diff options
| author | Stan Hu <stanhu@gmail.com> | 2020-07-19 23:24:32 -0700 | 
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2020-07-21 15:24:24 -0700 | 
| commit | 35c1f6cf6436a95eeeb59b6b0d9d6f71dcbf59a2 (patch) | |
| tree | 44d6b8ac6a75adc162589a14349396dc86e6f075 /internal/command | |
| parent | b3f6fcdb77a3d047ce8b02e9a0faf32e5a244c92 (diff) | |
| download | gitlab-shell-sh-log-ssh-key-details.tar.gz | |
Log SSH key detailssh-log-ssh-key-details
Right now when a client such as gitlab-shell calls the
`/api/v4/internal/allowed` API, the response only tells the client what
user has been granted access, and it's impossible to tell which deploy
key/token was used in the authentication request.
This commit adds logs for the following when available:
1. `gl_key_type` (e.g. `deploy_key` or `key`)
2. `gl_key_id`
These fields make it possible for admins to identify the exact record
that was used to authenticate the user.
API changes in the `/internal/allowed` endpoint in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/37289 are needed
to support this.
Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/203
Diffstat (limited to 'internal/command')
| -rw-r--r-- | internal/command/receivepack/gitalycall_test.go | 2 | ||||
| -rw-r--r-- | internal/command/uploadarchive/gitalycall_test.go | 2 | ||||
| -rw-r--r-- | internal/command/uploadpack/gitalycall_test.go | 3 | 
3 files changed, 7 insertions, 0 deletions
| diff --git a/internal/command/receivepack/gitalycall_test.go b/internal/command/receivepack/gitalycall_test.go index 0cfbf5c..d3f687c 100644 --- a/internal/command/receivepack/gitalycall_test.go +++ b/internal/command/receivepack/gitalycall_test.go @@ -49,4 +49,6 @@ func TestReceivePack(t *testing.T) {  	require.Equal(t, logrus.InfoLevel, entries[1].Level)  	require.Contains(t, entries[1].Message, "executing git command")  	require.Contains(t, entries[1].Message, "command=git-receive-pack") +	require.Contains(t, entries[1].Message, "gl_key_type=key") +	require.Contains(t, entries[1].Message, "gl_key_id=123")  } diff --git a/internal/command/uploadarchive/gitalycall_test.go b/internal/command/uploadarchive/gitalycall_test.go index 488c390..eaeb2b7 100644 --- a/internal/command/uploadarchive/gitalycall_test.go +++ b/internal/command/uploadarchive/gitalycall_test.go @@ -49,4 +49,6 @@ func TestUploadPack(t *testing.T) {  	require.Equal(t, logrus.InfoLevel, entries[1].Level)  	require.Contains(t, entries[1].Message, "executing git command")  	require.Contains(t, entries[1].Message, "command=git-upload-archive") +	require.Contains(t, entries[1].Message, "gl_key_type=key") +	require.Contains(t, entries[1].Message, "gl_key_id=123")  } diff --git a/internal/command/uploadpack/gitalycall_test.go b/internal/command/uploadpack/gitalycall_test.go index cf3e621..234319f 100644 --- a/internal/command/uploadpack/gitalycall_test.go +++ b/internal/command/uploadpack/gitalycall_test.go @@ -45,6 +45,8 @@ func TestUploadPack(t *testing.T) {  	assert.Equal(t, 2, len(entries))  	require.Contains(t, entries[1].Message, "executing git command")  	require.Contains(t, entries[1].Message, "command=git-upload-pack") +	require.Contains(t, entries[1].Message, "gl_key_type=key") +	require.Contains(t, entries[1].Message, "gl_key_id=123")  	for k, v := range map[string]string{  		"gitaly-feature-cache_invalidator":        "true", @@ -55,4 +57,5 @@ func TestUploadPack(t *testing.T) {  		assert.Equal(t, v, actual[0])  	}  	assert.Empty(t, testServer.ReceivedMD["some-other-ff"]) +  } | 
