XML

Word

Printable

Type: Story
Resolution: Done
Priority: Undefined
Fix Version/s: Logging 5.2
Affects Version/s: None
Component/s: Log Collection
Labels:
- rn-done-resolved

Story Points:
3
Blocked:
False
Ready:
False
Epic Link:
Enable Passphrase Authz
Docs QE Status:
NEW
QE Status:
NEW
Release Note Text:

Hide
With this update, if you use the Fluentd forward protocol to forward log data over a TLS-encrypted connection, you can now use a password-encrypted private key file and specify the passphrase in the Cluster Log Forwarder configuration. For more information, see xref:/logging/cluster-logging-external.html#cluster-logging-collector-log-forward-fluentd_cluster-logging-external[Forwarding logs using the Fluentd forward protocol]

Show
With this update, if you use the Fluentd forward protocol to forward log data over a TLS-encrypted connection, you can now use a password-encrypted private key file and specify the passphrase in the Cluster Log Forwarder configuration. For more information, see xref:/logging/cluster-logging-external.html#cluster-logging-collector-log-forward-fluentd_cluster-logging-external[Forwarding logs using the Fluentd forward protocol]
Market:

Sprint:
Logging (Core) - Sprint 204

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Story

As a user of cluster log forwardering to a "fluent forward" output,
I need to configure the passphrase for my TLS client private key
so auth is configured properly to allow communication to the destination

Acceptance Criteria

CLF with forward output sends records to "forward " service configured to use certs where the private key is protected with a pass phrase
The generated configuration uses the parameter "tls_client_private_key_passphrase" for the configured output
Documented secret key that is recognized by ClusterLogForwarder
Unit test verifying the new configuration

Notes

Possible secret key values: passphrase, privateKeyPassphrase, ?
This change only applies to forward outputs but we should consider its applications to others
There is another story that is intended to over haul authorization configuration

blocks

OBSDA-83 Adding tls_client_private_key_passphrase in fluent.conf in forward from logforward

Closed

is documented by

RHDEVDOCS-3158 Allow configuration of passphrase for fluent forward

Closed

links to

openshift/cluster-logging-operator#1103: LOG-1525: Allow use private key protected by the passphrase

Assignee:: Vitalii Parfonov

Reporter:: Jeffrey Cantrill

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2021/07/01 12:30 PM

Updated:: 2021/10/24 5:47 AM

Resolved:: 2021/07/20 8:27 AM

Details

Description

Story

Acceptance Criteria

Notes

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates