Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clean up audit logging #109087

Open
1 of 3 tasks
tallclair opened this issue Mar 29, 2022 · 11 comments
Open
1 of 3 tasks

Clean up audit logging #109087

tallclair opened this issue Mar 29, 2022 · 11 comments
Assignees
@tallclair
Labels
area/audit kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@tallclair
Copy link
Member

tallclair commented Mar 29, 2022
edited
Loading

Problems with audit logging:

  1. Information is added to the context in stages, and it's not clear what is available at a given time.
  2. 4 separate pieces of audit info are stored on the context (ID, AuditContext, annotations, and mutex with Audit mutex #109078)
  3. Audit logic is scattered across the code, and often mutates the shared audit event directly.

Proposal:

  • Register an AuditContext interface as the very first step (audit ID step)
  • Audit context exposes a series of write-only thread-safe methods for recording information from different points in the request chain
  • Audit stages will be executed against the audit context, instructing it to generate an audit event with the information it has at that point.

This should clean up the code and make it less order dependent.
@tallclair tallclair added kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. area/audit labels Mar 29, 2022
@tallclair tallclair self-assigned this Mar 29, 2022
@k8s-ci-robot k8s-ci-robot added this to the v1.25 milestone Mar 29, 2022
@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Mar 29, 2022
@tallclair tallclair mentioned this issue Mar 29, 2022
Merged
@enj
Copy link
Member

enj commented Mar 29, 2022

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Mar 29, 2022
@hosseinsalahi
Copy link

Hi @tallclair!
My name Hossein Salahi from Bug-Triage team. I am just checking to ensure if everything is on track for K8s 1.25.
Thanks!

@helayoty helayoty moved this to Pending inclusion in [sig-release] Bug Triage Jun 22, 2022
@helayoty helayoty moved this from Pending inclusion to Tracked in [sig-release] Bug Triage Jun 28, 2022
@tallclair tallclair assigned tallclair and unassigned tallclair Jul 12, 2022
@tallclair tallclair mentioned this issue Jul 12, 2022
Merged
@tallclair
Copy link
Member Author

@encodeflush I think so, but this isn't user facing so it's not a big deal if it slips to v1.26.

@helayoty
Copy link
Member

/milestone clear

@k8s-ci-robot k8s-ci-robot removed this from the v1.25 milestone Aug 15, 2022
@tallclair
Copy link
Member Author

/milestone v1.26

I'd like to try and get this in the next release.

@k8s-ci-robot k8s-ci-robot added this to the v1.26 milestone Aug 24, 2022
@hosseinsalahi hosseinsalahi moved this from Tracked to Pending inclusion in [sig-release] Bug Triage Sep 19, 2022
@hosseinsalahi hosseinsalahi moved this from Pending inclusion to Tracked in [sig-release] Bug Triage Oct 4, 2022
@hosseinsalahi hosseinsalahi moved this from Tracked to Pending inclusion in [sig-release] Bug Triage Oct 5, 2022
@neoaggelos
Copy link

Hi @tallclair, member of the bug triage team for 1.26 here! I just wanted to check whether this issue is on track for the 1.26 release.

Thank you!

@tallclair
Copy link
Member Author

I'm still hoping to get it in this release, but blocked on approval on #111095.

Note that this is just a cleanup, so no real impacts of this slipping if it doesn't make the cutoff.

This was referenced Nov 4, 2022
Merged
Merged
@leonardpahlke leonardpahlke removed this from the v1.26 milestone Nov 9, 2022
@enj enj moved this to In Progress in SIG Auth Dec 5, 2022
@enj enj added this to SIG Auth Dec 5, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 7, 2023
@tallclair
Copy link
Member Author

/remove-lifecycle stale

I'm still working on this. Will make some progress this release, though it might not be completed until v1.28.

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 9, 2023
@sxllwx sxllwx mentioned this issue Sep 21, 2023
Closed
@k8s-triage-robot
Copy link

This issue has not been updated in over 1 year, and should be re-triaged.

You can:

  • Confirm that this issue is still relevant with /triage accepted (org members only)
  • Close this issue with /close

For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/

/remove-triage accepted

@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. and removed triage/accepted Indicates an issue or PR is ready to be actively worked on. labels Mar 8, 2024
@seans3
Copy link
Contributor

seans3 commented Mar 26, 2024

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Mar 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tallclair tallclair

Labels
area/audit kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Auth
Status: In Progress
[sig-release] Bug Triage
Status: Pending inclusion
Milestone
No milestone
Development

No branches or pull requests
9 participants
@neoaggelos @enj @seans3 @k8s-ci-robot @tallclair @hosseinsalahi @helayoty @k8s-triage-robot @leonardpahlke