diff --git a/pkg/operator/apiserver/audit/manifests/allrequestbodies-rules.yaml b/pkg/operator/apiserver/audit/manifests/allrequestbodies-rules.yaml index bcb0a30de2..4b6844d2e5 100644 --- a/pkg/operator/apiserver/audit/manifests/allrequestbodies-rules.yaml +++ b/pkg/operator/apiserver/audit/manifests/allrequestbodies-rules.yaml @@ -8,5 +8,7 @@ resources: ["tokenreviews", "tokenrequests"] - group: "oauth.openshift.io" resources: ["oauthclients", "tokenreviews"] + - group: "machineconfiguration.openshift.io" + resource: ["machineconfig", "controllerconfig"] # catch-all rule to log all other requests with request and response payloads - level: RequestResponse diff --git a/pkg/operator/apiserver/audit/manifests/writerequestbodies-rules.yaml b/pkg/operator/apiserver/audit/manifests/writerequestbodies-rules.yaml index 68389fe30f..5302fad3db 100644 --- a/pkg/operator/apiserver/audit/manifests/writerequestbodies-rules.yaml +++ b/pkg/operator/apiserver/audit/manifests/writerequestbodies-rules.yaml @@ -8,6 +8,8 @@ resources: ["tokenreviews", "tokenrequests"] - group: "oauth.openshift.io" resources: ["oauthclients", "tokenreviews"] + - group: "machineconfiguration.openshift.io" + resource: ["machineconfig", "controllerconfig"] # log request and response payloads for all write requests - level: RequestResponse verbs: diff --git a/pkg/operator/apiserver/audit/testdata/allrequestbodies.yaml b/pkg/operator/apiserver/audit/testdata/allrequestbodies.yaml index 663412eb94..8088f056d7 100644 --- a/pkg/operator/apiserver/audit/testdata/allrequestbodies.yaml +++ b/pkg/operator/apiserver/audit/testdata/allrequestbodies.yaml @@ -34,5 +34,7 @@ rules: resources: ["tokenreviews", "tokenrequests"] - group: "oauth.openshift.io" resources: ["oauthclients", "tokenreviews"] + - group: "machineconfiguration.openshift.io" + resource: ["machineconfig", "controllerconfig"] # catch-all rule to log all other requests with request and response payloads - level: RequestResponse diff --git a/pkg/operator/apiserver/audit/testdata/multipleCr.yaml b/pkg/operator/apiserver/audit/testdata/multipleCr.yaml index 8d03737939..1ddd8e375e 100644 --- a/pkg/operator/apiserver/audit/testdata/multipleCr.yaml +++ b/pkg/operator/apiserver/audit/testdata/multipleCr.yaml @@ -34,6 +34,8 @@ rules: resources: ["tokenreviews", "tokenrequests"] - group: "oauth.openshift.io" resources: ["oauthclients", "tokenreviews"] + - group: "machineconfiguration.openshift.io" + resource: ["machineconfig", "controllerconfig"] userGroups: - system:authenticated:oauth # log request and response payloads for all write requests @@ -64,6 +66,8 @@ rules: resources: ["tokenreviews", "tokenrequests"] - group: "oauth.openshift.io" resources: ["oauthclients", "tokenreviews"] + - group: "machineconfiguration.openshift.io" + resource: ["machineconfig", "controllerconfig"] userGroups: - system:authenticated - level: RequestResponse diff --git a/pkg/operator/apiserver/audit/testdata/oauth.yaml b/pkg/operator/apiserver/audit/testdata/oauth.yaml index fae4351e4c..d30663a730 100644 --- a/pkg/operator/apiserver/audit/testdata/oauth.yaml +++ b/pkg/operator/apiserver/audit/testdata/oauth.yaml @@ -34,6 +34,8 @@ rules: resources: ["tokenreviews", "tokenrequests"] - group: "oauth.openshift.io" resources: ["oauthclients", "tokenreviews"] + - group: "machineconfiguration.openshift.io" + resource: ["machineconfig", "controllerconfig"] userGroups: - system:authenticated:oauth # log request and response payloads for all write requests diff --git a/pkg/operator/apiserver/audit/testdata/writerequestbodies.yaml b/pkg/operator/apiserver/audit/testdata/writerequestbodies.yaml index 534d8ad68c..bb38713796 100644 --- a/pkg/operator/apiserver/audit/testdata/writerequestbodies.yaml +++ b/pkg/operator/apiserver/audit/testdata/writerequestbodies.yaml @@ -34,6 +34,8 @@ rules: resources: ["tokenreviews", "tokenrequests"] - group: "oauth.openshift.io" resources: ["oauthclients", "tokenreviews"] + - group: "machineconfiguration.openshift.io" + resource: ["machineconfig", "controllerconfig"] # log request and response payloads for all write requests - level: RequestResponse verbs: