Details
-
Bug
-
Resolution: Done
-
Undefined
-
4.11
-
No
-
2
-
OSDOCS Sprint 241
-
1
-
Rejected
-
False
-
-
N/A
-
Release Note Not Required
Description
Description of problem:
In 4.11, login events are logged in audit logs. User wants to set global audit profile as None and create customrule for groups to capture login attempts. By setting global audit profile as None, logs are getting captured for other groups but login events are not getting captured [1]https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html#ocp-4-11-security-oauth-server-audit-log [2]https://docs.openshift.com/container-platform/4.11/security/audit-log-policy-config.html#about-audit-log-profiles_audit-log-policy-config
Version-Release number of selected component (if applicable):
4.11
How reproducible:
Steps to Reproduce:
1. Edit APIServer resource: ~~~ $ oc edit apiserver cluster ~~~ 2. Add the spec.audit.customRules field and update spec.audit.profile ~~~ apiVersion: config.openshift.io/v1 kind: APIServer metadata: ... spec: customRules: - group: system:authenticated:oauth profile: Default - group: system:authenticated profile: Default - group: system:unauthenticated profile: Default profile: None ~~~ 3. Try login to cluster with AD user or kubeadmin user 4. Check audit log if logs are captured ~~~ $ oc adm node-logs --role=master --path=oauth-server/audit.log ~~~
Actual results:
No logs captured with None profile
Expected results:
Login events should be captured with customRule having global profile None
Additional info: