Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-4962

Outputs with no secrets incorrectly define bearer token auth

XMLWordPrintable

    • False
    • None
    • False
    • NEW
    • NEW
    • Before this change the operator would generate collector config for outputs that did not specify a secret to utilize the serviceaccount bearer token. This change fixes that by allowing an output to not need any authentication
    • Bug Fix
    • Log Collection - Sprint 248

      Description of problem:

      Outputs defined with no secret will set the bearer token auth for the default SA even though this logic only should apply to "defaultLoki" using the legacy serviceaccount in 'openshift-logging

      Version-Release number of selected component (if applicable):

      How reproducible:

        spec:
    outputs:
    - http:
        method: POST
      name: http-audit
      tls:
        insecureSkipVerify: false
      type: http
      url: https://http-receiver-myhttp.apps.jcantril-almost.devcluster.openshift.com

      produces:

      [sinks.http_audit]
type = "http"
inputs = ["http_audit_dedot"]
uri = "https://http-receiver-myhttp.apps.jcantril-almost.devcluster.openshift.com"
method = "post"

[sinks.http_audit.encoding]
codec = "json"

[sinks.http_audit.buffer]
when_full = "drop_newest"

[sinks.http_audit.request]
retry_attempts = 17
timeout_secs = 10


# Bearer Auth Config
[sinks.http_audit.auth]
strategy = "bearer"
token = asfafaf

      Steps to Reproduce:

      3. ...

      Actual results:

      Expected results:

      Expectation is the config should have no auth block unless this is a default loki output

      Additional info:

              jcantril@redhat.com Jeffrey Cantrill
              jcantril@redhat.com Jeffrey Cantrill
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: