When running on an openshift clusters two additional fields are presented in the event object in form annotations named authentication.openshift.io/decision and authentication.openshift.io/username.
These fields can currently not be parsed byt the k8saudit plugin and not used in filters or messages.
Feature
Please support additional openshift annotiations in the k8splugin to all creation of specific rules that operate on these fields.
I suggest the following field names an will open a pull request with a sample implementation
Additional fields should be safe to add even for clusters that are not openshift - these fields will only have meaning on clusters exposing the annotations.
Motivation
When running on an openshift clusters two additional fields are presented in the event object in form annotations named
authentication.openshift.io/decision
andauthentication.openshift.io/username
.These fields can currently not be parsed byt the k8saudit plugin and not used in filters or messages.
Feature
Please support additional openshift annotiations in the k8splugin to all creation of specific rules that operate on these fields.
I suggest the following field names an will open a pull request with a sample implementation
Additional fields should be safe to add even for clusters that are not openshift - these fields will only have meaning on clusters exposing the annotations.
Additional context Example login event