Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-7626

[ROSA HCP] Audit log policy profile logs only metadata

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • Hosted Control Planes, ROSA
    • None
    • None
    • Product / Portfolio Work
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      Audit log policy profile for ROSA Classic is set to 'WriteRequestBodies' whereas for ROSA HCP it is currently set at 'Default', which only logs metadata. [1]

This creates issues for customer environments where accountability/traceability is a concern.

Currently, this is cannot be edited by the customer as it is a managed configuration value.

      Version-Release number of selected component (if applicable):

      All known current releases

      How reproducible:

      Every time

      Steps to Reproduce:

          1. Install ROSA HCP cluster
    2. Run command:
         $ oc get apiserver cluster -oyaml

      Actual results:

       spec:
  audit:
    profile: Default  

      Expected results:

      spec:
  audit:
    profile: WriteRequestBodies    

      Additional info:

      Customer reported this discrepancy Classic vs HCP since they are validating HCP for use in their government services which have strict compliance requirements for auditing of cluster configuration changes.

       

      [1] https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/security_and_compliance/audit-log-policy-config#about-audit-log-profiles_audit-log-policy-config

              Unassigned Unassigned
              rhn-support-dumilbur Duncan Milburn
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                None
                None