabilities.wasm`
Jun 27 15:06:21.457  INFO validate{self=PolicyEvaluator { settings: Some({"allowed_capabilities": Array([String("CHOWN")])}) } request="{\"uid\":\"1299d386-525b-4032-98ae-1949f69f9cfc\",\"kind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"resource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"requestKind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"requestResource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"name\":\"nginx\",\"namespace\":\"default\",\"operation\":\"CREATE\",\"userInfo\":{\"username\":\"kubernetes-admin\",\"groups\":[\"system:masters\",\"system:authenticated\"]},\"object\":{\"kind\":\"Pod\",\"apiVersion\":\"v1\",\"metadata\":{\"name\":\"nginx\",\"namespace\":\"default\",\"uid\":\"04dc7a5e-e1f1-4e34-8d65-2c9337a43e64\",\"creationTimestamp\":\"2020-11-12T15:18:36Z\",\"labels\":{\"env\":\"test\"},\"annotations\":{\"kubectl.kubernetes.io/last-applied-configuration\":\"{\\\"apiVersion\\\":\\\"v1\\\",\\\"kind\\\":\\\"Pod\\\",\\\"metadata\\\":{\\\"annotations\\\":{},\\\"labels\\\":{\\\"env\\\":\\\"test\\\"},\\\"name\\\":\\\"nginx\\\",\\\"namespace\\\":\\\"default\\\"},\\\"spec\\\":{\\\"containers\\\":[{\\\"image\\\":\\\"nginx\\\",\\\"imagePullPolicy\\\":\\\"IfNotPresent\\\",\\\"name\\\":\\\"nginx\\\"}],\\\"tolerations\\\":[{\\\"effect\\\":\\\"NoSchedule\\\",\\\"key\\\":\\\"example-key\\\",\\\"operator\\\":\\\"Exists\\\"}]}}\\n\"},\"managedFields\":[{\"manager\":\"kubectl\",\"operation\":\"Update\",\"apiVersion\":\"v1\",\"time\":\"2020-11-12T15:18:36Z\",\"fieldsType\":\"FieldsV1\",\"fieldsV1\":{\"f:metadata\":{\"f:annotations\":{\".\":{},\"f:kubectl.kubernetes.io/last-applied-configuration\":{}},\"f:labels\":{\".\":{},\"f:env\":{}}},\"f:spec\":{\"f:containers\":{\"k:{\\\"name\\\":\\\"nginx\\\"}\":{\".\":{},\"f:image\":{},\"f:imagePullPolicy\":{},\"f:name\":{},\"f:resources\":{},\"f:terminationMessagePath\":{},\"f:terminationMessagePolicy\":{}}},\"f:dnsPolicy\":{},\"f:enableServiceLinks\":{},\"f:restartPolicy\":{},\"f:schedulerName\":{},\"f:securityContext\":{},\"f:terminationGracePeriodSeconds\":{},\"f:tolerations\":{}}}}]},\"spec\":{\"volumes\":[{\"name\":\"default-token-pvpz7\",\"secret\":{\"secretName\":\"default-token-pvpz7\"}}],\"containers\":[{\"name\":\"nginx\",\"image\":\"nginx\",\"resources\":{},\"securityContext\":{\"capabilities\":{\"add\":[\"NET_ADMIN\",\"SYS_TIME\"],\"drop\":[\"SYS_PTRACE\"]}},\"volumeMounts\":[{\"name\":\"default-token-pvpz7\",\"readOnly\":true,\"mountPath\":\"/var/run/secrets/kubernetes.io/serviceaccount\"}],\"terminationMessagePath\":\"/dev/termination-log\",\"terminationMessagePolicy\":\"File\",\"imagePullPolicy\":\"IfNotPresent\"}],\"restartPolicy\":\"Always\",\"terminationGracePeriodSeconds\":30,\"dnsPolicy\":\"ClusterFirst\",\"serviceAccountName\":\"default\",\"serviceAccount\":\"default\",\"securityContext\":{},\"schedulerName\":\"default-scheduler\",\"tolerations\":[{\"key\":\"node.kubernetes.io/not-ready\",\"operator\":\"Exists\",\"effect\":\"NoExecute\",\"tolerationSeconds\":300},{\"key\":\"node.kubernetes.io/unreachable\",\"operator\":\"Exists\",\"effect\":\"NoExecute\",\"tolerationSeconds\":300},{\"key\":\"dedicated\",\"operator\":\"Equal\",\"value\":\"tenantA\",\"effect\":\"NoSchedule\"}],\"priority\":0,\"enableServiceLinks\":true,\"preemptionPolicy\":\"PreemptLowerPriority\"},\"status\":{\"phase\":\"Pending\",\"qosClass\":\"BestEffort\"}},\"oldObject\":null,\"dryRun\":false,\"options\":{\"kind\":\"CreateOptions\",\"apiVersion\":\"meta.k8s.io/v1\"}}" policy_name="unknown"}:policy validation: policy_evaluator::policy_tracing: entry=PolicyLogEntry { level: Info, message: "just a message", data: {"logger_key1": String("logger_value1")}, extra_fields: {"line": Number(30), "column": Number(5), "file": String("src/lib.rs")} }
Jun 27 15:06:21.457  INFO validate{self=PolicyEvaluator { settings: Some({"allowed_capabilities": Array([String("CHOWN")])}) } request="{\"uid\":\"1299d386-525b-4032-98ae-1949f69f9cfc\",\"kind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"resource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"requestKind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"requestResource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"name\":\"nginx\",\"namespace\":\"default\",\"operation\":\"CREATE\",\"userInfo\":{\"username\":\"kubernetes-admin\",\"groups\":[\"system:masters\",\"system:authenticated\"]},\"object\":{\"kind\":\"Pod\",\"apiVersion\":\"v1\",\"metadata\":{\"name\":\"nginx\",\"namespace\":\"default\",\"uid\":\"04dc7a5e-e1f1-4e34-8d65-2c9337a43e64\",\"creationTimestamp\":\"2020-11-12T15:18:36Z\",\"labels\":{\"env\":\"test\"},\"annotations\":{\"kubectl.kubernetes.io/last-applied-configuration\":\"{\\\"apiVersion\\\":\\\"v1\\\",\\\"kind\\\":\\\"Pod\\\",\\\"metadata\\\":{\\\"annotations\\\":{},\\\"labels\\\":{\\\"env\\\":\\\"test\\\"},\\\"name\\\":\\\"nginx\\\",\\\"namespace\\\":\\\"default\\\"},\\\"spec\\\":{\\\"containers\\\":[{\\\"image\\\":\\\"nginx\\\",\\\"imagePullPolicy\\\":\\\"IfNotPresent\\\",\\\"name\\\":\\\"nginx\\\"}],\\\"tolerations\\\":[{\\\"effect\\\":\\\"NoSchedule\\\",\\\"key\\\":\\\"example-key\\\",\\\"operator\\\":\\\"Exists\\\"}]}}\\n\"},\"managedFields\":[{\"manager\":\"kubectl\",\"operation\":\"Update\",\"apiVersion\":\"v1\",\"time\":\"2020-11-12T15:18:36Z\",\"fieldsType\":\"FieldsV1\",\"fieldsV1\":{\"f:metadata\":{\"f:annotations\":{\".\":{},\"f:kubectl.kubernetes.io/last-applied-configuration\":{}},\"f:labels\":{\".\":{},\"f:env\":{}}},\"f:spec\":{\"f:containers\":{\"k:{\\\"name\\\":\\\"nginx\\\"}\":{\".\":{},\"f:image\":{},\"f:imagePullPolicy\":{},\"f:name\":{},\"f:resources\":{},\"f:terminationMessagePath\":{},\"f:terminationMessagePolicy\":{}}},\"f:dnsPolicy\":{},\"f:enableServiceLinks\":{},\"f:restartPolicy\":{},\"f:schedulerName\":{},\"f:securityContext\":{},\"f:terminationGracePeriodSeconds\":{},\"f:tolerations\":{}}}}]},\"spec\":{\"volumes\":[{\"name\":\"default-token-pvpz7\",\"secret\":{\"secretName\":\"default-token-pvpz7\"}}],\"containers\":[{\"name\":\"nginx\",\"image\":\"nginx\",\"resources\":{},\"securityContext\":{\"capabilities\":{\"add\":[\"NET_ADMIN\",\"SYS_TIME\"],\"drop\":[\"SYS_PTRACE\"]}},\"volumeMounts\":[{\"name\":\"default-token-pvpz7\",\"readOnly\":true,\"mountPath\":\"/var/run/secrets/kubernetes.io/serviceaccount\"}],\"terminationMessagePath\":\"/dev/termination-log\",\"terminationMessagePolicy\":\"File\",\"imagePullPolicy\":\"IfNotPresent\"}],\"restartPolicy\":\"Always\",\"terminationGracePeriodSeconds\":30,\"dnsPolicy\":\"ClusterFirst\",\"serviceAccountName\":\"default\",\"serviceAccount\":\"default\",\"securityContext\":{},\"schedulerName\":\"default-scheduler\",\"tolerations\":[{\"key\":\"node.kubernetes.io/not-ready\",\"operator\":\"Exists\",\"effect\":\"NoExecute\",\"tolerationSeconds\":300},{\"key\":\"node.kubernetes.io/unreachable\",\"operator\":\"Exists\",\"effect\":\"NoExecute\",\"tolerationSeconds\":300},{\"key\":\"dedicated\",\"operator\":\"Equal\",\"value\":\"tenantA\",\"effect\":\"NoSchedule\"}],\"priority\":0,\"enableServiceLinks\":true,\"preemptionPolicy\":\"PreemptLowerPriority\"},\"status\":{\"phase\":\"Pending\",\"qosClass\":\"BestEffort\"}},\"oldObject\":null,\"dryRun\":false,\"options\":{\"kind\":\"CreateOptions\",\"apiVersion\":\"meta.k8s.io/v1\"}}" policy_name="unknown"}:policy validation: policy_evaluator::policy_tracing: entry=PolicyLogEntry { level: Info, message: "interpolation at work", data: {"logger_key1": String("logger_value1")}, extra_fields: {"line": Number(31), "column": Number(5), "file": String("src/lib.rs")} }
