Bug 1415836

Summary: [RFE] Keep track of user's last activity / Inactive user monitoring
Product: OpenShift Container Platform Reporter: Steven Walter <stwalter>
Component: RFEAssignee: Maciej Szulik <maszulik>
Status: CLOSED NEXTRELEASE QA Contact: ge liu <geliu>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.3.0CC: aos-bugs, decarr, erich, jokerman, maszulik, mbarrett, mmccomas, sjr, wsun
Target Milestone: ---   
Target Release: 3.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-14 04:00:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Steven Walter 2017-01-23 21:31:01 UTC 
1. Proposed title of this feature request
User activity tracking

3. What is the nature and description of the request?

 Customer would like a way to keep track of user activity. The question they want to be able to answer is, "When was the last time a user was active, ran a command or used the web console". The idea is to be able to set up monitoring to alert the administrator if a user has not been active for some period of time.

4. Why does the customer need this? (List the business requirements here)

 In case a developer leaves the department or company, or otherwise is no longer using OpenShift for other business reasons, they want to be alerted after the user has been inactive. Thus they can "deactivate" the user (or remove permissions from the user).

5. How would the customer like to achieve this? (List the functional requirements here)

 This could be achieved, perhaps, by updating the user's api object with a timestamp when they make an api call. Then you could check with "oc get user -o yaml <username>" to see the last datetime of user activity.

6. For each functional requirement listed in question 5, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.

 Perform a cli or web console command:
$ oc get pod
 Check the user
$ oc get user -o yaml <username> | grep lastActive


7. Is there already an existing RFE upstream or in Red Hat bugzilla?
 No
Comment 2 Steven Walter 2017-01-23 21:34:35 UTC 
So far I have not found a workaround other than using audit logging, although audit logging can be quite verbose. If there are any other places we track user activity that I am missing we could possibly use that as a workaround.
Comment 8 Maciej Szulik 2017-11-28 12:26:21 UTC 
This will be available in 3.8. This was pulled in rebase [1], docs are updated in [2].

[1] https://github.com/openshift/origin/pull/17115
[2] https://github.com/openshift/openshift-docs/pull/6496
Comment 13 Mike Barrett 2018-02-14 04:00:12 UTC 
Delivered via the central auditing feature in OCP 3.9.