-
Notifications
You must be signed in to change notification settings - Fork 38.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't duplicate status in audit events #60108
Comments
/cc @crassirostris |
Could you go ahead and add "approved-for-milestone" label to this, as well as status? That will help it stay in the milestone if this is a 1.10 blocker. Thanks! |
Moving it to 1.11, together with graduating audit logging API to stable |
/sig auth |
[MILESTONENOTIFIER] Milestone Issue: Up-to-date for process Issue Labels
|
No one is working on this? |
@CaoShuFeng status check? This has maybe gone dormant. Is it still targeting 1.11? |
Yes. |
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. avoid duplicate status in audit events Fixes: #60108 **What this PR does / why we need it**: **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes # **Special notes for your reviewer**: /assign @sttts @tallclair **Release note**: ``` Action required: When Response is a metav1.Status, it is no longer copied into the audit.Event status. Only the "status", "reason" and "code" fields are set. ```
Fixes: kubernetes/kubernetes#60108 Kubernetes-commit: 4d20c38c337525f8105969a582ce421f52d09c8e
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. avoid duplicate status in audit events Fixes: kubernetes/kubernetes#60108 **What this PR does / why we need it**: **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes # **Special notes for your reviewer**: /assign @sttts @tallclair **Release note**: ``` Action required: When Response is a metav1.Status, it is no longer copied into the audit.Event status. Only the "status", "reason" and "code" fields are set. ``` Kubernetes-commit: d0f4a8fa17221f79babad9338955be38b8716e78
We copy the
ResponseObject
into theResponseStatus
field of audit events. This was done to capture the response status even when the response is omitted, but results in (potentially large) duplicate data being sent. In some examples, the status message is repeated in the status details, resulting in a long message being duplicated 4 times.I suggest that rather than copying the whole ResponseStatus, we selectively copy the bounded fields, specifically:
Note that this is a breaking change, and if there is agreement should be done before graduating audit to stable.
/kind bug
/sig auth
/priority important-soon
The text was updated successfully, but these errors were encountered: