Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-5307

Got 'invalid configuration: provided not secure URL along with TLS configuration' when forwarding to cloudwatch and specifying `tls.securityProfile` in the output.

XMLWordPrintable

    • False
    • None
    • False
    • NEW
    • NEW
    • Hide
      Before this update, validation feature for output config with TLS required URL, even for services like Amazon CloudWatch or Google Cloud Logging where URL is not required by design. With this update, validation logic was improved for services, where URLs might not be needed, also refined the error message to make it more informative.
      Show
      Before this update, validation feature for output config with TLS required URL, even for services like Amazon CloudWatch or Google Cloud Logging where URL is not required by design. With this update, validation logic was improved for services, where URLs might not be needed, also refined the error message to make it more informative.
    • Bug Fix
    • Log Collection - Sprint 252, Log Collection - Sprint 253

      Description of problem:

      CLF raises 'invalid configuration: provided not secure URL along with TLS configuration' when forwarding to CloudWatch and specifying `tls.securityProfile` in the output. 

      apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  creationTimestamp: "2024-03-28T02:13:35Z"
  generation: 2
  name: clf-61600
  namespace: e2e-test-vector-cloudwatch-msgnl
  resourceVersion: "86862"
  uid: b6d1488a-7c88-4220-af40-ab71b1acfbc9
spec:
  outputs:
  - cloudwatch:
      groupBy: logType
      groupPrefix: logging-61600-qitang-qwwb6
      region: us-east-2
    name: cw
    secret:
      name: cw-secret-65xoz2f0
    tls:
      securityProfile:
        type: Intermediate
    type: cloudwatch
  pipelines:
  - detectMultilineErrors: false
    inputRefs:
    - infrastructure
    - audit
    - application
    name: to-cloudwatch
    outputRefs:
    - cw
  serviceAccountName: test-clf-ysakh0zg
status:
  conditions:
  - lastTransitionTime: "2024-03-28T02:14:29Z"
    reason: ValidationFailure
    status: "False"
    type: Ready
  - lastTransitionTime: "2024-03-28T02:15:23Z"
    message: clusterlogforwarder is not ready
    reason: ValidationFailure
    status: "True"
    type: Validation
  outputs:
    cw:
    - lastTransitionTime: "2024-03-28T02:14:29Z"
      message: 'invalid configuration: provided not secure URL along with TLS configuration'
      reason: Invalid
      status: "False"
      type: Ready
  pipelines:
    to-cloudwatch:
    - lastTransitionTime: "2024-03-28T02:14:29Z"
      message: 'invalid: unrecognized outputs: [cw], no valid outputs'
      reason: ValidationFailure
      status: "True"
      type: Validation

      Version-Release number of selected component (if applicable):

      cluster-logging.v5.8.6

      cluster-logging.v5.9.0

      How reproducible:

      Always

      Steps to Reproduce:

      1. Create CLF with above yaml file
      2. Then check status in the CLF

      Actual results:

      CLF raises error.

      Expected results:

      No error in CLF.

      Additional info:

      No issue in 5.8.2.

            vparfono Vitalii Parfonov
            qitang@redhat.com Qiaoling Tang
            Qiaoling Tang Qiaoling Tang
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: