Skip to content

Add support for Kubernetes Audit #458

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 10, 2025
Merged

Add support for Kubernetes Audit #458

merged 3 commits into from
Oct 10, 2025

Conversation

@remyrd
Copy link
Contributor

@remyrd remyrd commented Sep 1, 2025
edited by nerzhul
Loading

Description

Add support for Kubernetes Audit - Create / Update / Read

Taken by @nerzhul

Checklist

(For exoscale contributors)

  • Changelog updated (under Unreleased block)
  • Acceptance tests OK
  • For a new resource, datasource or new attributes: acceptance test added/updated

Testing

❯ TF_ACC=1 go test ./... -run 'TestAccResourceSKSCluster$'            
?   	github.com/exoscale/terraform-provider-exoscale	[no test files]
ok  	github.com/exoscale/terraform-provider-exoscale/exoscale	291.774s
?   	github.com/exoscale/terraform-provider-exoscale/pkg/config	[no test files]
ok  	github.com/exoscale/terraform-provider-exoscale/pkg/filter	(cached) [no tests to run]
?   	github.com/exoscale/terraform-provider-exoscale/pkg/general	[no test files]
ok  	github.com/exoscale/terraform-provider-exoscale/pkg/list	(cached) [no tests to run]
?   	github.com/exoscale/terraform-provider-exoscale/pkg/provider	[no test files]
?   	github.com/exoscale/terraform-provider-exoscale/pkg/provider/config	[no test files]
ok  	github.com/exoscale/terraform-provider-exoscale/pkg/resources/anti_affinity_group	(cached) [no tests to run]
ok  	github.com/exoscale/terraform-provider-exoscale/pkg/resources/block_storage	(cached) [no tests to run]
ok  	github.com/exoscale/terraform-provider-exoscale/pkg/resources/database	(cached) [no tests to run]
ok  	github.com/exoscale/terraform-provider-exoscale/pkg/resources/iam	(cached) [no tests to run]
ok  	github.com/exoscale/terraform-provider-exoscale/pkg/resources/instance	(cached) [no tests to run]
ok  	github.com/exoscale/terraform-provider-exoscale/pkg/resources/instance_pool	(cached) [no tests to run]
ok  	github.com/exoscale/terraform-provider-exoscale/pkg/resources/nlb_service	(cached) [no tests to run]
ok  	github.com/exoscale/terraform-provider-exoscale/pkg/resources/sos_bucket_policy	(cached) [no tests to run]
?   	github.com/exoscale/terraform-provider-exoscale/pkg/resources/zones	[no test files]
?   	github.com/exoscale/terraform-provider-exoscale/pkg/sos	[no test files]
?   	github.com/exoscale/terraform-provider-exoscale/pkg/testutils	[no test files]
?   	github.com/exoscale/terraform-provider-exoscale/pkg/utils	[no test files]
?   	github.com/exoscale/terraform-provider-exoscale/pkg/validators	[no test files]
?   	github.com/exoscale/terraform-provider-exoscale/pkg/version	[no test files]
?   	github.com/exoscale/terraform-provider-exoscale/version	[no test files]

PhilippeChepy
PhilippeChepy reviewed Sep 1, 2025
View reviewed changes
@nerzhul nerzhul self-assigned this Sep 23, 2025
remyrd
remyrd commented Sep 26, 2025
View reviewed changes
remyrd
remyrd commented Sep 26, 2025
View reviewed changes
Copy link
Contributor Author

@remyrd remyrd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not an expert here but so far looks good to me. The only detail worth mentioning is when updating the cluster, the abscence of an audit config in the payload ⚠️ does not ⚠️ disable it. The user has to explicitly set enabled: false

kobajagi
kobajagi reviewed Sep 26, 2025
View reviewed changes
kobajagi
kobajagi reviewed Sep 26, 2025
View reviewed changes
kobajagi
kobajagi reviewed Sep 26, 2025
View reviewed changes
kobajagi
kobajagi reviewed Sep 26, 2025
View reviewed changes
@kobajagi
Copy link
Contributor

kobajagi commented Sep 26, 2025

I'm not an expert here but so far looks good to me. The only detail worth mentioning is when updating the cluster, the abscence of an audit config in the payload ⚠️ does not ⚠️ disable it. The user has to explicitly set enabled: false

That is expected behavior of an optional attribute in terraform. Adding a note never hurts.

@nerzhul nerzhul force-pushed the remy/sc-135074/sks-audit-log-webhook branch 9 times, most recently from fcfd401 to cd67171 Compare September 29, 2025 09:02
@nerzhul nerzhul force-pushed the remy/sc-135074/sks-audit-log-webhook branch from cd67171 to 5b2da4c Compare September 29, 2025 09:17
@nerzhul
Copy link
Contributor

nerzhul commented Sep 29, 2025

there is some acceptance tests to fix, some are out of this PR scope, anyway

@nerzhul nerzhul force-pushed the remy/sc-135074/sks-audit-log-webhook branch 2 times, most recently from 3bb5b8d to 68cd7ab Compare September 30, 2025 14:39
@nerzhul nerzhul marked this pull request as ready for review September 30, 2025 14:53
@nerzhul nerzhul force-pushed the remy/sc-135074/sks-audit-log-webhook branch 2 times, most recently from 27b1fca to 19c46c3 Compare September 30, 2025 15:41
@nerzhul nerzhul force-pushed the remy/sc-135074/sks-audit-log-webhook branch from 19c46c3 to 5448388 Compare October 2, 2025 07:26
@nerzhul nerzhul requested a review from a team October 7, 2025 15:40
@nerzhul nerzhul requested review from a team and kobajagi October 7, 2025 15:40
@nerzhul nerzhul merged commit ca796ad into master Oct 10, 2025
2 of 6 checks passed
@nerzhul nerzhul deleted the remy/sc-135074/sks-audit-log-webhook branch October 10, 2025 08:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PhilippeChepy PhilippeChepy PhilippeChepy approved these changes

@kobajagi kobajagi kobajagi approved these changes

Assignees

@nerzhul nerzhul

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@remyrd @kobajagi @nerzhul @PhilippeChepy