Log SSH key details
Right now when a client such as gitlab-shell calls the
/api/v4/internal/allowed
API, the response only tells the client what
user has been granted access, and it's impossible to tell which deploy
key/token was used in the authentication request.
This commit adds logs for the following when available:
-
gl_key_type
(deploy_key
orkey
) gl_key_id
These fields make it possible for admins to identify the exact record that was used to authenticate the user.
API changes in the /internal/allowed
endpoint in
gitlab!37289 (merged) are needed
to support this.
Example JSON:
SSH Key
{
"command": "git-upload-pack",
"git_protocol": "",
"gl_key_type": "key",
"gl_key_id": 11,
"gl_project_path": "root/test",
"gl_repository": "project-261",
"level": "info",
"msg": "executing git command",
"time": "2020-07-20T01:46:59-05:00",
"user_id": "user-1",
"username": "root"
}
Deploy Key
{
"command": "git-upload-pack",
"git_protocol": "",
"gl_key_type": "deploy_key",
"gl_key_id": 19,
"gl_project_path": "root/test",
"gl_repository": "project-261",
"level": "info",
"msg": "executing git command",
"time": "2020-07-20T01:53:10-05:00",
"user_id": "user-1",
"username": "root"
}
Edited by Patrick Bajao