Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-5607

Per-rule omitStages doesn't work as expected in kubeAPIAudit filter

XMLWordPrintable

    • False
    • None
    • False
    • NEW
    • NEW
    • Moderate

      Description of problem:

      • While looking at the CRD [0][1], [0] suggests that the combination of `.spec.filters[].kubeAPIAudit.omitStages` and `.spec.filters[].kubeAPIAudit.rules[].omitStages` should work:
      • That is, in a context where you are dropping both `.spec.filters[].kubeAPIAudit.omitStages: RequestReceived` and `.spec.filters[].kubeAPIAudit.rules[].omitStages: ResponseComplete` the audit filter will drop (for that specific rule) both `RequestReceived` and `ResponseComplete` stages

      Version-Release number of selected component (if applicable):

      OpenShift Logging 5.9.1

      How reproducible:

      Always

      Steps to Reproduce:

      This [2] doesn't work.
While [3] this does work.

      Actual results:

      Per-rule omitStages doesn't filter the content out

      Expected results:

      Per-rule omitStages to filter the stage out

       

      [0]

      $ curl -s https://raw.githubusercontent.com/openshift/cluster-logging-operator/release-5.9/config/crd/bases/logging.openshift.io_clusterlogforwarders.yaml | yq | jq '.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.filters.items.properties.kubeAPIAudit.properties.omitStages.description'
"OmitStages is a list of stages for which no events are created. Note that this can also be specified per rule in which case the union of both are omitted."

      [1]

      $ curl -s https://raw.githubusercontent.com/openshift/cluster-logging-operator/release-5.9/config/crd/bases/logging.openshift.io_clusterlogforwarders.yaml | yq | jq '.spec.versions[0].schema.openAPIV3Schema.properties.spec.properties.filters.items.properties.kubeAPIAudit.properties.rules.items.properties.omitStages.description'
"OmitStages is a list of stages for which no events are created. Note that this can also be specified policy wide in which case the union of both are omitted. An empty list means no restrictions will apply."

      [2]

      {
  "kubeAPIAudit": {
    "omitStages": [
      "RequestReceived" <<<=== 
    ],
    "rules": [
      [...]
      {
        "level": "None",
        "omitStages": [
          "ResponseComplete"    <<<===
        ],
        "resources": [
          {
            "group": "policy.open-cluster-management.io",
            "resources": [
              "configurationpolicies"
            ]
          }
        ],
  [...]
  },
  "name": "FILTER_NAME",
  "type": "kubeAPIAudit"
}

      [3]

      {
  "kubeAPIAudit": {
    "omitStages": [
      "RequestReceived" <<<===
    ],
    "rules": [
      [...]
      {
        "level": "None",
        "omitStages": [
          "RequestReceived",    <<<===
          "ResponseComplete"    <<<===
        ],
        "resources": [
          {
            "group": "policy.open-cluster-management.io",
            "resources": [
              "configurationpolicies"
            ]
          }
        ],
  [...]
  },
  "name": "FILTER_NAME",
  "type": "kubeAPIAudit"
}

       

              Unassigned Unassigned
              rhn-support-rsandu Robert Sandu
              Qiaoling Tang Qiaoling Tang
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: