Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 1949721: UPSTREAM: 99237: Use the audit ID of a request for better correlation #672

Merged
merged 2 commits into from Apr 15, 2021
Merged

Bug 1949721: UPSTREAM: 99237: Use the audit ID of a request for better correlation #672

merged 2 commits into from Apr 15, 2021

Conversation

tkashem
Copy link

@tkashem tkashem commented Apr 14, 2021

What type of PR is this?

/kind bug

What this PR does / why we need it:

Use the audit ID of a request for better correlation:

  • If an audit ID is not provided by the caller, generate one when we receive the request. This audit ID will be used to audit the request.
  • When we forward the request to the aggregated server, set the audit ID in the new request header. This allows audit logs from aggregated apiservers to be correlated with the kube-apiserver
  • Use the audit ID in the current tracer we have
  • Use the audit ID in httplog
  • When a request panics, log an error with the audit ID.

Which issue(s) this PR fixes:

Special notes for your reviewer:

Does this PR introduce a user-facing change?

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@tkashem
UPSTREAM: 99868: use request received timestamp in httplog
6870b1a
@tkashem
UPSTREAM: 99237: Use the audit ID of a request for better correlation
2a98018 
apiserver: manage audit ID associated with a request
Manage the audit ID early in the request handling logic so that it can
be used by different layers to improve correlation.
- If the caller does not specify a value for Audit-ID in the request
  header, we generate a new audit ID
- If a user specified Audit-ID is too large, we truncate it
- We echo the Audit-ID value to the caller via the response
  Header 'Audit-ID'

apiserver: improve correlation by using the audit ID
- when we forward the request to the aggregated server, set the audit
  ID in the new request header. This allows audit logs from aggregated
  apiservers to be correlated with the kube-apiserver.
- use the audit ID in the current tracer
- use the audit ID in httplog
- when a request panics, log an error with the audit ID.
@openshift-ci-robot openshift-ci-robot added kind/bug Categorizes issue or PR as related to a bug. backports/validated-commits Indicates that all commits come to merged upstream PRs. labels Apr 14, 2021
@openshift-ci-robot
Copy link

@tkashem: the contents of this pull request could be automatically validated.

The following commits are valid:

@openshift-ci-robot openshift-ci-robot added the vendor-update Touching vendor dir or related files label Apr 14, 2021
@tkashem tkashem changed the title UPSTREAM: 99237: Use the audit ID of a request for better correlation Bug 1949721: UPSTREAM: 99237: Use the audit ID of a request for better correlation Apr 14, 2021
@openshift-ci-robot openshift-ci-robot added bugzilla/severity-high Referenced Bugzilla bug's severity is high for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels Apr 14, 2021
@openshift-ci-robot
Copy link

@tkashem: This pull request references Bugzilla bug 1949721, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.8.0) matches configured target release for branch (4.8.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @wangke19

In response to this:

Bug 1949721: UPSTREAM: 99237: Use the audit ID of a request for better correlation

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tkashem
Copy link
Author

tkashem commented Apr 15, 2021

/retest

@sttts
Copy link

sttts commented Apr 15, 2021

/lgtm
/approve
/retest

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Apr 15, 2021
@openshift-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sttts, tkashem

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 15, 2021
@openshift-bot
Copy link

/retest

Please review the full test history for this PR and help us cut down flakes.

7 similar comments
@openshift-bot
Copy link

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest

Please review the full test history for this PR and help us cut down flakes.

@tkashem
Copy link
Author

tkashem commented Apr 15, 2021

/retest

@openshift-bot
Copy link

/retest

Please review the full test history for this PR and help us cut down flakes.

1 similar comment
@openshift-bot
Copy link

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest

Please review the full test history for this PR and help us cut down flakes.

2 similar comments
@openshift-bot
Copy link

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-ci
Copy link

openshift-ci bot commented Apr 15, 2021
edited

@tkashem: The following test failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
ci/prow/e2e-aws-csi 2a98018 link /test e2e-aws-csi

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-merge-robot openshift-merge-robot merged commit dc9f723 into openshift:master Apr 15, 2021
@openshift-ci-robot
Copy link

@tkashem: All pull requests linked via external trackers have merged:

Bugzilla bug 1949721 has been moved to the MODIFIED state.

In response to this:

Bug 1949721: UPSTREAM: 99237: Use the audit ID of a request for better correlation

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marun marun Awaiting requested review from marun

@sttts sttts Awaiting requested review from sttts

@wangke19 wangke19 Awaiting requested review from wangke19

Assignees

@sttts sttts

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. backports/validated-commits Indicates that all commits come to merged upstream PRs. bugzilla/severity-high Referenced Bugzilla bug's severity is high for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. vendor-update Touching vendor dir or related files
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@tkashem @openshift-ci-robot @sttts @openshift-bot @openshift-merge-robot