Details
-
Feature Request
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
None
-
False
-
False
-
0
-
0%
-
Undefined
Description
1. Proposed title of this feature request
Log source ip in oauth debug logging
2. What is the nature and description of the request?
When enabling debug logging for the authentication pods, messages like below are stored in the logs:
$ oc logs oauth-openshift-7ddc657f69-m8xbn
I0217 08:23:56.354387 1 login.go:182] Login with provider "htpasswd_myusers" succeeded for "developer1": &user.DefaultInfo{Name:"developer1", UID:"5853541a-8ab6-4cf2-8822-d93348825ecb", Groups:[]string(nil), Extra:map[string][]string(nil)} ...
I0217 08:25:41.071003 1 login.go:177] Login with provider "htpasswd_myusers" failed for "developer1" ...
I0217 08:26:51.765063 1 login.go:177] Login with provider "htpasswd_myusers" failed for "test2"
Although these are certainly useful, the customer would like to also track the source ip of the original request. In cases where multiple login failures occur, they would like to be able to track where the failed requests come from. Although other logs in the oauth pod show source ip address (such as for HTTP requests), we cannot guarantee that the preceding logs with the source ip address are actually tied to the "Login with provider" messages.
3. Why does the customer need this? (List the business requirements here)
Security requirements
