-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
api: wrap the audit logger extension with an is_optional bool #26415
Conversation
Signed-off-by: Luwei Ge <lwge@google.com>
CC @envoyproxy/api-shepherds: Your approval is needed for changes made to |
/lgtm api |
Signed-off-by: Luwei Ge <lwge@google.com>
Per offline discussion, the logger config should be completely optional so that there is no operation when audit condition is present but no logger config is given. |
/lgtm api |
ci need to be fixed. |
cc @markdroth seems that there are lots of |
/wait |
I am not sure why it was complaining |
You can add a |
I thought about something like that, but I wasn't sure if I wanted to take on that invasive of a change. :) But I agree that it would be a more general-purpose solution. I'm curious as to what other @envoyproxy/api-shepherds think of this idea. |
/retest |
Retrying Azure Pipelines: |
If we add such field to the Please let me know if this PR should wait on that. Thanks! |
@mattklein123 Since you were the reviewer of #26001, would you mind taking a look at this as well? Thank you! |
update to main commit 68d4315167352ffac71f149a43b8088397d3f33d This is to include the latest RBAC related change (envoyproxy/envoy#26415) for audit logging. I intentionally did not run steps in https://github.com/grpc/grpc/tree/master/third_party#updating-third_partyenvoy-api because I saw some earlier changes also didn't do that and this envoy-api change isn't going to be needed in Python any time soon.
…roxy#26415) Signed-off-by: Luwei Ge <lwge@google.com> Signed-off-by: River Phillips <riverphillips1@gmail.com>
update to main commit 68d4315167352ffac71f149a43b8088397d3f33d This is to include the latest RBAC related change (envoyproxy/envoy#26415) for audit logging. I intentionally did not run steps in https://github.com/grpc/grpc/tree/master/third_party#updating-third_partyenvoy-api because I saw some earlier changes also didn't do that and this envoy-api change isn't going to be needed in Python any time soon.
update to main commit 68d4315167352ffac71f149a43b8088397d3f33d This is to include the latest RBAC related change (envoyproxy/envoy#26415) for audit logging. I intentionally did not run steps in https://github.com/grpc/grpc/tree/master/third_party#updating-third_partyenvoy-api because I saw some earlier changes also didn't do that and this envoy-api change isn't going to be needed in Python any time soon.
Commit Message: Make the audit logger config optional
Risk Level: low
Docs Changes: N/A
Release Notes: N/A
API Considerations:
We decided to make individual audit logger configurations optional such that if the data plane is not updated to support a new type of logger, we can configure it to not NACK the RBAC filter entirely.
It's technically a breaking change to #26001 but that one was merged less than 10 days ago so implementation exists for the API and nobody should be using it right now.