Jun 27 15:06:21.457  INFO validate{self=PolicyEvaluator { settings: Some({"allowed_capabilities": Array([String("CHOWN")])}) } request="{\"uid\":\"1299d386-525b-4032-98ae-1949f69f9cfc\",\"kind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"resource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"requestKind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"requestResource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"name\":\"nginx\",\"namespace\":\"default\",\"operation\":\"CREATE\",\"userInfo\":{\"username\":\"kubernetes-admin\",\"groups\":[\"system:masters\",\"system:authenticated\"]},\"object\":{\"kind\":\"Pod\",\"apiVersion\":\"v1\",\"metadata\":{\"name\":\"nginx\",\"namespace\":\"default\",\"uid\":\"04dc7a5e-e1f1-4e34-8d65-2c9337a43e64\",\"creationTimestamp\":\"2020-11-12T15:18:36Z\",\"labels\":{\"env\":\"test\"},\"annotations\":{\"kubectl.kubernetes.io/last-applied-configuration\":\"{\\\"apiVersion\\\":\\\"v1\\\",\\\"kind\\\":\\\"Pod\\\",\\\"metadata\\\":{\\\"annotations\\\":{},\\\"labels\\\":{\\\"env\\\":\\\"test\\\"},\\\"name\\\":\\\"nginx\\\",\\\"namespace\\\":\\\"default\\\"},\\\"spec\\\":{\\\"containers\\\":[{\\\"image\\\":\\\"nginx\\\",\\\"imagePullPolicy\\\":\\\"IfNotPresent\\\",\\\"name\\\":\\\"nginx\\\"}],\\\"tolerations\\\":[{\\\"effect\\\":\\\"NoSchedule\\\",\\\"key\\\":\\\"example-key\\\",\\\"operator\\\":\\\"Exists\\\"}]}}\\n\"},\"managedFields\":[{\"manager\":\"kubectl\",\"operation\":\"Update\",\"apiVersion\":\"v1\",\"time\":\"2020-11-12T15:18:36Z\",\"fieldsType\":\"FieldsV1\",\"fieldsV1\":{\"f:metadata\":{\"f:annotations\":{\".\":{},\"f:kubectl.kubernetes.io/last-applied-configuration\":{}},\"f:labels\":{\".\":{},\"f:env\":{}}},\"f:spec\":{\"f:containers\":{\"k:{\\\"name\\\":\\\"nginx\\\"}\":{\".\":{},\"f:image\":{},\"f:imagePullPolicy\":{},\"f:name\":{},\"f:resources\":{},\"f:terminationMessagePath\":{},\"f:terminationMessagePolicy\":{}}},\"f:dnsPolicy\":{},\"f:enableServiceLinks\":{},\"f:restartPolicy\":{},\"f:schedulerName\":{},\"f:securityContext\":{},\"f:terminationGracePeriodSeconds\":{},\"f:tolerations\":{}}}}]},\"spec\":{\"volumes\":[{\"name\":\"default-token-pvpz7\",\"secret\":{\"secretName\":\"default-token-pvpz7\"}}],\"containers\":[{\"name\":\"nginx\",\"image\":\"nginx\",\"resources\":{},\"securityContext\":{\"capabilities\":{\"add\":[\"NET_ADMIN\",\"SYS_TIME\"],\"drop\":[\"SYS_PTRACE\"]}},\"volumeMounts\":[{\"name\":\"default-token-pvpz7\",\"readOnly\":true,\"mountPath\":\"/var/run/secrets/kubernetes.io/serviceaccount\"}],\"terminationMessagePath\":\"/dev/termination-log\",\"terminationMessagePolicy\":\"File\",\"imagePullPolicy\":\"IfNotPresent\"}],\"restartPolicy\":\"Always\",\"terminationGracePeriodSeconds\":30,\"dnsPolicy\":\"ClusterFirst\",\"serviceAccountName\":\"default\",\"serviceAccount\":\"default\",\"securityContext\":{},\"schedulerName\":\"default-scheduler\",\"tolerations\":[{\"key\":\"node.kubernetes.io/not-ready\",\"operator\":\"Exists\",\"effect\":\"NoExecute\",\"tolerationSeconds\":300},{\"key\":\"node.kubernetes.io/unreachable\",\"operator\":\"Exists\",\"effect\":\"NoExecute\",\"tolerationSeconds\":300},{\"key\":\"dedicated\",\"operator\":\"Equal\",\"value\":\"tenantA\",\"effect\":\"NoSchedule\"}],\"priority\":0,\"enableServiceLinks\":true,\"preemptionPolicy\":\"PreemptLowerPriority\"},\"status\":{\"phase\":\"Pending\",\"qosClass\":\"BestEffort\"}},\"oldObject\":null,\"dryRun\":false,\"options\":{\"kind\":\"CreateOptions\",\"apiVersion\":\"meta.k8s.io/v1\"}}" policy_name="unknown"}:policy validation: policy_evaluator::policy_tracing: entry=PolicyLogEntry { level: Info, message: "structured log", data: {"enabled": Bool(true), "number": Number(42), "string_val": String("string"), "logger_key1": String("logger_value1")}, extra_fields: {"line": Number(32), "column": Number(5), "file": String("src/lib.rs")} }
Jun 27 15:06:21.457  INFO validate{self=PolicyEvaluator { settings: Some({"allowed_capabilities": Array([String("CHOWN")])}) } request="{\"uid\":\"1299d386-525b-4032-98ae-1949f69f9cfc\",\"kind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"resource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"requestKind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"requestResource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"name\":\"nginx\",\"namespace\":\"default\",\"operation\":\"CREATE\",\"userInfo\":{\"username\":\"kubernetes-admin\",\"groups\":[\"system:masters\",\"system:authenticated\"]},\"object\":{\"kind\":\"Pod\",\"apiVersion\":\"v1\",\"metadata\":{\"name\":\"nginx\",\"namespace\":\"default\",\"uid\":\"04dc7a5e-e1f1-4e34-8d65-2c9337a43e64\",\"creationTimestamp\":\"2020-11-12T15:18:36Z\",\"labels\":{\"env\":\"test\"},\"annotations\":{\"kubectl.kubernetes.io/last-applied-configuration\":\"{\\\"apiVersion\\\":\\\"v1\\\",\\\"kind\\\":\\\"Pod\\\",\\\"metadata\\\":{\\\"annotations\\\":{},\\\"labels\\\":{\\\"env\\\":\\\"test\\\"},\\\"name\\\":\\\"nginx\\\",\\\"namespace\\\":\\\"default\\\"},\\\"spec\\\":{\\\"containers\\\":[{\\\"image\\\":\\\"nginx\\\",\\\"imagePullPolicy\\\":\\\"IfNotPresent\\\",\\\"name\\\":\\\"nginx\\\"}],\\\"tolerations\\\":[{\\\"effect\\\":\\\"NoSchedule\\\",\\\"key\\\":\\\"example-key\\\",\\\"operator\\\":\\\"Exists\\\"}]}}\\n\"},\"managedFields\":[{\"manager\":\"kubectl\",\"operation\":\"Update\",\"apiVersion\":\"v1\",\"time\":\"2020-11-12T15:18:36Z\",\"fieldsType\":\"FieldsV1\",\"fieldsV1\":{\"f:metadata\":{\"f:annotations\":{\".\":{},\"f:kubectl.kubernetes.io/last-applied-configuration\":{}},\"f:labels\":{\".\":{},\"f:env\":{}}},\"f:spec\":{\"f:containers\":{\"k:{\\\"name\\\":\\\"nginx\\\"}\":{\".\":{},\"f:image\":{},\"f:imagePullPolicy\":{},\"f:name\":{},\"f:resources\":{},\"f:terminationMessagePath\":{},\"f:terminationMessagePolicy\":{}}},\"f:dnsPolicy\":{},\"f:enableServiceLinks\":{},\"f:restartPolicy\":{},\"f:schedulerName\":{},\"f:securityContext\":{},\"f:terminationGracePeriodSeconds\":{},\"f:tolerations\":{}}}}]},\"spec\":{\"volumes\":[{\"name\":\"default-token-pvpz7\",\"secret\":{\"secretName\":\"default-token-pvpz7\"}}],\"containers\":[{\"name\":\"nginx\",\"image\":\"nginx\",\"resources\":{},\"securityContext\":{\"capabilities\":{\"add\":[\"NET_ADMIN\",\"SYS_TIME\"],\"drop\":[\"SYS_PTRACE\"]}},\"volumeMounts\":[{\"name\":\"default-token-pvpz7\",\"readOnly\":true,\"mountPath\":\"/var/run/secrets/kubernetes.io/serviceaccount\"}],\"terminationMessagePath\":\"/dev/termination-log\",\"terminationMessagePolicy\":\"File\",\"imagePullPolicy\":\"IfNotPresent\"}],\"restartPolicy\":\"Always\",\"terminationGracePeriodSeconds\":30,\"dnsPolicy\":\"ClusterFirst\",\"serviceAccountName\":\"default\",\"serviceAccount\":\"default\",\"securityContext\":{},\"schedulerName\":\"default-scheduler\",\"tolerations\":[{\"key\":\"node.kubernetes.io/not-ready\",\"operator\":\"Exists\",\"effect\":\"NoExecute\",\"tolerationSeconds\":300},{\"key\":\"node.kubernetes.io/unreachable\",\"operator\":\"Exists\",\"effect\":\"NoExecute\",\"tolerationSeconds\":300},{\"key\":\"dedicated\",\"operator\":\"Equal\",\"value\":\"tenantA\",\"effect\":\"NoSchedule\"}],\"priority\":0,\"enableServiceLinks\":true,\"preemptionPolicy\":\"PreemptLowerPriority\"},\"status\":{\"phase\":\"Pending\",\"qosClass\":\"BestEffort\"}},\"oldObject\":null,\"dryRun\":false,\"options\":{\"kind\":\"CreateOptions\",\"apiVersion\":\"meta.k8s.io/v1\"}}" policy_name="unknown"}:policy validation: policy_evaluator::policy_tracing: entry=PolicyLogEntry { level: Info, message: "inner structured message", data: {"hello": String("world"), "logger_key1": String("logger_value1")}, extra_fields: {"line": Number(15), "column": Number(5), "file": String("src/validate.rs")} }
{"uid":"1299d386-525b-4032-98ae-1949f69f9cfc","allowed":false,"status":{"message":"PSP capabilities policies doesn't allow these capabilities to be added: {\"NET_ADMIN\", \"SYS_TIME\"}"}}
