Commit f35f5ef4 authored by Kubernetes Submit Queue's avatar Kubernetes Submit Queue Committed by GitHub

Merge pull request #47921 from timstclair/audit-policy

Automatic merge from submit-queue Don't audit log tokens in TokenReviews We don't want to leak auth tokens in the audit logs, so only log TokenReview requests at the metadata level. Issue: kubernetes/features#22
parents 4e1b6083 dcdcb19c
......@@ -568,12 +568,14 @@ rules:
- group: "" # core
resources: ["events"]
# Secrets & ConfigMaps can contain sensitive & binary data,
# Secrets, ConfigMaps, and TokenReviews can contain sensitive & binary data,
# so only log at the Metadata level.
- level: Metadata
resources:
- group: "" # core
resources: ["secrets", "configmaps"]
- group: authentication.k8s.io
resources: ["tokenreviews"]
# Get repsonses can be large; skip them.
- level: Request
verbs: ["get", "list", "watch"]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment