Skip to content

[Audit log forwarding] - update audit-tls secret to IM deployments for audit forwarding support #1061

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 28 commits into from
Aug 21, 2025
Merged

[Audit log forwarding] - update audit-tls secret to IM deployments for audit forwarding support #1061

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
65f2e31
watch audit-tls secret to update deployments for audit
rashmi43 Jul 2, 2025
a4aa178
pass autdit url from authn CR
rashmi43 Aug 1, 2025
27ae7e0
change the logic to use secret length
rashmi43 Aug 4, 2025
4995af4
Merge branch 'master' into audit-tls-cp4s
rashmi43 Aug 4, 2025
08ebc79
print audit variables
rashmi43 Aug 4, 2025
c5b6d91
update variable name
rashmi43 Aug 4, 2025
26a0204
remove watch
rashmi43 Aug 4, 2025
1d61bf7
remove watch
rashmi43 Aug 4, 2025
6f0ab93
add to auth yaml samples
rashmi43 Aug 4, 2025
1557b97
add to auth yaml samples
rashmi43 Aug 4, 2025
6a99b9c
change to stringpointer
rashmi43 Aug 4, 2025
26233d1
Update internal/controller/operator/deployment.go
rashmi43 Aug 4, 2025
e6eb35b
Update internal/controller/operator/containers.go
rashmi43 Aug 5, 2025
91dafe2
change to string pointer
rashmi43 Aug 6, 2025
a76590a
change to string pointer
rashmi43 Aug 6, 2025
f16e9b9
review comments
rashmi43 Aug 13, 2025
b29c9f2
add print
rashmi43 Aug 13, 2025
624a0e6
remove print
rashmi43 Aug 13, 2025
6e9b29d
remove print
rashmi43 Aug 13, 2025
e80e1ec
final changes
rashmi43 Aug 14, 2025
4f28c8f
add log when finding secret
rashmi43 Aug 14, 2025
0219e5c
add to bootstrap reconciler
rashmi43 Aug 20, 2025
4e7bb98
fix test with empty secret value
rashmi43 Aug 20, 2025
c5fcbe0
fix test with empty secret value
rashmi43 Aug 20, 2025
9fbbcdb
handle case for *string
rashmi43 Aug 20, 2025
293361b
Add debug logging to bootstrap
rwhundley Aug 20, 2025
3ba1075
dont reinit secret
rashmi43 Aug 21, 2025
6081e6e
Use deployCtx
rwhundley Aug 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions internal/controller/bootstrap/authentication_bootstrap_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,8 @@ func (r *BootstrapReconciler) writeConfigurationsToAuthenticationCR(ctx context.
"NONCE_ENABLED": &authCR.Spec.Config.NONCEEnabled,
"PREFERRED_LOGIN": &authCR.Spec.Config.PreferredLogin,
"OIDC_ISSUER_URL": &authCR.Spec.Config.OIDCIssuerURL,
"AUDIT_URL": &authCR.Spec.Config.AuditUrl,
"AUDIT_SECRET": &authCR.Spec.Config.AuditSecret,
"PROVIDER_ISSUER_URL": &authCR.Spec.Config.ProviderIssuerURL,
"CLUSTER_NAME": &authCR.Spec.Config.ClusterName,
"FIPS_ENABLED": &authCR.Spec.Config.FIPSEnabled,
Expand Down
9 changes: 0 additions & 9 deletions internal/controller/operator/configmap.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -347,9 +347,6 @@ func updatePlatformAuthIDP(_ common.SecondaryReconciler, _ context.Context, obse
"LDAP_CTX_POOL_PREFERREDSIZE"),
updatesValuesWhen(not(observedKeySet[*corev1.ConfigMap]("MASTER_PATH")),
"MASTER_PATH"),
updatesValuesWhen(not(observedKeySet[*corev1.ConfigMap]("AUDIT_URL")),
"AUDIT_URL",
"AUDIT_SECRET"),
}

if v, ok := generated.Data["IS_OPENSHIFT_ENV"]; ok {
Expand Down Expand Up @@ -548,12 +545,6 @@ func (r *AuthenticationReconciler) generateAuthIdpConfigMap(clusterInfo *corev1.
},
}

if authCR.Spec.Config.AuditUrl != nil && authCR.Spec.Config.AuditSecret != nil {
dataPointer := &generated.Data
(*dataPointer)["AUDIT_URL"] = *authCR.Spec.Config.AuditUrl
(*dataPointer)["AUDIT_SECRET"] = *authCR.Spec.Config.AuditSecret // Dereference the pointer first
}

// Set Authentication authCR as the owner and controller of the ConfigMap
if err = controllerutil.SetControllerReference(authCR, generated, s.GetClient().Scheme()); err != nil {
reqLogger.Error(err, "Failed to set owner for ConfigMap")
Expand Down
4 changes: 2 additions & 2 deletions internal/controller/operator/deployment.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,7 +201,7 @@ func (r *AuthenticationReconciler) getAuditSecretNameIfExists(ctx context.Contex
}

reqLogger.Info("Fetched audit URL and audit Secret from Authentication CR", "AUDIT_SECRET", authCR.Spec.Config.AuditSecret, "AUDIT_URL", authCR.Spec.Config.AuditUrl)
if authCR.Spec.Config.AuditSecret != nil {
if authCR.Spec.Config.AuditSecret != nil && len(*authCR.Spec.Config.AuditSecret) > 0 {
auditTLSSecret := &corev1.Secret{}
auditTLSSecretStruct := types.NamespacedName{Name: *authCR.Spec.Config.AuditSecret, Namespace: authCR.Namespace}
reqLogger.Info("Checking for audit Secret", "Audit secret", authCR.Spec.Config.AuditSecret, "Namespace", authCR.Namespace)
Expand All @@ -210,7 +210,7 @@ func (r *AuthenticationReconciler) getAuditSecretNameIfExists(ctx context.Contex
reqLogger.Info("Secret for audit configuration not found")
return nil, nil
} else if err1 != nil {
reqLogger.Error(err1, "Failed to retrieve Secret for audit configuration")
reqLogger.Error(err1, "Failed to retrieve the secret for audit configuration")
return nil, err1
}
}
Expand Down