Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add 'System' Username to Audit Logs Generated with API Requests #1996

Merged
merged 2 commits into from
Sep 30, 2024

Conversation

zackcl
Copy link
Collaborator

@zackcl zackcl commented Sep 30, 2024

Resolves #1983

This PR adds 'System' username to audit logs generated with API requests. This was done by including [email protected] to the payload's email so that the existing systemUserDoc can be used in this case. I had to also include hd to bypass the domain name checking.

payload = {
    hd: env.google.domainName,
    email: '[email protected]',
};

Here's the screenshot of audit logs displaying the logs with 'System' username instead of empty username after this change:
Screenshot 2024-09-30 at 7 08 13 PM

@zackcl zackcl added the enhancement New feature or request label Sep 30, 2024
@zackcl zackcl self-assigned this Sep 30, 2024
@danoswaltCL
Copy link
Collaborator

Better than blank for sure, a google service account "user" does have an email and user-like metadata associated with it though if you want to be more explicit: [email protected]. I'm fine with saying "System" just to not be blank though.

image

@zackcl
Copy link
Collaborator Author

zackcl commented Sep 30, 2024

Better than blank for sure, a google service account "user" does have an email and user-like metadata associated with it though if you want to be more explicit: [email protected]. I'm fine with saying "System" just to not be blank though.

Yeah, that would be better, but I'm not sure how to extract the email from a service account access token.

The tokenInfo (const tokenInfo = await client.getTokenInfo(token);) doesn't include anything like email or name as I checked.

Here's an example:

tokenInfo:  {
    "expiry_date": 1727709292563,
    "scopes": [
        "https://www.googleapis.com/auth/cloud-platform"
    ],
    "azp": "some_digits",
    "aud": "some_digits",
    "exp": "some_digits",
    "access_type": "online"
}

@zackcl zackcl merged commit 838f72d into dev Sep 30, 2024
14 checks passed
@zackcl zackcl deleted the feature/1983-username-audit-logs branch September 30, 2024 14:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add Username to Audit Logs Generated with API Requests
2 participants