Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-1838

Request source ip for logins in debug log of authentication pods

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None
    • False
    • False
    • Undefined

      1. Proposed title of this feature request

      Log source ip in oauth debug logging

      2. What is the nature and description of the request?

      When enabling debug logging for the authentication pods, messages like below are stored in the logs:

       

       
$ oc logs oauth-openshift-7ddc657f69-m8xbn
I0217 08:23:56.354387 1 login.go:182] Login with provider "htpasswd_myusers" succeeded for "developer1": &user.DefaultInfo{Name:"developer1", UID:"5853541a-8ab6-4cf2-8822-d93348825ecb", Groups:[]string(nil), Extra:map[string][]string(nil)} ...
I0217 08:25:41.071003 1 login.go:177] Login with provider "htpasswd_myusers" failed for "developer1" ...
I0217 08:26:51.765063 1 login.go:177] Login with provider "htpasswd_myusers" failed for "test2"
 

      Although these are certainly useful, the customer would like to also track the source ip of the original request. In cases where multiple login failures occur, they would like to be able to track where the failed requests come from. Although other logs in the oauth pod show source ip address (such as for HTTP requests), we cannot guarantee that the preceding logs with the source ip address are actually tied to the "Login with provider" messages.

      3. Why does the customer need this? (List the business requirements here)

      Security requirements

       

            sttts@redhat.com Stefan Schimanski (Inactive)
            anachand Anandnatraj Chandramohan (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: