Details
-
Bug
-
Resolution: Done-Errata
-
Normal
-
Logging 5.8.z
-
False
-
None
-
False
-
NEW
-
NEW
-
Before this change the operator would generate collector config for outputs that did not specify a secret to utilize the serviceaccount bearer token. This change fixes that by allowing an output to not need any authentication
-
Bug Fix
-
Log Collection - Sprint 248
Description
Description of problem:
Outputs defined with no secret will set the bearer token auth for the default SA even though this logic only should apply to "defaultLoki" using the legacy serviceaccount in 'openshift-logging
Version-Release number of selected component (if applicable):
How reproducible:
spec:
outputs:
- http:
method: POST
name: http-audit
tls:
insecureSkipVerify: false
type: http
url: https://http-receiver-myhttp.apps.jcantril-almost.devcluster.openshift.com
produces:
[sinks.http_audit] type = "http" inputs = ["http_audit_dedot"] uri = "https://http-receiver-myhttp.apps.jcantril-almost.devcluster.openshift.com" method = "post" [sinks.http_audit.encoding] codec = "json" [sinks.http_audit.buffer] when_full = "drop_newest" [sinks.http_audit.request] retry_attempts = 17 timeout_secs = 10 # Bearer Auth Config [sinks.http_audit.auth] strategy = "bearer" token = asfafaf
Steps to Reproduce:
- ...
Actual results:
Expected results:
Expectation is the config should have no auth block unless this is a default loki output
