Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-7626

[ROSA HCP] Audit log policy profile logs only metadata

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • Hosted Control Planes, ROSA
    • None
    • None
    • Product / Portfolio Work
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      Audit log policy profile for ROSA Classic is set to 'WriteRequestBodies' whereas for ROSA HCP it is currently set at 'Default', which only logs metadata. [1]
      
      This creates issues for customer environments where accountability/traceability is a concern.
      
      Currently, this is cannot be edited by the customer as it is a managed configuration value.    

      Version-Release number of selected component (if applicable):

      All known current releases   

      How reproducible:

      Every time    

      Steps to Reproduce:

          1. Install ROSA HCP cluster
          2. Run command:
               $ oc get apiserver cluster -oyaml
          

      Actual results:

       spec:
        audit:
          profile: Default   

      Expected results:

      spec:
        audit:
          profile: WriteRequestBodies    

      Additional info:

      Customer reported this discrepancy Classic vs HCP since they are validating HCP for use in their government services which have strict compliance requirements for auditing of cluster configuration changes.    

       

      [1] https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/security_and_compliance/audit-log-policy-config#about-audit-log-profiles_audit-log-policy-config

              Unassigned Unassigned
              rhn-support-dumilbur Duncan Milburn
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                None
                None