Log SSH key detailssh-log-ssh-key-details

Right now when a client such as gitlab-shell calls the `/api/v4/internal/allowed` API, the response only tells the client what user has been granted access, and it's impossible to tell which deploy key/token was used in the authentication request. This commit adds logs for the following when available: 1. `gl_key_type` (e.g. `deploy_key` or `key`) 2. `gl_key_id` These fields make it possible for admins to identify the exact record that was used to authenticate the user. API changes in the `/internal/allowed` endpoint in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/37289 are needed to support this. Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/203
author: Stan Hu <stanhu@gmail.com> 2020-07-19 23:24:32 -0700
committer: Stan Hu <stanhu@gmail.com> 2020-07-21 15:24:24 -0700
commit: 35c1f6cf6436a95eeeb59b6b0d9d6f71dcbf59a2 (patch)
tree: 44d6b8ac6a75adc162589a14349396dc86e6f075 /internal/handler
parent: b3f6fcdb77a3d047ce8b02e9a0faf32e5a244c92 (diff)
download: gitlab-shell-sh-log-ssh-key-details.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/internal/handler/exec.go b/internal/handler/exec.go
index d6e06aa..865dc5d 100644
--- a/internal/handler/exec.go
+++ b/internal/handler/exec.go
@@ -64,6 +64,8 @@ func (gc *GitalyCommand) LogExecution(repository *pb.Repository, response *acces
 		"user_id":         response.UserId,
 		"username":        response.Username,
 		"git_protocol":    protocol,
+		"gl_key_type":     response.KeyType,
+		"gl_key_id":       response.KeyId,
 	}
 
 	log.WithFields(fields).Info("executing git command")
author	Stan Hu <stanhu@gmail.com>	2020-07-19 23:24:32 -0700
committer	Stan Hu <stanhu@gmail.com>	2020-07-21 15:24:24 -0700
commit	35c1f6cf6436a95eeeb59b6b0d9d6f71dcbf59a2 (patch)
tree	44d6b8ac6a75adc162589a14349396dc86e6f075 /internal/handler
parent	b3f6fcdb77a3d047ce8b02e9a0faf32e5a244c92 (diff)
download	gitlab-shell-sh-log-ssh-key-details.tar.gz