Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include info about calling user in logs #645

Open
nilsgstrabo opened this issue Jun 25, 2024 · 0 comments
Open

Include info about calling user in logs #645

nilsgstrabo opened this issue Jun 25, 2024 · 0 comments
Assignees
@Richard87

Comments

@nilsgstrabo
Copy link
Contributor

nilsgstrabo commented Jun 25, 2024
edited by emirgens
Loading

We should include info about the user/SP/anonymous that performs a request, for example in a new field "user"
This info can be extracted from the JWT token, and we should try the following claims in order: upn -> oid -> sub (always present). Log which claim was used in "user_claim". Perhaps there are other claims of interest, like idtyp?

This information is useful when debugging issues reported by users. We can easily filter logs related to a specific user. IT is also required in order to investigate security related events.

We should also validate the bearer token instead of just trusting the authnz of Kubernetes. No need to forward the request if token is not valid.

DoD
In log entry, the user (username) can be identified.
Log: ContainerLog (from radix-api, radix-log-api, vulnerability-scan-api, servicenow-api)
@nilsgstrabo nilsgstrabo changed the title Include info about caller in logs Include info about calling user in logs Jun 25, 2024
@Richard87 Richard87 self-assigned this Sep 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Richard87 Richard87

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Richard87 @emirgens @nilsgstrabo