OSDOCS-16155: OCPSTRAT-2482 Advanced Audit Logging Framework GA#107094
OSDOCS-16155: OCPSTRAT-2482 Advanced Audit Logging Framework GA#107094stevsmit wants to merge 1 commit intoopenshift:mainfrom
Conversation
stevsmit
added
the
do-not-merge
|
@stevsmit: This pull request references OSDOCS-16155 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the epic to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci-robot
added
the
jira/valid-reference
openshift-ci
bot
added
the
size/XL
|
🤖 Mon Feb 23 19:56:29 - Prow CI generated the docs preview: https://107094--ocpdocs-pr.netlify.app/openshift-enterprise/latest/security/security_profiles_operator/spo-logging.html |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.TaskContents: The '.Procedure' block title is missing.
| # grep "testfile" /tmp/logs/audit1.log | jq . | ||
| ---- | ||
|
|
||
| == Audit JSON Enricher Output |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.TaskSection: Sections are not allowed in DITA tasks.
| oc adm node-logs --role=master --path=kube-apiserver/audit.log | grep "<request_UID>" | ||
| ---- | ||
|
|
||
| == Kubernetes API audit log output |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.TaskSection: Sections are not allowed in DITA tasks.
| } | ||
| ---- | ||
|
|
||
| == Correlation key |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.TaskSection: Sections are not allowed in DITA tasks.
| This correlation enables administrators to establish a complete audit trail: who executed a command (from Kubernetes API audit log: `kube:admin` from IP `xxx.xxx.xxx.xxx`) and what the command did at the system level (from SPO JSON Enricher log: `touch /tmp/testfile.txt`). | ||
|
|
||
|
|
||
| == Correlating with API Server Audit Log |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.TaskSection: Sections are not allowed in DITA tasks.
| @@ -0,0 +1,81 @@ | |||
| :_mod-docs-content-type: ASSEMBLY | |||
| [id="spo-logging-debugging_"] | |||
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.IdHasContextVariable: ID is missing the '_{context}' variable at the end of the ID.
| :_mod-docs-content-type: ASSEMBLY | ||
| [id="spo-logging-debugging_"] | ||
| = Auditing node debugging sessions | ||
| include::_attributes/common-attributes.adoc[] |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.NoNestingInModules: You can only nest snippets or GitHub raw user content in modules.
| @@ -0,0 +1,56 @@ | |||
| :_mod-docs-content-type: ASSEMBLY | |||
| [id="spo-logging-disable_"] | |||
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.IdHasContextVariable: ID is missing the '_{context}' variable at the end of the ID.
| :_mod-docs-content-type: ASSEMBLY | ||
| [id="spo-logging-disable_"] | ||
| = Disabling Advanced Audit Logging | ||
| include::_attributes/common-attributes.adoc[] |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.NoNestingInModules: You can only nest snippets or GitHub raw user content in modules.
| [role="_abstract"] | ||
| To disable audit logging and revert all configurations: | ||
|
|
||
| .Procedure |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.BlockTitle: Block titles can only be assigned to examples, figures, and tables in DITA.
| @@ -0,0 +1,308 @@ | |||
| :_mod-docs-content-type: ASSEMBLY | |||
| [id="spo-logging-enabling_"] | |||
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.IdHasContextVariable: ID is missing the '_{context}' variable at the end of the ID.
| :_mod-docs-content-type: ASSEMBLY | ||
| [id="spo-logging-enabling_"] | ||
| = Enabling Advanced Audit Logging | ||
| include::_attributes/common-attributes.adoc[] |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.NoNestingInModules: You can only nest snippets or GitHub raw user content in modules.
| @@ -0,0 +1,91 @@ | |||
| :_mod-docs-content-type: ASSEMBLY | |||
| [id="spo-logging-enricher_"] | |||
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.IdHasContextVariable: ID is missing the '_{context}' variable at the end of the ID.
| :_mod-docs-content-type: ASSEMBLY | ||
| [id="spo-logging-enricher_"] | ||
| = The Audit JSON log enricher | ||
| include::_attributes/common-attributes.adoc[] |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.NoNestingInModules: You can only nest snippets or GitHub raw user content in modules.
|
@stevsmit: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
5 participants
Version(s):
Issue:
Link to docs preview:
QE review:
Additional information: