New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OSDOCS-2890: Updating for OAuth server audit logging #45799
Conversation
✅ Deploy Preview for osdocs ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
696b567
to
154cd6f
Compare
@ibihim I made a few updates per the feedback. Can you please re-review? Updated preview link is now here: http://file.rdu.redhat.com/~ahoffer/2022/OSDOCS-2890/security/audit-log-view.html#nodes-nodes-audit-log-basic-viewing_audit-log-view |
In "Gathering audit logs" section (not shown in this PR "Files changed"; happened to find it in your preview link)
/usr/bin/gather_audit_logs is not a "flag". It is a command, this can seen from oc adm must-gather -h:
|
Need we somewhere mention "authentication.openshift.io/decision" can be one of allow, deny, error? |
Thanks @xingxingxia - I'm actually not familiar with this file so I'll track it down and will update to use the correct phrasing. |
@xingxingxia I don't really see anywhere else where we really get into the possible values for fields of an audit event, outside of generically mentioning the fields in this table: http://file.rdu.redhat.com/~ahoffer/2022/OSDOCS-2890/security/audit-log-view.html#nodes-pods-audit-log-basic_audit-log-view. So I don't think so, but let me know if you feel strongly about it and we can look into it more. |
154cd6f
to
44335ec
Compare
@xingxingxia Updated per your feedback, can you please take another look? Thanks! |
AUTH-6 OEP https://github.com/openshift/enhancements/blob/master/enhancements/authentication/login-logout-events.md#proposal uses quite length to tell allow, deny or error. For AUTH-6, this is a feature point specific and non-trivial. So I prefer to mention allow, deny or error if we documen AUTH-6. |
44335ec
to
c79fdd6
Compare
@xingxingxia Sure thing then! I mentioned this in the part about viewing the audit logs. Can you take a look and let me know if this works? Thanks! |
LGTM, but the preview link https://deploy-preview-45799--osdocs.netlify.app/openshift-enterprise/latest/security/audit-log-view.html#nodes-nodes-audit-log-basic-viewing_audit-log-view page does not show "The possible values for the authentication.openshift.io/decision annotation are allow, deny, or error.", what is wrong? |
@xingxingxia Apologies - our automatic preview system has not been functioning for a month or two, so we've been having to upload manual previews instead. As long as you see the proper text on the latest preview link I shared (http://file.rdu.redhat.com/~ahoffer/2022/OSDOCS-2890/security/audit-log-view.html#nodes-nodes-audit-log-basic-viewing_audit-log-view), we should be good to go! |
Ah, thanks for the explanation! |
/cherrypick enterprise-4.11 |
@bergerhoffer: new pull request created: #47896 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Version(s):
4.11
Issue:
https://issues.redhat.com/browse/OSDOCS-2890
Link to docs preview:
Additional information: