Merge pull request #64307 from bergerhoffer/OCPBUGS-11516

bergerhoffer · web-flow · commit 2c6d7bca59ea · 2023-09-06T11:32:43.000-04:00
OCPBUGS#11516: Noted that custom rules are ignored if the audit log p…
diff --git a/modules/nodes-nodes-audit-config-about.adoc b/modules/nodes-nodes-audit-config-about.adoc
@@ -25,7 +25,7 @@ Audit log profiles define how to log requests that come to the OpenShift API ser
 |In addition to logging metadata for all requests, logs request bodies for  every read and write request to the API servers (`get`, `list`, `create`, `update`, `patch`). This profile has the most resource overhead. ^[1]^
 
 |`None`
-|No requests are logged; even OAuth access token requests and OAuth authorize token requests are not logged.
+|No requests are logged; even OAuth access token requests and OAuth authorize token requests are not logged. Custom rules are ignored when this profile is set.
 
 [WARNING]
 ====
diff --git a/modules/nodes-nodes-audit-policy-custom.adoc b/modules/nodes-nodes-audit-policy-custom.adoc
@@ -10,6 +10,11 @@ You can configure an audit log policy that defines custom rules. You can specify
 
 These custom rules take precedence over the top-level profile field. The custom rules are evaluated from top to bottom, and the first that matches is applied.
 
+[IMPORTANT]
+====
+Custom rules are ignored if the top-level profile field is set to `None`.
+====
+
 .Prerequisites
 
 * You have access to the cluster as a user with the `cluster-admin` role.
@@ -41,11 +46,11 @@ spec:
     profile: Default                    <2>
 ----
 <1> Add one or more groups and specify the profile to use for that group. These custom rules take precedence over the top-level profile field. The custom rules are evaluated from top to bottom, and the first that matches is applied.
-<2> Set to `Default`, `WriteRequestBodies`, `AllRequestBodies`, or `None`. If you do not set this top-level `audit.profile` field, it defaults to the `Default` profile.
+<2> Set to `Default`, `WriteRequestBodies`, or `AllRequestBodies`. If you do not set this top-level profile field, it defaults to the `Default` profile.
 +
 [WARNING]
 ====
-It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly.
+Do not set the top-level profile field to `None` if you want to use custom rules. Custom rules are ignored if the top-level profile field is set to `None`.
 ====
 
 . Save the file to apply the changes.
