-
Notifications
You must be signed in to change notification settings - Fork 769
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Getting full results of audit runs without log parsing #2193
Comments
I can work on this issue if you're ok with this idea and are willing to help with reviews/suggestions, btw :) |
I like the suggestion! @ritazh @sozercan for input as well. Another possible mechanism for shipping results could be pubsub, though that would be less atomic. Rotation might be necessary just to avoid running out of disk if the sidecar dies, but if this defaults to off, there's room for discovering if that's truly necessary. I can see how rotation could lead to missing audit results. |
#1037 is an older issue that seems related |
+1 on this proposal and I’m interested in a detailed design and how it could fit with the pub sub model we have discussed in the past. Since this is a dup of #1037, I will close this for now so we can continue the discussion in #1037 as that issue has alot of context and prior considerations from others already. Feel free to reopen if you feel it’s different. |
I guess pubsub will do for me, but I'm more interested in audit "reports" rather than stream of audit events. |
Describe the solution you'd like
Currently the only way to reliably obtain all constraint violations from gatekeeper audit is to parse its logs, searching for audit runs.
It would be nice to have a way to generate JSON reports in a file on each audit run, so they can be processed and shipped by a sidecar container, without having to parse Gatekeeper logs.
Anything else you would like to add:
It should probably be an optional feature, disabled by default.
I guess writing each report into separate files with
audit_id
in filename is a feasible option.I'm not sure on whether Gatekeeper should rotate these files on its own (I'd say no), and whether some sort of callback is needed to notify whatever is watching for these reports about new report being created.
The text was updated successfully, but these errors were encountered: