Skip to content

[Audit log forwarding] - update audit-tls secret to IM deployments for audit forwarding support #1061

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 28 commits into from
Aug 21, 2025
Merged

[Audit log forwarding] - update audit-tls secret to IM deployments for audit forwarding support #1061

merged 28 commits into from
Aug 21, 2025

Conversation

rashmi43
Copy link
Member

@rashmi43 rashmi43 commented Jul 2, 2025
edited
Loading

@rashmi43 rashmi43 requested a review from rwhundley August 4, 2025 16:20
@rashmi43 rashmi43 changed the title [Audit log forwarding] - watch audit-tls secret to update deployments for audit [Audit log forwarding] - update audit-tls secret to IM deployments for audit forwarding support Aug 4, 2025
rwhundley
rwhundley requested changes Aug 4, 2025
View reviewed changes
rashmi43 added 3 commits August 4, 2025 22:02
@rashmi43
update variable name
c5b6d91 
Signed-off-by: rashmi_kh <[email protected]>
@rashmi43
remove watch
26a0204 
Signed-off-by: rashmi_kh <[email protected]>
@rashmi43
remove watch
1d61bf7 
Signed-off-by: rashmi_kh <[email protected]>
rwhundley
rwhundley requested changes Aug 4, 2025
View reviewed changes
rashmi43 and others added 4 commits August 4, 2025 22:31
rwhundley
rwhundley requested changes Aug 4, 2025
View reviewed changes
rashmi43 and others added 3 commits August 5, 2025 14:24
rwhundley
rwhundley requested changes Aug 8, 2025
View reviewed changes
@rashmi43
review comments
f16e9b9 
Signed-off-by: rashmi_kh <[email protected]>
@rashmi43
add print
b29c9f2 
Signed-off-by: rashmi_kh <[email protected]>
@rashmi43
remove print
624a0e6 
Signed-off-by: rashmi_kh <[email protected]>
@rashmi43 rashmi43 requested a review from rwhundley August 13, 2025 13:30
@rashmi43
Copy link
Member Author

works as expected:

{"level":"info","ts":"2025-08-13T14:02:12Z","msg":"Fetched audit URL and audit Secret from Authentication CR","AUDIT_SECRET":"audit-tls","AUDIT_URL":"https://myauditservice:9080"}
{"level":"info","ts":"2025-08-13T14:02:12Z","msg":"Secret for audit configuration not found"}
{"level":"info","ts":"2025-08-13T14:02:12Z","logger":"controller_authentication","msg":"Does audit-tls secret exist?","Request.Namespace":"mcsp-on-4-14","Request.Name":"example-authentication","subreconciler":"handleDeployments","Deployment.Namespace":"mcsp-on-4-14","Secret exists":"audit-tls"}

@rashmi43
Copy link
Member Author 

{"level":"info","ts":"2025-08-13T13:35:51Z","msg":"Fetched audit URL and audit Secret from Authentication CR","AUDIT_SECRET":"nil","AUDIT_URL":"https://myauditservice:9080"}
{"level":"info","ts":"2025-08-13T13:35:51Z","msg":"Secret for audit configuration not found"}
{"level":"info","ts":"2025-08-13T13:35:51Z","logger":"controller_authentication","msg":"Does audit-tls secret exist?","Request.Namespace":"mcsp-on-4-14","Request.Name":"example-authentication","subreconciler":"handleDeployments","Deployment.Namespace":"mcsp-on-4-14","Secret exists":"nil"}

@rashmi43
Copy link
Member Author

when its nil:

{"level":"info","ts":"2025-08-13T13:35:51Z","msg":"Fetched audit URL and audit Secret from Authentication CR","AUDIT_SECRET":"nil","AUDIT_URL":"https://myauditservice:9080"}
{"level":"info","ts":"2025-08-13T13:35:51Z","msg":"Secret for audit configuration not found"}
{"level":"info","ts":"2025-08-13T13:35:51Z","logger":"controller_authentication","msg":"Does audit-tls secret exist?","Request.Namespace":"mcsp-on-4-14","Request.Name":"example-authentication","subreconciler":"handleDeployments","Deployment.Namespace":"mcsp-on-4-14","Secret exists":"nil"}

rwhundley
rwhundley requested changes Aug 13, 2025
View reviewed changes
Copy link
Collaborator

@rwhundley rwhundley left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

make test fails when I pull this locally. Please address this.

Edit: Also be sure to add api/operator/v1alpha1/zz_generated.deepcopy.go to your changes as it is updated when code generation is performed. Run make generate and check git status to see what I'm talking about. Thanks.

@rashmi43
remove print
6e9b29d 
Signed-off-by: rashmi_kh <[email protected]>
@rashmi43
final changes
e80e1ec 
Signed-off-by: rashmi_kh <[email protected]>
@rashmi43
Copy link
Member Author

make test fails when I pull this locally. Please address this.

Edit: Also be sure to add api/operator/v1alpha1/zz_generated.deepcopy.go to your changes as it is updated when code generation is performed. Run make generate and check git status to see what I'm talking about. Thanks.

fixed

@rashmi43 rashmi43 requested a review from rwhundley August 14, 2025 07:16
Tirumalavasa
Tirumalavasa approved these changes Aug 14, 2025
View reviewed changes
Copy link
Member

@Tirumalavasa Tirumalavasa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i am fine with the changes, once Rob's review comments are addressed, he can check and merge it

rwhundley
rwhundley requested changes Aug 18, 2025
View reviewed changes
@rashmi43 rashmi43 requested a review from rwhundley August 20, 2025 08:20
@rashmi43
Copy link
Member Author

negative test:

{"level":"info","ts":"2025-08-20T08:22:03Z","msg":"Fetched audit URL and audit Secret from Authentication CR","AUDIT_SECRET":"","AUDIT_URL":"https://myauditservice:9080"}
{"level":"info","ts":"2025-08-20T08:22:03Z","msg":"Checking for audit Secret","Audit secret":"","Namespace":"mcsp-on-4-14"}
{"level":"error","ts":"2025-08-20T08:22:03Z","msg":"Failed to retrieve Secret for audit configuration","error":"resource name may not be empty","stacktrace":"github.com/IBM/ibm-iam-operator/internal/controller/operator.(*AuthenticationReconciler).getAuditSecretNameIfExists\n\t/Users/rashmi_kh/Documents/GIT/IAM-OPERATOR/ibm-iam-operator/internal/controller/operator/deployment.go:213\ngithub.com/IBM/ibm-iam-operator/internal/controller/operator.(*AuthenticationReconciler).handleDeployments\n\t/Users/rashmi_kh/Documents/GIT/IAM-OPERATOR/ibm-iam-operator/internal/controller/operator/deployment.go:85\ngithub.com/IBM/ibm-iam-operator/internal/controller/operator.(*AuthenticationReconciler).Reconcile\n\t/Users/rashmi_kh/Documents/GIT/IAM-OPERATOR/ibm-iam-operator/internal/controller/operator/authentication_controller.go:354\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/Users/rashmi_kh/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:119\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/Users/rashmi_kh/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:316\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/Users/rashmi_kh/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/Users/rashmi_kh/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227"}
{"level":"info","ts":"2025-08-20T08:22:03Z","logger":"controller_authentication","msg":"CS??? pod name=platform-auth-service-77c447cb54-xvfs9","Request.Namespace":"CS??? namespace","Request.Name":"CS???"}

rwhundley
rwhundley requested changes Aug 20, 2025
View reviewed changes
rashmi43 and others added 3 commits August 20, 2025 19:16
@rashmi43 rashmi43 requested a review from rwhundley August 21, 2025 11:49
rashmi43 and others added 2 commits August 21, 2025 18:07
@rashmi43
dont reinit secret
3ba1075 
Signed-off-by: rashmi_kh <[email protected]>
@rwhundley
Use deployCtx
6081e6e 
Signed-off-by: Rob Hundley <[email protected]>
@ibm-ci-bot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rashmi43, rwhundley, Tirumalavasa

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [Tirumalavasa,rashmi43,rwhundley]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rwhundley rwhundley merged commit 0a55ef1 into master Aug 21, 2025
0 of 2 checks passed
@rwhundley rwhundley deleted the audit-tls-cp4s branch August 21, 2025 16:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Tirumalavasa Tirumalavasa Tirumalavasa approved these changes

@rwhundley rwhundley rwhundley approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rashmi43 @ibm-ci-bot @Tirumalavasa @rwhundley