Annotate audit log entries with ID of credential used to perform the request
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Proposal
As an admin I would like to be able to filter audit logs based on the the unique ID of the credential used in the request (personal/projct/group access tokens, or session token) so that I can correlate all actions taken with that credential.
I have recently had to do an investigation into our Gitlab instance (self-hosted) to find out how personal/project access tokens are being used across the company. Whilst I can see audit events for token creation and revocation (which include useful information such as the author, api scopes, project scopes etc) I cannot use the ID of the resulting token to see what was subsequently done with it. Subsequent events are merely assigned to a user.
For example "custom_message":"Created personal access token with id 943" is issued when a PAT was created, but the ID 943 does not appear in any events where this token was used to authenticate the request.
I have not delved into the code to see how this is implemented, but from reviewing the logs it seems like all forms of token are assigned an ID which is a monotonically increasing integer across the entire Gitlab instance. I don't know if session or job tokens differ? If they also follow a similar scheme then it would be great to have the IDs of those credentials logged as well for complete visibility.
For my own use case I don't need this information exposed in the UI, just so long as I can use jq on it in any exported logs.