	Running `target/release/kwctl -v run --settings-json '{"allowed_capabilities": ["CHOWN"]}' -r ../psp-capabilities/test_data/req_pod_with_container_with_capabilities_added.json ../psp-capabilities/target/wasm32-unknown-unknown/release/psp_capabilities.wasm`
	Jun 27 15:06:21.457 INFO validate{self=PolicyEvaluator { settings: Some({"allowed_capabilities": Array([String("CHOWN")])}) } request="{\"uid\":\"1299d386-525b-4032-98ae-1949f69f9cfc\",\"kind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"resource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"requestKind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"requestResource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"name\":\"nginx\",\"namespace\":\"default\",\"operation\":\"CREATE\",\"userInfo\":{\"username\":\"kubernetes-admin\",\"groups\":[\"system:masters\",\"system:authenticated\"]},\"object\":{\"kind\":\"Pod\",\"apiVersion\":\"v1\",\"metadata\":{\"name\":\"nginx\",\"namespace\":\"default\",\"uid\":\"04dc7a5e-e1f1-4e34-8d65-2c9337a43e64\",\"creationTimestamp\":\"2020-11-12T15:18:36Z\",\"labels\":{\"env\":\"test\"},\"annotations\":{\"kubectl.kubernetes.io/last-applied-configuration\":\"{\\\"apiVersion\\\":\\\"v1\\\",\\\"kind\\\":\\\"Pod\\\",\\\"metadata\\\":{\\\"annotations\\\":{},\\\"labels\\\":{\\\"env\\\":\\\"test\\\"},\\\"name\\\":\\\"nginx\\\",\\\"namespace\\\":\\\"default\\\"},\\\"spec\\\":{\\\"containers\\\":[{\\\"image\\\":\\\"nginx\\\",\\\"imagePullPolicy\\\":\\\"IfNotPresent\\\",\\\"name\\\":\\\"nginx\\\"}],\\\"tolerations\\\":[{\\\"effect\\\":\\\"NoSchedule\\\",\\\"key\\\":\\\"example-key\\\",\\\"operator\\\":\\\"Exists\\\"}]}}\\n\"},\"managedFields\":[{\"manager\":\"kubectl\",\"operation\":\"Update\",\"apiVersion\":\"v1\",\"time\":\"2020-11-12T15:18:36Z\",\"fieldsType\":\"FieldsV1\",\"fieldsV1\":{\"f:metadata\":{\"f:annotations\":{\".\":{},\"f:kubectl.kubernetes.io/last-applied-configuration\":{}},\"f:labels\":{\".\":{},\"f:env\":{}}},\"f:spec\":{\"f:containers\":{\"k:{\\\"name\\\":\\\"nginx\\\"}\":{\".\":{},\"f:image\":{},\"f:imagePullPolicy\":{},\"f:name\":{},\"f:resources\":{},\"f:terminationMessagePath\":{},\"f:terminationMessagePolicy\":{}}},\"f:dnsPolicy\":{},\"f:enableServiceLinks\":{},\"f:restartPolicy\":{},\"f:schedulerName\":{},\"f:securityContext\":{},\"f:terminationGracePeriodSeconds\":{},\"f:tolerations\":{}}}}]},\"spec\":{\"volumes\":[{\"name\":\"default-token-pvpz7\",\"secret\":{\"secretName\":\"default-token-pvpz7\"}}],\"containers\":[{\"name\":\"nginx\",\"image\":\"nginx\",\"resources\":{},\"securityContext\":{\"capabilities\":{\"add\":[\"NET_ADMIN\",\"SYS_TIME\"],\"drop\":[\"SYS_PTRACE\"]}},\"volumeMounts\":[{\"name\":\"default-token-pvpz7\",\"readOnly\":true,\"mountPath\":\"/var/run/secrets/kubernetes.io/serviceaccount\"}],\"terminationMessagePath\":\"/dev/termination-log\",\"terminationMessagePolicy\":\"File\",\"imagePullPolicy\":\"IfNotPresent\"}],\"restartPolicy\":\"Always\",\"terminationGracePeriodSeconds\":30,\"dnsPolicy\":\"ClusterFirst\",\"serviceAccountName\":\"default\",\"serviceAccount\":\"default\",\"securityContext\":{},\"schedulerName\":\"default-scheduler\",\"tolerations\":[{\"key\":\"node.kubernetes.io/not-ready\",\"operator\":\"Exists\",\"effect\":\"NoExecute\",\"tolerationSeconds\":300},{\"key\":\"node.kubernetes.io/unreachable\",\"operator\":\"Exists\",\"effect\":\"NoExecute\",\"tolerationSeconds\":300},{\"key\":\"dedicated\",\"operator\":\"Equal\",\"value\":\"tenantA\",\"effect\":\"NoSchedule\"}],\"priority\":0,\"enableServiceLinks\":true,\"preemptionPolicy\":\"PreemptLowerPriority\"},\"status\":{\"phase\":\"Pending\",\"qosClass\":\"BestEffort\"}},\"oldObject\":null,\"dryRun\":false,\"options\":{\"kind\":\"CreateOptions\",\"apiVersion\":\"meta.k8s.io/v1\"}}" policy_name="unknown"}:policy validation: policy_evaluator::policy_tracing: entry=PolicyLogEntry { level: Info, message: "just a message", data: {"logger_key1": String("logger_value1")}, extra_fields: {"line": Number(30), "column": Number(5), "file": String("src/lib.rs")} }
	Jun 27 15:06:21.457 INFO validate{self=PolicyEvaluator { settings: Some({"allowed_capabilities": Array([String("CHOWN")])}) } request="{\"uid\":\"1299d386-525b-4032-98ae-1949f69f9cfc\",\"kind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"resource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"requestKind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"requestResource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"name\":\"nginx\",\"namespace\":\"default\",\"operation\":\"CREATE\",\"userInfo\":{\"username\":\"kubernetes-admin\",\"groups\":[\"system:masters\",\"system:authenticated\"]},\"object\":{\"kind\":\"Pod\",\"apiVersion\":\"v1\",\"metadata\":{\"name\":\"nginx\",\"namespace\":\"default\",\"uid\":\"04dc7a5e-e1f1-4e34-8d65-2c9337a43e64\",\"creationTimestamp\":\"2020-11-12T15:18:36Z\",\"labels\":{\"env\":\"test\"},\"annotations\":{\"kubectl.kubernetes.io/last-applied-configuration\":\"{\\\"apiVersion\\\":\\\"v1\\\",\\\"kind\\\":\\\"Pod\\\",\\\"metadata\\\":{\\\"annotations\\\":{},\\\"labels\\\":{\\\"env\\\":\\\"test\\\"},\\\"name\\\":\\\"nginx\\\",\\\"namespace\\\":\\\"default\\\"},\\\"spec\\\":{\\\"containers\\\":[{\\\"image\\\":\\\"nginx\\\",\\\"imagePullPolicy\\\":\\\"IfNotPresent\\\",\\\"name\\\":\\\"nginx\\\"}],\\\"tolerations\\\":[{\\\"effect\\\":\\\"NoSchedule\\\",\\\"key\\\":\\\"example-key\\\",\\\"operator\\\":\\\"Exists\\\"}]}}\\n\"},\"managedFields\":[{\"manager\":\"kubectl\",\"operation\":\"Update\",\"apiVersion\":\"v1\",\"time\":\"2020-11-12T15:18:36Z\",\"fieldsType\":\"FieldsV1\",\"fieldsV1\":{\"f:metadata\":{\"f:annotations\":{\".\":{},\"f:kubectl.kubernetes.io/last-applied-configuration\":{}},\"f:labels\":{\".\":{},\"f:env\":{}}},\"f:spec\":{\"f:containers\":{\"k:{\\\"name\\\":\\\"nginx\\\"}\":{\".\":{},\"f:image\":{},\"f:imagePullPolicy\":{},\"f:name\":{},\"f:resources\":{},\"f:terminationMessagePath\":{},\"f:terminationMessagePolicy\":{}}},\"f:dnsPolicy\":{},\"f:enableServiceLinks\":{},\"f:restartPolicy\":{},\"f:schedulerName\":{},\"f:securityContext\":{},\"f:terminationGracePeriodSeconds\":{},\"f:tolerations\":{}}}}]},\"spec\":{\"volumes\":[{\"name\":\"default-token-pvpz7\",\"secret\":{\"secretName\":\"default-token-pvpz7\"}}],\"containers\":[{\"name\":\"nginx\",\"image\":\"nginx\",\"resources\":{},\"securityContext\":{\"capabilities\":{\"add\":[\"NET_ADMIN\",\"SYS_TIME\"],\"drop\":[\"SYS_PTRACE\"]}},\"volumeMounts\":[{\"name\":\"default-token-pvpz7\",\"readOnly\":true,\"mountPath\":\"/var/run/secrets/kubernetes.io/serviceaccount\"}],\"terminationMessagePath\":\"/dev/termination-log\",\"terminationMessagePolicy\":\"File\",\"imagePullPolicy\":\"IfNotPresent\"}],\"restartPolicy\":\"Always\",\"terminationGracePeriodSeconds\":30,\"dnsPolicy\":\"ClusterFirst\",\"serviceAccountName\":\"default\",\"serviceAccount\":\"default\",\"securityContext\":{},\"schedulerName\":\"default-scheduler\",\"tolerations\":[{\"key\":\"node.kubernetes.io/not-ready\",\"operator\":\"Exists\",\"effect\":\"NoExecute\",\"tolerationSeconds\":300},{\"key\":\"node.kubernetes.io/unreachable\",\"operator\":\"Exists\",\"effect\":\"NoExecute\",\"tolerationSeconds\":300},{\"key\":\"dedicated\",\"operator\":\"Equal\",\"value\":\"tenantA\",\"effect\":\"NoSchedule\"}],\"priority\":0,\"enableServiceLinks\":true,\"preemptionPolicy\":\"PreemptLowerPriority\"},\"status\":{\"phase\":\"Pending\",\"qosClass\":\"BestEffort\"}},\"oldObject\":null,\"dryRun\":false,\"options\":{\"kind\":\"CreateOptions\",\"apiVersion\":\"meta.k8s.io/v1\"}}" policy_name="unknown"}:policy validation: policy_evaluator::policy_tracing: entry=PolicyLogEntry { level: Info, message: "interpolation at work", data: {"logger_key1": String("logger_value1")}, extra_fields: {"line": Number(31), "column": Number(5), "file": String("src/lib.rs")} }
	Jun 27 15:06:21.457 INFO validate{self=PolicyEvaluator { settings: Some({"allowed_capabilities": Array([String("CHOWN")])}) } request="{\"uid\":\"1299d386-525b-4032-98ae-1949f69f9cfc\",\"kind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"resource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"requestKind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"requestResource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"name\":\"nginx\",\"namespace\":\"default\",\"operation\":\"CREATE\",\"userInfo\":{\"username\":\"kubernetes-admin\",\"groups\":[\"system:masters\",\"system:authenticated\"]},\"object\":{\"kind\":\"Pod\",\"apiVersion\":\"v1\",\"metadata\":{\"name\":\"nginx\",\"namespace\":\"default\",\"uid\":\"04dc7a5e-e1f1-4e34-8d65-2c9337a43e64\",\"creationTimestamp\":\"2020-11-12T15:18:36Z\",\"labels\":{\"env\":\"test\"},\"annotations\":{\"kubectl.kubernetes.io/last-applied-configuration\":\"{\\\"apiVersion\\\":\\\"v1\\\",\\\"kind\\\":\\\"Pod\\\",\\\"metadata\\\":{\\\"annotations\\\":{},\\\"labels\\\":{\\\"env\\\":\\\"test\\\"},\\\"name\\\":\\\"nginx\\\",\\\"namespace\\\":\\\"default\\\"},\\\"spec\\\":{\\\"containers\\\":[{\\\"image\\\":\\\"nginx\\\",\\\"imagePullPolicy\\\":\\\"IfNotPresent\\\",\\\"name\\\":\\\"nginx\\\"}],\\\"tolerations\\\":[{\\\"effect\\\":\\\"NoSchedule\\\",\\\"key\\\":\\\"example-key\\\",\\\"operator\\\":\\\"Exists\\\"}]}}\\n\"},\"managedFields\":[{\"manager\":\"kubectl\",\"operation\":\"Update\",\"apiVersion\":\"v1\",\"time\":\"2020-11-12T15:18:36Z\",\"fieldsType\":\"FieldsV1\",\"fieldsV1\":{\"f:metadata\":{\"f:annotations\":{\".\":{},\"f:kubectl.kubernetes.io/last-applied-configuration\":{}},\"f:labels\":{\".\":{},\"f:env\":{}}},\"f:spec\":{\"f:containers\":{\"k:{\\\"name\\\":\\\"nginx\\\"}\":{\".\":{},\"f:image\":{},\"f:imagePullPolicy\":{},\"f:name\":{},\"f:resources\":{},\"f:terminationMessagePath\":{},\"f:terminationMessagePolicy\":{}}},\"f:dnsPolicy\":{},\"f:enableServiceLinks\":{},\"f:restartPolicy\":{},\"f:schedulerName\":{},\"f:securityContext\":{},\"f:terminationGracePeriodSeconds\":{},\"f:tolerations\":{}}}}]},\"spec\":{\"volumes\":[{\"name\":\"default-token-pvpz7\",\"secret\":{\"secretName\":\"default-token-pvpz7\"}}],\"containers\":[{\"name\":\"nginx\",\"image\":\"nginx\",\"resources\":{},\"securityContext\":{\"capabilities\":{\"add\":[\"NET_ADMIN\",\"SYS_TIME\"],\"drop\":[\"SYS_PTRACE\"]}},\"volumeMounts\":[{\"name\":\"default-token-pvpz7\",\"readOnly\":true,\"mountPath\":\"/var/run/secrets/kubernetes.io/serviceaccount\"}],\"terminationMessagePath\":\"/dev/termination-log\",\"terminationMessagePolicy\":\"File\",\"imagePullPolicy\":\"IfNotPresent\"}],\"restartPolicy\":\"Always\",\"terminationGracePeriodSeconds\":30,\"dnsPolicy\":\"ClusterFirst\",\"serviceAccountName\":\"default\",\"serviceAccount\":\"default\",\"securityContext\":{},\"schedulerName\":\"default-scheduler\",\"tolerations\":[{\"key\":\"node.kubernetes.io/not-ready\",\"operator\":\"Exists\",\"effect\":\"NoExecute\",\"tolerationSeconds\":300},{\"key\":\"node.kubernetes.io/unreachable\",\"operator\":\"Exists\",\"effect\":\"NoExecute\",\"tolerationSeconds\":300},{\"key\":\"dedicated\",\"operator\":\"Equal\",\"value\":\"tenantA\",\"effect\":\"NoSchedule\"}],\"priority\":0,\"enableServiceLinks\":true,\"preemptionPolicy\":\"PreemptLowerPriority\"},\"status\":{\"phase\":\"Pending\",\"qosClass\":\"BestEffort\"}},\"oldObject\":null,\"dryRun\":false,\"options\":{\"kind\":\"CreateOptions\",\"apiVersion\":\"meta.k8s.io/v1\"}}" policy_name="unknown"}:policy validation: policy_evaluator::policy_tracing: entry=PolicyLogEntry { level: Info, message: "structured log", data: {"enabled": Bool(true), "number": Number(42), "string_val": String("string"), "logger_key1": String("logger_value1")}, extra_fields: {"line": Number(32), "column": Number(5), "file": String("src/lib.rs")} }
	Jun 27 15:06:21.457 INFO validate{self=PolicyEvaluator { settings: Some({"allowed_capabilities": Array([String("CHOWN")])}) } request="{\"uid\":\"1299d386-525b-4032-98ae-1949f69f9cfc\",\"kind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"resource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"requestKind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"requestResource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"name\":\"nginx\",\"namespace\":\"default\",\"operation\":\"CREATE\",\"userInfo\":{\"username\":\"kubernetes-admin\",\"groups\":[\"system:masters\",\"system:authenticated\"]},\"object\":{\"kind\":\"Pod\",\"apiVersion\":\"v1\",\"metadata\":{\"name\":\"nginx\",\"namespace\":\"default\",\"uid\":\"04dc7a5e-e1f1-4e34-8d65-2c9337a43e64\",\"creationTimestamp\":\"2020-11-12T15:18:36Z\",\"labels\":{\"env\":\"test\"},\"annotations\":{\"kubectl.kubernetes.io/last-applied-configuration\":\"{\\\"apiVersion\\\":\\\"v1\\\",\\\"kind\\\":\\\"Pod\\\",\\\"metadata\\\":{\\\"annotations\\\":{},\\\"labels\\\":{\\\"env\\\":\\\"test\\\"},\\\"name\\\":\\\"nginx\\\",\\\"namespace\\\":\\\"default\\\"},\\\"spec\\\":{\\\"containers\\\":[{\\\"image\\\":\\\"nginx\\\",\\\"imagePullPolicy\\\":\\\"IfNotPresent\\\",\\\"name\\\":\\\"nginx\\\"}],\\\"tolerations\\\":[{\\\"effect\\\":\\\"NoSchedule\\\",\\\"key\\\":\\\"example-key\\\",\\\"operator\\\":\\\"Exists\\\"}]}}\\n\"},\"managedFields\":[{\"manager\":\"kubectl\",\"operation\":\"Update\",\"apiVersion\":\"v1\",\"time\":\"2020-11-12T15:18:36Z\",\"fieldsType\":\"FieldsV1\",\"fieldsV1\":{\"f:metadata\":{\"f:annotations\":{\".\":{},\"f:kubectl.kubernetes.io/last-applied-configuration\":{}},\"f:labels\":{\".\":{},\"f:env\":{}}},\"f:spec\":{\"f:containers\":{\"k:{\\\"name\\\":\\\"nginx\\\"}\":{\".\":{},\"f:image\":{},\"f:imagePullPolicy\":{},\"f:name\":{},\"f:resources\":{},\"f:terminationMessagePath\":{},\"f:terminationMessagePolicy\":{}}},\"f:dnsPolicy\":{},\"f:enableServiceLinks\":{},\"f:restartPolicy\":{},\"f:schedulerName\":{},\"f:securityContext\":{},\"f:terminationGracePeriodSeconds\":{},\"f:tolerations\":{}}}}]},\"spec\":{\"volumes\":[{\"name\":\"default-token-pvpz7\",\"secret\":{\"secretName\":\"default-token-pvpz7\"}}],\"containers\":[{\"name\":\"nginx\",\"image\":\"nginx\",\"resources\":{},\"securityContext\":{\"capabilities\":{\"add\":[\"NET_ADMIN\",\"SYS_TIME\"],\"drop\":[\"SYS_PTRACE\"]}},\"volumeMounts\":[{\"name\":\"default-token-pvpz7\",\"readOnly\":true,\"mountPath\":\"/var/run/secrets/kubernetes.io/serviceaccount\"}],\"terminationMessagePath\":\"/dev/termination-log\",\"terminationMessagePolicy\":\"File\",\"imagePullPolicy\":\"IfNotPresent\"}],\"restartPolicy\":\"Always\",\"terminationGracePeriodSeconds\":30,\"dnsPolicy\":\"ClusterFirst\",\"serviceAccountName\":\"default\",\"serviceAccount\":\"default\",\"securityContext\":{},\"schedulerName\":\"default-scheduler\",\"tolerations\":[{\"key\":\"node.kubernetes.io/not-ready\",\"operator\":\"Exists\",\"effect\":\"NoExecute\",\"tolerationSeconds\":300},{\"key\":\"node.kubernetes.io/unreachable\",\"operator\":\"Exists\",\"effect\":\"NoExecute\",\"tolerationSeconds\":300},{\"key\":\"dedicated\",\"operator\":\"Equal\",\"value\":\"tenantA\",\"effect\":\"NoSchedule\"}],\"priority\":0,\"enableServiceLinks\":true,\"preemptionPolicy\":\"PreemptLowerPriority\"},\"status\":{\"phase\":\"Pending\",\"qosClass\":\"BestEffort\"}},\"oldObject\":null,\"dryRun\":false,\"options\":{\"kind\":\"CreateOptions\",\"apiVersion\":\"meta.k8s.io/v1\"}}" policy_name="unknown"}:policy validation: policy_evaluator::policy_tracing: entry=PolicyLogEntry { level: Info, message: "inner structured message", data: {"hello": String("world"), "logger_key1": String("logger_value1")}, extra_fields: {"line": Number(15), "column": Number(5), "file": String("src/validate.rs")} }
	{"uid":"1299d386-525b-4032-98ae-1949f69f9cfc","allowed":false,"status":{"message":"PSP capabilities policies doesn't allow these capabilities to be added: {\"NET_ADMIN\", \"SYS_TIME\"}"}}