Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extend action field in AuthorizationPolicy for audit #25591

Closed
davidraskin opened this issue Jul 16, 2020 · 1 comment · Fixed by #26439 or #28680
Closed

Extend action field in AuthorizationPolicy for audit #25591

davidraskin opened this issue Jul 16, 2020 · 1 comment · Fixed by #26439 or #28680
Assignees
@xulingqing
Labels
area/extensions and telemetry kind/enhancement
Projects
Prioritization
Milestone
1.8

Comments

@davidraskin
Copy link
Contributor

We propose to extend the "action" field in AuthorizationPolicy to support use cases like "audit" , in which case, the matching condition in AuthorizationPolicy can be used to determine when an audit log is generated. It will set a new boolean attribute e.g. 'istio.audit', which can be read by telemetry plugins to determine whether to log based on its value.

[ ] Configuration Infrastructure
[ ] Docs
[ ] Installation
[ ] Networking
[ ] Performance and Scalability
[ X] Policies and Telemetry
[ X] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure

cc @louiscryan @smawson @liminw @mandarjog
@davidraskin davidraskin mentioned this issue Jul 22, 2020
Merged
@douglas-reid douglas-reid added this to the 1.8 milestone Aug 4, 2020
@brian-avery brian-avery mentioned this issue Aug 25, 2020
Merged
@xulingqing xulingqing linked a pull request Oct 29, 2020 that will close this issue
Implementation for 'Audit' action in Authorization Policy #26439
Merged
@brian-avery
Copy link
Member

@xulingqing Can this be closed? Based on the last comment here, I believe yes. Thanks.

@xulingqing xulingqing linked a pull request Nov 11, 2020 that will close this issue
audit policy integration test with fake stackdriver #28680
Merged
@xulingqing xulingqing self-assigned this Nov 11, 2020
Prioritization automation moved this from P2 to Done Nov 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xulingqing xulingqing

Labels
area/extensions and telemetry kind/enhancement
Projects
Prioritization
Done
Milestone
1.8
7 participants
@howardjohn @esnible @brian-avery @douglas-reid @xulingqing @istio-policy-bot @davidraskin