Switch to the advanced audit backend

[soltysh]

Fixes #15271.

@deads2k || @sttts for wiring
@smarterclayton for api change

There are a few changes when turning on the new audit:

1. one line instead of two (previously we've logged the response on separate line), see old and new:

AUDIT: id="ac14f7c8-1891-4551-9da4-e5075e9d89c6" stage="ResponseComplete" ip="127.0.0.1" method="list" user="test-admin" groups="\"system:authenticated:oauth\",\"system:authenticated\"" as="<self>" asgroups="<lookup>" namespace="test" uri="/api/v1/namespaces/test/pods" response="200"

2. the method changed from HTTP action to actual operation performed
3. there's a new field stage showing when the event was generated

I'll open a separate PR enabling other alpha features after I sync with @mpbarrett

[openshift-merge-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: soltysh
We suggest the following additional approver: deads2k

Assign the PR to them by writing /assign @deads2k in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

• pkg/cmd/OWNERS

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

[sttts]

Can we backport the json file output as well? I would rather set json as default than introducing another incompatible unstructured format.

[sttts]

Here it is: kubernetes/kubernetes#48605

[soltysh]

Can we backport the json file output as well? I would rather set json as default than introducing another incompatible unstructured format.

That's reasonable. I'd like to enable the new audit first and then in a separate PR I'll work on the addons which we want to enable.

[soltysh]

/retest

[soltysh]

I got a verbal approval of this change from @smarterclayton and @pweil- I'm applying the necessary labels manually to push this forward.

[openshift-merge-robot]

/test all [submit-queue is verifying that this PR is safe to merge]

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-merge-robot]

/test all [submit-queue is verifying that this PR is safe to merge]

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-merge-robot]

/test all [submit-queue is verifying that this PR is safe to merge]

[openshift-ci-robot]

@soltysh: The following tests failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
ci/openshift-jenkins/extended_conformance_gce	d0bbf8e	link	/test extended_conformance_gce
ci/openshift-jenkins/extended_conformance_install_update	d0bbf8e	link	/test extended_conformance_install_update

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-merge-robot]

Automatic merge from submit-queue (batch tested with PRs 15657, 15748)