Answering my own question, that "namespace" field on audit log refers to the unamespaced resource "/oapi/v1/subjectaccessreviews", not the subject access review object of the request.
Still, the problem persists... -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2017-09-13 22:39 GMT-03:00 Mateus Caruccio <[email protected]>: > Audit logs show this: > > 2017-09-13T22:18:43.907186125-03:00 AUDIT: > id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" > ip="10.150.10.35" method="POST" user="mateus" groups="\"system: > authenticated:oauth\",\"system:authenticated\"" as="<self>" > asgroups="<lookup>" namespace="<none>" uri="/oapi/v1/subjectaccessreviews" > 2017-09-13T22:18:43.941696064-03:00 AUDIT: > id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" > response="201" > > I'm I wrong o that "namespace" field should be not <none>? > > > -- > Mateus Caruccio / Master of Puppets > GetupCloud.com > We make the infrastructure invisible > Gartner Cool Vendor 2017 > > 2017-09-13 20:31 GMT-03:00 Mateus Caruccio <[email protected] > >: > >> After a fresh Origin 3.6.0, hawkular returns only 403 Forbiden. >> What is the auth path used by hawkular and how can I check if it's >> correct (secrets, servicaccounts, token, etc)? >> >> $ oc version >> oc v3.6.0+c4dd4cf >> kubernetes v1.6.1+5115d708d7 >> features: Basic-Auth GSSAPI Kerberos SPNEGO >> >> Server <redacted> >> openshift v3.6.0+c4dd4cf >> kubernetes v1.6.1+5115d708d7 >> >> >> $ oc -n openshift-infra get rc -o yaml | grep image: >> image: docker.io/openshift/origin-metrics-cassandra:v3.6.0 >> image: docker.io/openshift/origin-met >> rics-hawkular-metrics:v3.6.0 >> image: docker.io/openshift/origin-metrics-heapster:v3.6.0 >> >> >> $ oc -n openshift-infra get pods >> NAME READY STATUS RESTARTS AGE >> hawkular-cassandra-1-vg250 1/1 Running 0 42m >> hawkular-metrics-4rkn4 1/1 Running 0 38m >> heapster-fjg8t 1/1 Running 1 50m >> >> >> $ oadm diagnostics MetricsApiProxy >> [Note] Determining if client configuration exists for client/cluster >> diagnostics >> Info: Successfully read a client config file at >> '/home/getup/.kube/config' >> Info: Using context for cluster-admin access: >> 'default/<redacted>:443/system:admin' >> >> [Note] Running diagnostic: MetricsApiProxy >> Description: Check the integrated heapster metrics can be reached >> via the API proxy >> >> [Note] Summary of diagnostics execution (version v3.6.0+c4dd4cf): >> [Note] Completed with no errors or warnings seen. >> >> >> >> Thanks >> -- >> Mateus Caruccio / Master of Puppets >> GetupCloud.com >> We make the infrastructure invisible >> Gartner Cool Vendor 2017 >> > >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
