Bug 1763816

Summary: [RFE] Report which users access the API
Product: Red Hat Satellite Reporter: Stephen Hobbs <shobbs>
Component: ReportingAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED ERRATA QA Contact: Lukáš Hellebrandt <lhellebr>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.5.0CC: bkearney, egolov, inecas, mhulan, nkathole, oprazak, snemeth
Target Milestone: 6.8.0Keywords: FutureFeature, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: foreman-2.0.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-27 12:59:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stephen Hobbs 2019-10-21 16:39:58 UTC 
Description of problem:
I’m able to query user access to Satellite using /api/v2/users and able to get last_login_on value, however, this only seems to record when a user accesses the GUI.  I’m looking to see if there is a way to record when a user accesses API as well.

Expected results:
Run a report to track which user accounts are accessing the API.


Additional info:
Customer is looking to implement a "use it or lose it" policy for accessing the API.
Comment 3 Marek Hulan 2019-10-31 15:25:25 UTC 
Created redmine issue https://projects.theforeman.org/issues/28168 from this bug
Comment 6 Marek Hulan 2019-11-12 14:33:51 UTC 
*** Bug 1765052 has been marked as a duplicate of this bug. ***
Comment 8 Bryan Kearney 2019-12-05 17:00:25 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/28168 has been resolved.
Comment 9 Lukáš Hellebrandt 2020-06-10 10:46:37 UTC 
Verified with Sat 6.8 snap 3.0.

Created a new user. Last login was empty. Then, with this user:
1) Logged in in WebUI
2) Listed hosts through Hammer
3) Listed hosts through API
After each action, last login got updated to current time in the "User - Registered Users" report.
Comment 12 errata-xmlrpc 2020-10-27 12:59:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.8 release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:4366