Fix default auditing options. #60739
Conversation
tallclair
added
kind/bug
k8s-ci-robot
added
release-note-none
| // Don't validate the unused options. | ||
| return nil | ||
| } | ||
| config := options.BatchConfig |
There was a problem hiding this comment.
What will happen if --audit-log-batch-max-wait is set to zero?
There was a problem hiding this comment.
It will hotloop. Not great, but not exactly invalid. I'd prefer to leave it as-is here.
|
This change is |
| @@ -101,3 +101,7 @@ func (b *backend) processEvents(ev ...*auditinternal.Event) error { | |||
| return b.w.RestClient.Post().Body(&list).Do() | |||
| }).Error() | |||
| } | |||
|
|
|||
| func (b *backend) String() string { | |||
There was a problem hiding this comment.
This way just supports calling fmt.Sprintf("%s", ...), and resolves to something if String isn't set. I opted not to add it to the backend interface. But I don't have a strong preference, it's sort of a hack to get the test working.
I am OK with it, if the new behavior is well documented. |
|
Re: default to batch - I think we should merge this (revert defaults), and then follow up with a separate PR to change just the log default (maybe wait for 1.11). I could add a release note or help text stating that the default will change in the future. |
| func (u union) String() string { | ||
| var backendStrings []string | ||
| for _, backend := range u.backends { | ||
| backendStrings = append(backendStrings, fmt.Sprintf("%s", backend)) |
There was a problem hiding this comment.
nit: why not backend.String() instead of printf("%s", ...) ?
There was a problem hiding this comment.
The backend interface doesn't have string. I could add String() (or just Name()) to the interface, or try to cast to fmt.Stringer here, but I thought the Sprintf was simpler. I don't have any real preference though...
There was a problem hiding this comment.
I'd actually prefer to have a dedicated method in the interface. Otherwise you have to have implicit knowledge that stringifying a backend should give a short name of the backend, not e.g. full struct
| if err := validateBackendBatchConfig(pluginwebhook.PluginName, o.LogOptions.BatchOptions.BatchConfig); err != nil { | ||
| allErrors = append(allErrors, err) | ||
| if o.WebhookOptions.enabled() { | ||
| if err := validateBackendBatchOptions(pluginwebhook.PluginName, o.WebhookOptions.BatchOptions); err != nil { |
There was a problem hiding this comment.
the pattern we have everywhere else is to pass o.WebhookOptions to the validate func and check for nil (and ConfigFile) locally. This style complicates the code by making complexity non-local.
| if o.LogOptions.MaxSize < 0 { | ||
| allErrors = append(allErrors, fmt.Errorf("--audit-log-maxsize %v can't be a negative number", o.LogOptions.MaxSize)) | ||
| // Check validities of MaxAge, MaxBackups and MaxSize of log options, if file log backend is enabled. | ||
| if o.LogOptions.enabled() { |
There was a problem hiding this comment.
the whole block belongs into validateLogOptions
|
As I've mentioned in #60719 (comment) I think this PR should be merged before the freeze, the default parameters for the log backend should change. I don't think it's possible currently to limit the number of goroutines running at the same time in the batching backend, so our option would be either to set the low flush timeout or low max batch size. The former is better, since the chance to have events ordered is higher and it allows to avoid write contention. |
|
/unassign |
|
Discussed with @crassirostris, I think we should try and get this into 1.10. I'll address the comments in the next hour. |
|
[MILESTONENOTIFIER] Milestone Pull Request: Up-to-date for process @crassirostris @sttts @tallclair Pull Request Labels
|
|
Addressed feedback. I think the only unresolved issue is whether I should just add a "Name()" method to the backend interface. |
|
| @@ -116,15 +116,15 @@ func NewAuditOptions() *AuditOptions { | |||
| WebhookOptions: AuditWebhookOptions{ | |||
| BatchOptions: AuditBatchOptions{ | |||
| Mode: ModeBatch, | |||
| BatchConfig: defaultLogBatchConfig, | |||
| BatchConfig: pluginbuffered.NewDefaultBatchConfig(), | |||
There was a problem hiding this comment.
@crassirostris please confirm that these settings are what we want.
There was a problem hiding this comment.
Yes, though it's preferrable to merge this PR after #60926, to avoid showing regressions in the scale tests
|
Looks good structurally. Please squash. @crassirostris ptal at the default config: #60739 (comment) |
- Log backend defaults to blocking mode (backwards compatability) - Fix webhook validation - Add options test
|
/approve Leaving final lgtm to @crassirostris |
k8s-ci-robot
added
the
approved
|
@tallclair Please unhold when #60926 is merged to avoid breaking scale tests /lgtm |
k8s-ci-robot
added
do-not-merge/hold
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Make log audit backend configurable in GCE This PR will allow to enable audit logging batching by default in e2e tests, after #60739 is merged. This is an important step to prevent a regression in scale tests. /cc @tallclair @sttts /assign @roberthbailey Robert, please approve ```release-note NONE ```
|
@tallclair PTAL at test output |
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: crassirostris, sttts, tallclair The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
#60926 is merged. @crassirostris can you remove your hold? |
crassirostris
removed
the
do-not-merge/hold
|
@ericchiang Thanks for pointing this out, done |
|
Automatic merge from submit-queue (batch tested with PRs 60737, 60739, 61080, 60968, 60951). If you want to cherry-pick this change to another branch, please follow the instructions here. |
Which issue(s) this PR fixes:
Fixes #60719
Special notes for your reviewer:
This PR is an alternative fix to #60727. If the rollback goes in first, I'll rebase this on a roll-forward.
Release note:
-->