1. Proposed title of this feature request.
OpenShift Custom Audit Profile

2. What is the nature and description of the request?
Looking for custom audit policy other than 4 predefined audit policies(Default, WriteRequestBodies, AllRequestBodies and None) in OpenShift for OpenShift API server, Kubernetes API server, OpenShift OAuth API server, and OpenShift OAuth server. Similar to audit policy as outlined in https://kubernetes.io/docs/tasks/debug/debug-cluster/audit

3. Why does the customer need this? (List the business requirements here)
Customer has enabled top level logging

In a secure environment where customer needs to audit events in OpenShift, Example, Who created/deleted ConfigMap, Who deleted/created projects.

Customer has enabled Default Profile. Enabling AllRequetsBodies profile may require additional resources which may put a strain on the infrastructure.

Customer likes do CustomConfigMapChanges, CustomSecretsChages which can log all events about changes to ConfigMaps and Secrets for a particular project for Ex - All changes to project - verysecureproject

Something like shown below ( used example as outlined in https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/ )

apiVersion: audit.k8s.io/v1
kind: Policy
rules:
  - level: Metadata
    resources:
    - group: ""
      resources: ["secrets"]
    namespaces: ["verysecureproject"]
 
  - level: Metadata
    resources:
    - group: ""
      resources: ["configmaps"]
    namespaces: ["verysecureproject"]

Customer is looking at option to have profile other than 4 predefined audit policies Default, WriteRequestBodies, AllRequestBodies and None.

4. List any affected packages or components.

Slack thread https://redhat-internal.slack.com/archives/CB48XQ4KZ/p1730391964152939