-
Epic
-
Resolution: Unresolved
-
Normal
-
None
-
None
Goals
The goal of this effort is to enable the vector implementation of the log collector to utilize the STS (WIF) capabilities of the platform to authenticate and ship logs to Google Cloud Operations. This is similar to the capability that exists for writting longs to Cloudwatch on an AWS hosted cluster.
Non-Goals
Motivation
- The primary motivation is to allow customers to take advantage of rotating tokens which are provided by the hosting cluster to improve security and alleviate the need of admins to have to manually rotate credentials.
- There is a broader effort to simplify the customer experience using STS enabled clusters to allow operators to auto-discover this feature and to dynamically configure services with little to no intervention from administrators.
Alternatives
Acceptance Criteria
- Verify CLO can successfully forward logs to Google Cloud Operations using the short lived token provided by a WIF enabled GCP provider
Risk and Assumptions
Documentation Considerations
- Document the pre-reqs needed for a GCP WIF enabled platform to receive logs and provide authorization to the collector serviceaccount
- Document the support of using Google Cloud Logging with a WIF enabled GCP cluster
- Document this is only supported for deployments of vector as the log collection agent
Open Questions
Additional Notes
- is documented by
-
OBSDOCS-207 GCP WIF Authentication
- Backlog
- links to
1.
|
Docs Tracker | To Do | Unassigned | ||
2.
|
PX Tracker | To Do | Unassigned | ||
3.
|
QE Tracker | In Progress | Unassigned | ||
4.
|
TE Tracker | To Do | Unassigned |