Tools for analyzing Kubernetes API coverage from E2E test audit logs.
Copy the two python scripts from https://github.com/kubernetes/test-infra/tree/master/experiment/audit to your local directory
The example below uses kubernetes/kubernetes#133132 which is a PR to add a new DRA test to conformance.
-
Download audit logs from GCS:
gsutil -m cp -R gs://kubernetes-ci-logs/pr-logs/pull/133132/pull-kubernetes-audit-kind-conformance/1960293546019786752/artifacts/audit/ . -
Parse audit logs:
python3 audit_log_parser.py --audit-logs audit/audit*.log --output audit/audit-endpoints.txt --audit-operations-json audit/audit-operations.jsonLoading ineligible endpoints from: https://raw.githubusercontent.com/kubernetes/kubernetes/master/test/conformance/testdata/ineligible_endpoints.yaml Loaded 99 ineligible endpoints Loading Swagger specification from: https://raw.githubusercontent.com/kubernetes/kubernetes/refs/heads/master/api/openapi-spec/swagger.json Using cached Swagger specification Extracting resource types from Swagger specification... Extracted 68 resource types from Swagger spec Building path to operation mapping... Loaded 1050 API operations from Swagger spec Found 203 deprecated operations Parsing 2 audit log file(s): [1/2] audit/audit-2025-08-26T12-04-42.943.log [2/2] audit/audit.log Processing file 1/2: audit/audit-2025-08-26T12-04-42.943.log Processed 10000 lines from audit/audit-2025-08-26T12-04-42.943.log... Processed 20000 lines from audit/audit-2025-08-26T12-04-42.943.log... Processed 30000 lines from audit/audit-2025-08-26T12-04-42.943.log... Processed 40000 lines from audit/audit-2025-08-26T12-04-42.943.log... Processed 50000 lines from audit/audit-2025-08-26T12-04-42.943.log... Processed 60000 lines from audit/audit-2025-08-26T12-04-42.943.log... Processed 70000 lines from audit/audit-2025-08-26T12-04-42.943.log... Processed 80000 lines from audit/audit-2025-08-26T12-04-42.943.log... Processed 90000 lines from audit/audit-2025-08-26T12-04-42.943.log... Processed 100000 lines from audit/audit-2025-08-26T12-04-42.943.log... Completed audit/audit-2025-08-26T12-04-42.943.log: 106851 entries processed Processing file 2/2: audit/audit.log Processed 10000 lines from audit/audit.log... Processed 20000 lines from audit/audit.log... Processed 30000 lines from audit/audit.log... Processed 40000 lines from audit/audit.log... Processed 50000 lines from audit/audit.log... Processed 60000 lines from audit/audit.log... Processed 70000 lines from audit/audit.log... Processed 80000 lines from audit/audit.log... Completed audit/audit.log: 89464 entries processed Parsing complete: Total log entries: 196315 Swagger-based matches: 87105 Fallback matches: 731 Unique endpoints found: 715 Total API calls: 87836 Skipped entries: 108479 Results written to: audit/audit-endpoints.txt Generated audit/audit-operations.json with 602 operations and 1739 sample audit entries -
Compare against CI baseline:
python3 kubernetes_api_analysis.py --pull-audit-endpoints audit/audit-endpoints.txt
Kubernetes API Operations Analysis ================================== Step 1: Extracting operationIds from swagger.json... Swagger URL: https://raw.githubusercontent.com/kubernetes/kubernetes/refs/heads/master/api/openapi-spec/swagger.json Output file: swagger_operations.txt Downloading swagger specification... Extracted 1062 operationIds to swagger_operations.txt No CI audit endpoints file specified, auto-discovering latest from GCS... Searching for latest CI audit run... Enumerating directories in gs://kubernetes-ci-logs/logs/ci-kubernetes-audit-kind-conformance... Found directory with finished.json: gs://kubernetes-ci-logs/logs/ci-kubernetes-audit-kind-conformance/1960318661684105216/ Found audit file at: gs://kubernetes-ci-logs/logs/ci-kubernetes-audit-kind-conformance/1960318661684105216/artifacts/audit/audit-endpoints.txt Downloaded to: ci-audit-kind-conformance-audit-endpoints.txt Step 2: Comparing audit endpoint files... CI File: ci-audit-kind-conformance-audit-endpoints.txt Pull File: audit/audit-endpoints.txt Extracting operations from audit files (filtering by swagger operations)... SUMMARY ======= Total Operations in Swagger: 1062 Operations in CI: 508 Operations in Pull: 517 Operations Added: 9 Operations Removed: 0 Net Change: +9 OPERATIONS ADDED IN PULL (NOT IN CI) ==================================== Count: 9 1. createResourceV1DeviceClass 2. createResourceV1NamespacedResourceClaim 3. createResourceV1NamespacedResourceClaimTemplate 4. createResourceV1ResourceSlice 5. deleteResourceV1DeviceClass 6. deleteResourceV1NamespacedResourceClaim 7. readResourceV1NamespacedResourceClaim 8. replaceResourceV1NamespacedResourceClaim 9. replaceResourceV1NamespacedResourceClaimStatus OPERATIONS REMOVED FROM PULL (IN CI BUT NOT PULL) ================================================= Count: 0 No operations removed. STABLE ENDPOINTS NOT FOUND IN PULL AUDIT LOG ============================================ Count: 29 These are stable, non-deprecated API endpoints defined in the Swagger spec but not exercised in the pull request audit log: 1. connectCoreV1PostNamespacedPodExec 2. connectCoreV1PostNamespacedPodPortforward 3. createStorageV1VolumeAttributesClass 4. deleteResourceV1CollectionDeviceClass 5. deleteResourceV1NamespacedResourceClaimTemplate 6. deleteResourceV1ResourceSlice 7. deleteStorageV1CollectionVolumeAttributesClass 8. deleteStorageV1VolumeAttributesClass 9. getResourceV1APIResources 10. listResourceV1ResourceClaimTemplateForAllNamespaces 11. listStorageV1VolumeAttributesClass 12. patchCoreV1NamespacedPodResize 13. patchResourceV1DeviceClass 14. patchResourceV1NamespacedResourceClaim 15. patchResourceV1NamespacedResourceClaimStatus 16. patchResourceV1NamespacedResourceClaimTemplate 17. patchResourceV1ResourceSlice 18. patchStorageV1VolumeAttributesClass 19. readCoreV1NamespacedPodResize 20. readResourceV1DeviceClass 21. readResourceV1NamespacedResourceClaimStatus 22. readResourceV1NamespacedResourceClaimTemplate 23. readResourceV1ResourceSlice 24. readStorageV1VolumeAttributesClass 25. replaceCoreV1NamespacedPodResize 26. replaceResourceV1DeviceClass 27. replaceResourceV1NamespacedResourceClaimTemplate 28. replaceResourceV1ResourceSlice 29. replaceStorageV1VolumeAttributesClass Analysis complete! Generated files: - swagger_operations.txt (swagger operations list)
audit/audit-endpoints.txt: Human-readable report (602 operations, 79K API calls)audit/audit-operations.json: JSON with up to 5 audit samples per operation
- Console output: Comparison showing added/removed operations vs CI baseline
swagger_operations.txt: Complete list of 1062 Swagger operations
Each operation flows through this pipeline:
swagger.json → audit_log_parser.py → audit-endpoints.txt → kubernetes_api_analysis.py
↓ ↓ ↓ ↓
POST /apis/ requestURI match Line 98: | 1 "OPERATIONS ADDED"
resource... → operationId (1 API call) (new in this PR)
Example: createResourceV1NamespacedResourceClaimTemplate
- Swagger:
POST /apis/resource.k8s.io/v1/namespaces/{namespace}/resourceclaimtemplates - Audit Log:
requestURI: "/apis/resource.k8s.io/v1/namespaces/dra-9508/resourceclaimtemplates" - Parser: Maps URI → operation ID via pattern matching
- Output: Shows as "ADDED" (found in PR, missing from CI baseline)