runtime-tools: emit audit log messages for adjustments. #268
Conversation
klihub
force-pushed
the
devel/audit-logging
branch
2 times, most recently
from
a6cac4e to
c0863cc
Compare
klihub
changed the title
klihub
changed the title
Add an option for setting an external audit event logger and use any configured logger to emit audit events as we adjust the OCI Spec. Signed-off-by: Krisztian Litkey <[email protected]>
klihub
force-pushed
the
devel/audit-logging
branch
from
c0863cc to
9953d06
Compare
|
@mikebrow @samuelkarp PTAL |
|
@samuelkarp I have a few questions. Related to the approach taken here, is this roughly what you had in mind ? Related to event details, how detailed events do we want to log, and do we want to log them unconditionally ? The PR now logs unconditionally and detailed events, except in a few extreme cases where details could get really verbose. But should it be configurable, or should details be logged at a different logging level ? About the logged events/messages. The main messages are now exposed consts, with the idea that someone might want to build some tooling where it can come handy to have them exported. But I don't know if this really makes sense. Any thoughts ? |
|
Thanks for jumping on this, @klihub. You raised some important questions in your comment that I think we should probably settle on before finalizing the implementation. Since o11y is a key requirement for GA, could we open a GitHub issue to agree on the specific design goals and requirements first? We can treat this PR as a PoC to inform that discussion, but I'd feel more comfortable if we aligned on the "what" and "why" in a design issue before we iterate further on the "how" here. |
I created issue #270 for that. |
3 participants
This PR implements NRI audit logging for OCI Spec adjustments, which has been identified as one of the missing things we need to add (be)for(e) a v1.0. This patch
Here are updated trees for contained and CRI-O: