Log SSH key details (!398) · Merge requests · GitLab.org / gitlab-shell

Stan Hu requested to merge sh-log-ssh-key-details into master Jul 20, 2020

Right now when a client such as gitlab-shell calls the /api/v4/internal/allowed API, the response only tells the client what user has been granted access, and it's impossible to tell which deploy key/token was used in the authentication request.

This commit adds logs for the following when available:

gl_key_type (deploy_key or key)
gl_key_id

These fields make it possible for admins to identify the exact record that was used to authenticate the user.

API changes in the /internal/allowed endpoint in gitlab!37289 (merged) are needed to support this.

Example JSON:

SSH Key

{
  "command": "git-upload-pack",
  "git_protocol": "",
  "gl_key_type": "key",
  "gl_key_id": 11,
  "gl_project_path": "root/test",
  "gl_repository": "project-261",
  "level": "info",
  "msg": "executing git command",
  "time": "2020-07-20T01:46:59-05:00",
  "user_id": "user-1",
  "username": "root"
}

Deploy Key

{
  "command": "git-upload-pack",
  "git_protocol": "",
  "gl_key_type": "deploy_key",
  "gl_key_id": 19,
  "gl_project_path": "root/test",
  "gl_repository": "project-261",
  "level": "info",
  "msg": "executing git command",
  "time": "2020-07-20T01:53:10-05:00",
  "user_id": "user-1",
  "username": "root"
}

#203 (closed)

Edited Jul 21, 2020 by Patrick Bajao

Log SSH key details

SSH Key

Deploy Key

Merge request reports