-
Bug
-
Resolution: Done-Errata
-
Major
-
4.16
-
None
This is a clone of issue OCPBUGS-33060. The following is the description of the original issue:
—
Description of problem:
HCP has audit log configuration for Kube API server, OpenShift API server, OAuth API server (like OCP), but does not have audit for oauth-openshift (OAuth server). Discussed with Standa in https://redhat-internal.slack.com/archives/CS05TR7BK/p1714124297376299 , oauth-openshift needs audit too in HCP.
Version-Release number of selected component (if applicable):
4.11 ~ 4.16
How reproducible:
Always
Steps to Reproduce:
1. Launch HCP env. 2. Check audit log configuration: $ oc get deployment -n clusters-hypershift-ci-279389 kube-apiserver openshift-apiserver openshift-oauth-apiserver oauth-openshift -o yaml | grep -e '^ name:' -e 'audit\.log'
Actual results:
2. It outputs oauth-openshift (OAuth server) has no audit:
name: kube-apiserver
- /var/log/kube-apiserver/audit.log
name: openshift-apiserver
- /var/log/openshift-apiserver/audit.log
name: openshift-oauth-apiserver
- --audit-log-path=/var/log/openshift-oauth-apiserver/audit.log
- /var/log/openshift-oauth-apiserver/audit.log
name: oauth-openshift
Expected results:
2. oauth-openshift (OAuth server) needs to have audit too.
Additional info:
OCP has audit for OAuth server since 4.11 AUTH-6 https://docs.openshift.com/container-platform/4.11/security/audit-log-view.html saying "You can view the logs for the OpenShift API server, Kubernetes API server, OpenShift OAuth API server, and OpenShift OAuth server".
- blocks
-
-
- Closed
-
- clones
-
-
- Closed
-
- is blocked by
-
-
- Closed
-
- links to
-
RHBA-2024:4469
OpenShift Container Platform 4.16.z bug fix update