Feature Overview (aka. Goal Summary)  

MicroShift currently uses a hard coded audit log policy. It should be configurable to customer needs, like it is with OpenShift

Goals (aka. expected user outcomes)

Provide a microshift config variable to specific the audit log policy profile like OPenShift has (https://docs.openshift.com/container-platform/4.13/security/audit-log-policy-config.html#about-audit-log-profiles_audit-log-policy-config). 

additionally items that must be configurable:

• audit log file storage location path, so logs can be plased on a dedicated/special volume
• audit log file max file size and retention policy (e.g. 10 files of 10G each) before they rotate
• audit log disk full action: what happens when the audit log space is full. possible values: "ignore" (->just log error events), "rotate" (try to make room by rotating/deleting older files), "terminate" (stop microshift API server).

Out of ScopeCustom rules like OpenShift supports do not make sense, as MicroShift is single user and has no user group concept.

Background

Different customer have different audit log requirements and need to be able to adjust accordingy.

Documentation Considerations

Config Item has to be document. The different audit log policies and their description can be re-used from above quoted OpenShift docs.

Interoperability Considerations

None