Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-1643

Investigate how to segregate infra logs visibility per user role

    XMLWordPrintable

    Details

    • Similar Issues:
    • Sprint:
      Evergreen - Milestone 1

      Description

      For Essentials, we are receiving logs from instances, and are going to also push those logs into the Jenkins Project infrastructure.

      Acceptance criteria:

      As a "selected" plugin developer:

      • I can read the logs sent by the Essentials instances running in the world.
      • I cannot see any other logs than the Essentials ones (i.e. I do not see logs from any service like jenkins.io, ldap or anything else running in the Jenkins K8S cluster)

      By "selected" above, we mean that not every plugin developers are going to be allowed to see those logs, for obvious security reasons.
      Ideally, there should be a dedicated LDAP group in the Jenkins LDAP to offer this access to some people.

      Technical discussion/points (as we just met with Olivier):

      Ideally, to avoid multiplying systems, we would push logs from Essentials Error Telemetry service to Azure Logs Analytics too.
      So, if we can give access to Logs Analytics, while still making visible only the logs that have for instance a "origin=evergreen" tag, that would be perfect. We would then just make sure to add this tag when pushing to the Azure Logs Analytics.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              olblak Olivier Vernin
              Reporter:
              batmat Baptiste Mathus
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: