зеркало из https://github.com/Azure/ARO-RP.git
a6ef29638f
* Update RP frontend to collect audit logs 1. Add a new middleware to audit inbound requests 2. Requests to the Azure 'operationsstatus' endpoints are skipped 3. Remove the embedded 'env' from the audit log hook to decouple the dependency. The 'env' is passed in to the Audit middleware 4. Replace unnecessary custom string types with basic string types 5. Update the testutil 'AssertLoggingOutput' method to skip asserting audit logs to reduce flakiness in tests. Audit logs assertion is done in a new 'audit.AssertAuditingOutput()' testutil method Signed-off-by: Ivan Sim <isim@redhat.com> * Address Troy's feedback Signed-off-by: Ivan Sim <isim@redhat.com> * Update fluent-bit config with rewrite_tag filter This filter rewrites the input tag of journald logs that have the field LOGKIND=ifxaudit, to ifxaudit. Using a different tag for ifxaudit logs allows us to separate them from non-audit logs in the mdsd configuration. Signed-off-by: Ivan Sim <isim@redhat.com> * Address Jim's feedback Signed-off-by: Ivan Sim <isim@redhat.com> * New changes per discussion with Jim 1. Merge the 'audit' middleware with the 'log' middleware to avoid type assertions 3. Update security_test.go with audit test 4. Remove pointer reference to audit constructor 5. Add new audit log entry to testinfra struct Signed-off-by: Ivan Sim <isim@redhat.com> * Address MJ's feedback 1. Add unit test to test supported URL patterns Signed-off-by: Ivan Sim <isim@redhat.com> * Address Jim's feedback 1. Move adminOp 'if' conditional to log middleware 2. Extract out the 'if' conditional check into a helper function 3. Add start and end symbols to new regex expressions Signed-off-by: Ivan Sim <isim@redhat.com> |
||
|---|---|---|
| .. | ||
| bufferedpipe | ||
| clusterdata | ||
| cmp | ||
| kubeadminkubeconfig | ||
| listener | ||
| log | ||
| matcher | ||
| project | ||