Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-5467

[release-5.8] Got 'invalid configuration: provided not secure URL along with TLS configuration' when forwarding to cloudwatch and specifying `tls.securityProfile` in the output.

XMLWordPrintable

    • False
    • None
    • False
    • NEW
    • NEW
    • Hide
      Before this update, validation feature for output config with TLS required URL, even for services like Amazon CloudWatch or Google Cloud Logging where URL is not required by design. With this update, validation logic was improved for services, where URLs might not be needed, also refined the error message to make it more informative.
      Show
      Before this update, validation feature for output config with TLS required URL, even for services like Amazon CloudWatch or Google Cloud Logging where URL is not required by design. With this update, validation logic was improved for services, where URLs might not be needed, also refined the error message to make it more informative.
    • Bug Fix
    • Log Collection - Sprint 253
    • Moderate

      Description of problem:

      CLF raises 'invalid configuration: provided not secure URL along with TLS configuration' when forwarding to CloudWatch and specifying `tls.securityProfile` in the output. 

      apiVersion: logging.openshift.io/v1
      kind: ClusterLogForwarder
      metadata:
        creationTimestamp: "2024-03-28T02:13:35Z"
        generation: 2
        name: clf-61600
        namespace: e2e-test-vector-cloudwatch-msgnl
        resourceVersion: "86862"
        uid: b6d1488a-7c88-4220-af40-ab71b1acfbc9
      spec:
        outputs:
        - cloudwatch:
            groupBy: logType
            groupPrefix: logging-61600-qitang-qwwb6
            region: us-east-2
          name: cw
          secret:
            name: cw-secret-65xoz2f0
          tls:
            securityProfile:
              type: Intermediate
          type: cloudwatch
        pipelines:
        - detectMultilineErrors: false
          inputRefs:
          - infrastructure
          - audit
          - application
          name: to-cloudwatch
          outputRefs:
          - cw
        serviceAccountName: test-clf-ysakh0zg
      status:
        conditions:
        - lastTransitionTime: "2024-03-28T02:14:29Z"
          reason: ValidationFailure
          status: "False"
          type: Ready
        - lastTransitionTime: "2024-03-28T02:15:23Z"
          message: clusterlogforwarder is not ready
          reason: ValidationFailure
          status: "True"
          type: Validation
        outputs:
          cw:
          - lastTransitionTime: "2024-03-28T02:14:29Z"
            message: 'invalid configuration: provided not secure URL along with TLS configuration'
            reason: Invalid
            status: "False"
            type: Ready
        pipelines:
          to-cloudwatch:
          - lastTransitionTime: "2024-03-28T02:14:29Z"
            message: 'invalid: unrecognized outputs: [cw], no valid outputs'
            reason: ValidationFailure
            status: "True"
            type: Validation 

      Version-Release number of selected component (if applicable):

      cluster-logging.v5.8.6

      cluster-logging.v5.9.0

      How reproducible:

      Always

      Steps to Reproduce:

      1. Create CLF with above yaml file
      2. Then check status in the CLF

      Actual results:

      CLF raises error.

      Expected results:

      No error in CLF.

      Additional info:

      No issue in 5.8.2.

              vparfono Vitalii Parfonov
              qitang@redhat.com Qiaoling Tang
              Qiaoling Tang Qiaoling Tang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: