Merge pull request #2149 from detiber/audit_config

[master] add support for setting auditConfig

inventory/byo/hosts.origin.example

@@ -436,6 +436,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 #openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"}
 #openshift_node_env_vars={"ENABLE_HTTP2": "true"}
 
+# Enable API service auditing, available as of 1.3
+#openshift_master_audit_config={"basicAuditEnabled": true}
+
 # host group for masters
 [masters]
 ose3-master[1:3]-ansible.test.example.com

inventory/byo/hosts.ose.example

@@ -430,6 +430,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 #openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"}
 #openshift_node_env_vars={"ENABLE_HTTP2": "true"}
 
+# Enable API service auditing, available as of 3.2
+#openshift_master_audit_config={"basicAuditEnabled": true}
+
 # host group for masters
 [masters]
 ose3-master[1:3]-ansible.test.example.com

roles/openshift_master/templates/master.yaml.v1.j2

@@ -39,6 +39,9 @@ assetConfig:
     maxRequestsInFlight: 0
     requestTimeoutSeconds: 0
 {% if openshift_master_ha | bool %}
+{% if openshift.master.audit_config | default(none) is not none and openshift.common.version_gte_3_2_or_1_2 | bool %}
+auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }}
+{% endif %}
 controllerLeaseTTL: {{ openshift.master.controller_lease_ttl | default('30') }}
 {% endif %}
 controllers: '*'

roles/openshift_master_facts/tasks/main.yml

@@ -79,3 +79,4 @@
       max_requests_inflight: "{{ openshift_master_max_requests_inflight | default(None) }}"
       api_env_vars: "{{ openshift_master_api_env_vars | default(None) }}"
       controllers_env_vars: "{{ openshift_master_controllers_env_vars | default(None) }}"
+      audit_config: "{{ openshift_master_audit_config | default(None) }}"