Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-3577

GCP WIF Authentication

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Normal Normal
    • Logging 6.2.0
    • None
    • Log Collection
    • None
    • GCP WIF Authentication
    • False
    • None
    • False
    • Red
    • NEW
    • Administer, Deploy, Instructions
    • To Do
    • OBSDA-746 - Enable GCP WIF Authentication in Vector
    • Impediment
    • OBSDA-746Enable GCP WIF Authentication in Vector
    • NEW
    • 14% To Do, 14% In Progress, 71% Done
    • Enhancement

      Goals

      The goal of this effort is to enable the vector implementation of the log collector to utilize the STS (WIF) capabilities of the platform to authenticate and ship logs to Google Cloud Operations. This is similar to the capability that exists for writting longs to Cloudwatch on an AWS hosted cluster.

      Non-Goals

      Motivation

      • The primary motivation is to allow customers to take advantage of rotating tokens which are provided by the hosting cluster to improve security and alleviate the need of admins to have to manually rotate credentials.
      • There is a broader effort to simplify the customer experience using STS enabled clusters to allow operators to auto-discover this feature and to dynamically configure services with little to no intervention from administrators.

      Alternatives

      Acceptance Criteria

      • Verify CLO can successfully forward logs to Google Cloud Operations using the short lived token provided by a WIF enabled GCP provider

      Risk and Assumptions

      Documentation Considerations

      • Document the pre-reqs needed for a GCP WIF enabled platform to receive logs and provide authorization to the collector serviceaccount
      • Document the support of using Google Cloud Logging with a WIF enabled GCP cluster
      • Document this is only supported for deployments of vector as the log collection agent

      Open Questions

      Additional Notes

          1.
          Docs Tracker Sub-task To Do Undefined Unassigned
          2.
          PX Tracker Sub-task To Do Undefined Unassigned
          3.
          QE Tracker Sub-task In Progress Undefined Unassigned
          4.
          TE Tracker Sub-task To Do Undefined Unassigned

              cahartma@redhat.com Casey Hartman
              jcantril@redhat.com Jeffrey Cantrill
              Anping Li Anping Li
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: