[
https://issues.apache.org/jira/browse/KNOX-3102?focusedWorklogId=959321&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-959321
]
ASF GitHub Bot logged work on KNOX-3102:
----------------------------------------
Author: ASF GitHub Bot
Created on: 28/Feb/25 05:01
Start Date: 28/Feb/25 05:01
Worklog Time Spent: 10m
Work Description: lmccay opened a new pull request, #999:
URL: https://github.com/apache/knox/pull/999
## What changes were proposed in this pull request?
The initial implementation of the RemoteAuthProvider only has the initial
access level audit. We need to add not only the result of the authentication
attempt but also add the correlation id for the audit entries to the call to
the remote auth service so that the audit logs can be correlated.
## How was this patch tested?
Added new unit tests and ran all existing tests.
Manually tested with a single instance and traced the call from through the
initial topology and the "remote" endpoint. Note the correlation id is the same
for all of the entries. This will follow across instances as well.
```
25/02/27 23:53:15
||9f67555c-6561-40fb-ad39-6fa8ac4fa1f9|audit|[0:0:0:0:0:0:0:1]|KNOXTOKEN||||access|uri|/gateway/tokengen/knoxtoken/api/v1/token|unavailable|Request
method: GET
25/02/27 23:53:15
||9f67555c-6561-40fb-ad39-6fa8ac4fa1f9|audit|127.0.0.1|KNOX-AUTH-SERVICE||||access|uri|/gateway/sandbox/auth/api/v1/pre|unavailable|Request
method: GET
25/02/27 23:53:15
||9f67555c-6561-40fb-ad39-6fa8ac4fa1f9|audit|127.0.0.1|KNOX-AUTH-SERVICE|guest|||authentication|uri|/gateway/sandbox/auth/api/v1/pre|success|
25/02/27 23:53:15
||9f67555c-6561-40fb-ad39-6fa8ac4fa1f9|audit|127.0.0.1|KNOX-AUTH-SERVICE|guest|||authentication|uri|/gateway/sandbox/auth/api/v1/pre|success|Groups:
[]
25/02/27 23:53:15
||9f67555c-6561-40fb-ad39-6fa8ac4fa1f9|audit|127.0.0.1|KNOX-AUTH-SERVICE|guest|||identity-mapping|principal|guest|success|Groups:
[]
25/02/27 23:53:15
||9f67555c-6561-40fb-ad39-6fa8ac4fa1f9|audit|127.0.0.1|KNOX-AUTH-SERVICE|guest|||access|uri|/gateway/sandbox/auth/api/v1/pre|success|Response
status: 200
25/02/27 23:53:15
||9f67555c-6561-40fb-ad39-6fa8ac4fa1f9|audit|[0:0:0:0:0:0:0:1]|KNOXTOKEN|guest|||authentication|uri|/gateway/tokengen/knoxtoken/api/v1/token|success|
25/02/27 23:53:15
||9f67555c-6561-40fb-ad39-6fa8ac4fa1f9|audit|[0:0:0:0:0:0:0:1]|KNOXTOKEN|guest|||identity-mapping|principal|guest|success|Groups:
[]
25/02/27 23:53:15
||9f67555c-6561-40fb-ad39-6fa8ac4fa1f9|audit|[0:0:0:0:0:0:0:1]|KNOXTOKEN|guest|||access|uri|/gateway/tokengen/knoxtoken/api/v1/token|success|Response
status: 200
```
Issue Time Tracking
-------------------
Worklog Id: (was: 959321)
Remaining Estimate: 0h
Time Spent: 10m
> Complete Auditing in RemoteAuthProvider
> ---------------------------------------
>
> Key: KNOX-3102
> URL: https://issues.apache.org/jira/browse/KNOX-3102
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Fix For: 2.2.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The initial implementation of the RemoteAuthProvider only has the initial
> access level audit. We need to add not only the result of the authentication
> attempt but also add the correlation id for the audit entries to the call to
> the remote auth service so that the audit logs can be correlated. Perhaps, we
> extend the correlation id that is passed so that we can tell it is part of a
> larger interaction. This needs discussion.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
