Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-4029

Support STS Cloudwatch authentication for logging in Managed Clusters

    XMLWordPrintable

Details

    • False
    • None
    • False
    • NEW
    • NEW

    Description

      Story

      As an administrator of cluster log forwarding for multi-admin clusters,
      I need to use a separate STS Role and Token for authenticating each of the cluster-wide logging configs, so that each instance can authenticate independently

      Acceptance Criteria

      • multiple, isolated, ClusterLogForwarder instances can authenticate with Cloudwatch using STS roles
      • Logs are written to CW based on the specific role_arn

      Notes

      • Will require each logging instance to have access to a unique webIdentityToken, specified for each aws profile or logging configuration
      • for the splunk-audit-exporter
        • we implemented a session timer to handle the specifics of expired token rotation
        • read/write mutex to allow multiple goroutines to read logs while ensuring only one at a time can write to CW
      • Based off epic for multiple-forwarders - ref: https://issues.redhat.com/browse/LOG-1343

      Attachments

        Issue Links

          is related to

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OBSDA-344 Audit log forwarding produces excessive data, configuration for prefiltering is needed

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              Unassigned Unassigned
              cahartma@redhat.com Casey Hartman
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: