Azure
/
ARO-RP
зеркало из https://github.com/Azure/ARO-RP.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
3 579 коммитов 233 Ветки 194 Теги 232 MiB
Граф коммитов

206 Коммитов

Автор SHA1 Сообщение Дата
Zach Jones b56f6558ba feat: parameterized mdsd logging configurations 
fix: added missing account field to bootstraplogging config

chore: generated files from make aro

fix: removed unrelated aro-rp service environment variable changes from merge

feat: parameterized mdsd logging configurations

fix: added missing account field to bootstraplogging config

chore: generated files from make aro

fix: removed unrelated aro-rp environment variable changes

chore: generated files from make aro

fix: reverting vendor bootstraplogging changes

feat: [vendor] updated vendor bootstraplogging config

fix: reverted bootstraplogging changes

style: reverted name changes to geneva logging environment variables

fix: updated cluster geneva logging environment variable names

feat: added prod geneva account names to cluster types validation

chore: generated files from make aro
 2021-07-14 19:13:15 -06:00
Mangirdas Judeikis 6d597f7e60
Revert "Merge pull request #1591 from mjudeikis/fleuntbit.pin" 
This reverts commit 57e4bf000d, reversing
changes made to 6108dc6b82.
 2021-07-08 15:51:03 +01:00
Mangirdas Judeikis fc0b440289
fixup fluentbit agent 2021-07-08 11:58:07 +01:00
Troy Connor 2ce101047f
deploy: add FPSPID to pkg/deploy 2021-06-15 14:04:20 -04:00
Corey Perkins 1ef7ac4f6a
Cloudfit/removeencryptionathost (#1513) 
Removing encryptionAtHost
 2021-06-03 11:46:13 +01:00
Naveen Malik ba0fd1fff7 Add azureCloudName to resources_rp.go 
So we can set the cloud before login and support the sovereign clouds.
 2021-06-02 13:52:50 -04:00
Mangirdas Judeikis 8f8cce9bc0
Revert "Merge pull request #1486 from mjudeikis/client.package.refresh" 
This reverts commit b952b1e035, reversing
changes made to 7d5ee827c9.
 2021-05-27 09:49:23 +01:00
Nils Elde a7e9c6f161 make keyvault dns suffix cloud aware 2021-05-26 09:59:23 -04:00
Jim Minter 2715bace97 add flag to disable cosmosdb firewall 2021-05-11 11:48:17 -04:00
Mangirdas Judeikis 4bdb4e1a3e
Add expired client workaround 2021-05-11 08:08:38 +01:00
Jim Minter e61efa5666
add cmd/dbtoken 2021-04-26 15:22:21 -05:00
Jim Minter a0bc3474da
add armClientId config 2021-04-23 10:25:45 -05:00
Jim Minter 299309817d
add rpVmssCapacity parameter 2021-04-23 10:25:45 -05:00
Jim Minter 45d726e348
add EnableDevelopmentAuthorizer feature 2021-04-22 10:27:11 -05:00
Jim Minter a563426654
rename parameter mdsdConfigVersion -> rpMdsdConfigVersion 2021-04-22 10:27:11 -05:00
Jim Minter 0de48ee913
enable empty billingServicePrincipalId in deploy 2021-04-22 10:27:10 -05:00
Naveen Malik 758b5533eb Bump 4.{5,6}.z, drop 4.3 2021-04-09 10:10:47 -04:00
Jim Minter 9cacea7b3c
remove rpMode from ARM templates 2021-04-08 09:12:14 -05:00
Jim Minter c1e0ef99a5
add DisableDenyAssignments feature 2021-04-08 09:12:13 -05:00
Jim Minter 1d2384d768
move billingE2EStorageAccountId to RP configuration 2021-04-08 09:12:12 -05:00
Jim Minter 0e01c6cb3b
move fpClientID to RP config for INT/PROD 2021-04-08 09:12:08 -05:00
Jim Minter 51a1d80455
move clusterGenevaLoggingEnvironment, clusterGenevaLoggingConfigVersion to RP config for INT/PROD 2021-04-07 13:07:39 -05:00
Jim Minter a0cabd7ae2
make billingServicePrincipalId an RP config parameter 2021-03-04 15:40:21 -06:00
Jim Minter 5c5c0d2dc5
remove fullDeploy 2021-02-23 19:34:27 -06:00
bennerv 8b11c9c918 Revert docker to podman migration changes 2021-02-23 20:03:36 -05:00
bennerv aaaf431da8 Fix az acr login after podman migration 2021-02-23 18:08:46 -05:00
bennerv 4a8dcd1ead fix point where setting selinux boolean value 2021-02-23 16:34:49 -05:00
bennerv 3cffdfdf8e Change podman back to docker but install podman-dockerr 2021-02-22 09:56:40 -05:00
bennerv c49fbac350 Change references from docker -> podman 2021-02-22 09:54:17 -05:00
Jim Minter 01d568d23e
add missing Match * stanza 2021-02-15 17:37:39 -06:00
Jim Minter 80139ba534
re-enable ifx audit 2021-02-10 09:33:49 -06:00
Leszek Jakubowski 9c7e890bed unpinning RHEL7 version (RHUI issues) 2021-02-10 15:03:50 +01:00
Leszek Jakubowski 6a6c212b4c unpinning azure-cli, the underlying issue has been fixed 2021-02-10 13:26:43 +01:00
Jim Minter 18bc7fab39
disable ifx audit logging for now (#1301) 
* don't audit /healthz/ready

* disable ifx audit logging for now.

the collector is not yet configured server side; the fluent bit version we're
on (1.3.11) is ancient and doesn't support rewrite_tag; hence we're spamming
our logs with ifxaudit lines
 2021-02-09 07:31:55 +00:00
Jim Minter 0bfe2a9e15
bump geneva images (#1290) 2021-02-08 17:07:10 +00:00
Ivan Sim a6ef29638f
Collect Audit Logs From RP Frontend (#1243) 
* Update RP frontend to collect audit logs

1. Add a new middleware to audit inbound requests
2. Requests to the Azure 'operationsstatus' endpoints are skipped
3. Remove the embedded 'env' from the audit log hook to decouple the
   dependency. The 'env' is passed in to the Audit middleware
4. Replace unnecessary custom string types with basic string types
5. Update the testutil 'AssertLoggingOutput' method to skip asserting
   audit logs to reduce flakiness in tests. Audit logs assertion is done
   in a new 'audit.AssertAuditingOutput()' testutil method

Signed-off-by: Ivan Sim <isim@redhat.com>

* Address Troy's feedback

Signed-off-by: Ivan Sim <isim@redhat.com>

* Update fluent-bit config with rewrite_tag filter

This filter rewrites the input tag of journald logs that have the field
LOGKIND=ifxaudit, to ifxaudit. Using a different tag for ifxaudit logs
allows us to separate them from non-audit logs in the mdsd
configuration.

Signed-off-by: Ivan Sim <isim@redhat.com>

* Address Jim's feedback

Signed-off-by: Ivan Sim <isim@redhat.com>

* New changes per discussion with Jim

1. Merge the 'audit' middleware with the 'log' middleware
to avoid type assertions
3. Update security_test.go with audit test
4. Remove pointer reference to audit constructor
5. Add new audit log entry to testinfra struct

Signed-off-by: Ivan Sim <isim@redhat.com>

* Address MJ's feedback

1. Add unit test to test supported URL patterns

Signed-off-by: Ivan Sim <isim@redhat.com>

* Address Jim's feedback

1. Move adminOp 'if' conditional to log middleware
2. Extract out the 'if' conditional check into a helper function
3. Add start and end symbols to new regex expressions

Signed-off-by: Ivan Sim <isim@redhat.com>
 2021-02-04 11:09:06 +00:00
Jim Minter 0f3125bff2
enable encryption at host on RP 2021-01-21 19:21:26 -06:00
Jim Minter 68db0de021
bump compute API to 2020-06-01 2021-01-21 19:21:15 -06:00
Jim Minter 7bc0255106
setting MONITORING_GCS_AUTH_ID_TYPE=AuthKeyVault seems to have caused mdsd not to honour SSL_CERT_FILE any more, heaven only knows why. 2021-01-21 15:12:16 -06:00
Olga Mirensky fa2c54e60e use temp dir for temp cert locations and bug fixes 2021-01-19 12:44:24 +11:00
Olga Mirensky d8d1b23a6f Simplify parameters handling and add AZURE_CONFIG_DIR to avoid race 2021-01-19 12:40:54 +11:00
Olga Mirensky 6502928036 use openssl to extract mdsd SAN; minor fixes 2021-01-19 12:40:54 +11:00
Olga Mirensky 02749169e4 Add systemd timers for periodic refresh of mdm and mdsd certificates 2021-01-19 12:40:54 +11:00
Jim Minter ec5108d30c
add missing pip dependency 2021-01-18 18:37:42 -06:00
Jim Minter 5f58d78a6a
change admin location from admin.location to location.admin 2020-12-09 21:35:33 -06:00
Jim Minter 04479f4a9f
add missing environment variables 2020-12-09 19:52:31 -06:00
Jim Minter b5541d6d9f
rename portal lbrule for ssh 2020-12-09 19:10:12 -06:00
Jim Minter 1c117f27a9
add missing parenthesis 2020-12-09 16:58:31 -06:00
Jim Minter 2d544af436
add missing HOSTNAME environment variable for portal 2020-12-09 16:22:52 -06:00
Jim Minter ed6a258787
remove non-standard domainName ARM template parameter and use clusterParentDomainName 2020-12-09 16:22:52 -06:00