github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-29 22:46:12 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #47921 from timstclair/audit-policy

Browse Source 
Automatic merge from submit-queue

Don't audit log tokens in TokenReviews

We don't want to leak auth tokens in the audit logs, so only log TokenReview requests at the metadata level.

Issue: kubernetes/features#22
This commit is contained in:
Kubernetes Submit Queue 2017-06-22 19:47:43 -07:00 committed by GitHub
commit f35f5ef464
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cluster/gce/gci/configure-helper.sh
View File

@ -568,12 +568,14 @@ rules:
- group: "" # core
resources: ["events"]
# Secrets & ConfigMaps can contain sensitive & binary data,
# Secrets, ConfigMaps, and TokenReviews can contain sensitive & binary data,
# so only log at the Metadata level.
- level: Metadata
resources:
- group: "" # core
resources: ["secrets", "configmaps"]
- group: authentication.k8s.io
resources: ["tokenreviews"]
# Get repsonses can be large; skip them.
- level: Request
verbs: ["get", "list", "watch"]