From 633da25843d68ea377ddf35010d9849203d04fb3 Mon Sep 17 00:00:00 2001
From: Alex Collins <alexec@users.noreply.github.com>
Date: Thu, 18 Feb 2021 14:55:03 -0800
Subject: [PATCH] feat(server): Write an audit log entry for SSO users (#5145)

Signed-off-by: Alex Collins <alex_collins@intuit.com>
---
 server/auth/gatekeeper.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/server/auth/gatekeeper.go b/server/auth/gatekeeper.go
index a7c65150dbd5..80686d60d3f3 100644
--- a/server/auth/gatekeeper.go
+++ b/server/auth/gatekeeper.go
@@ -174,6 +174,8 @@ func (s gatekeeper) getClients(ctx context.Context) (*servertypes.Clients, *type
 			}
 			return clients, claims, nil
 		} else {
+			// important! write an audit entry (i.e. log entry) so we know which user performed an operation
+			log.WithFields(log.Fields{"subject": claims.Subject}).Info("using the default service account for user")
 			return s.clients, claims, nil
 		}
 	default:
@@ -230,6 +232,7 @@ func (s *gatekeeper) rbacAuthorization(ctx context.Context, claims *types.Claims
 			return nil, err
 		}
 		claims.ServiceAccountName = serviceAccount.Name
+		// important! write an audit entry (i.e. log entry) so we know which user performed an operation
 		log.WithFields(log.Fields{"serviceAccount": serviceAccount.Name, "subject": claims.Subject}).Info("selected SSO RBAC service account for user")
 		return clients, nil
 	}