Audit log: log actor on successful login attempt

[david-crespo]

Followup to #7339.

Currently for login attempts, we do not log any actor because we do not know who they are until after they've logged in, and we only set the actor during audit log entry initialization. We should log who they turned out to be. Closely related to #8811 because both require us to come up with a cute generic way of extracting certain bits of information from the result of an operation.

omicron/nexus/src/app/audit_log.rs

Lines 73 to 85 in 6ab7e96

	/// For authenticated operations, we can pull the actor out of the opctx
	/// and have it be the actor we intend (the user). For unauthenticated
	/// requests like login attempts, the actor on the opctx is the built-in
	/// external-authenticator user, which would be misleading to consider the
	/// actor for the request. So for those operations we ignore the opctx.
	pub(crate) async fn audit_log_entry_init_unauthed(
	&self,
	opctx: &OpContext,
	rqctx: &RequestContext<ApiContext>,
	) -> CreateResult<AuditLogEntryInit> {
	let actor = AuditLogActor::Unauthenticated;
	self.audit_log_entry_init_inner(&opctx, actor, rqctx).await
	}

You could also imagine that for failed login attempts, we want to know who they were trying to log in as. However, for SAML login this may not be meaningful as we only get the request from the IdP after login was successful over there, but for password login we could log the username.

[inickles]

Followup to #7339.

Currently for login attempts, we do not log any actor because we do not know who they are until after they've logged in, and we only set the actor during audit log entry initialization. We should log who they turned out to be. Closely related to #8811 because both require us to come up with a cute generic way of extracting certain bits of information from the result of an operation.

IMO it would be more clear to put the info about the authenticated user in the results field than the actor field, including the non-secret credential ID that was created at the time. Also, I'm kind of thinking it might be more clear to just drop the actor field whenever the value is unauthenticated, but I don't have strong opinions about that.

You could also imagine that for failed login attempts, we want to know who they were trying to log in as. However, for SAML login this may not be meaningful as we only get the request from the IdP after login was successful over there, but for password login we could log the username.

Agreed, logging the attempted username would be useful.