1. Proposed title of this feature request User activity tracking 3. What is the nature and description of the request? Customer would like a way to keep track of user activity. The question they want to be able to answer is, "When was the last time a user was active, ran a command or used the web console". The idea is to be able to set up monitoring to alert the administrator if a user has not been active for some period of time. 4. Why does the customer need this? (List the business requirements here) In case a developer leaves the department or company, or otherwise is no longer using OpenShift for other business reasons, they want to be alerted after the user has been inactive. Thus they can "deactivate" the user (or remove permissions from the user). 5. How would the customer like to achieve this? (List the functional requirements here) This could be achieved, perhaps, by updating the user's api object with a timestamp when they make an api call. Then you could check with "oc get user -o yaml <username>" to see the last datetime of user activity. 6. For each functional requirement listed in question 5, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented. Perform a cli or web console command: $ oc get pod Check the user $ oc get user -o yaml <username> | grep lastActive 7. Is there already an existing RFE upstream or in Red Hat bugzilla? No
So far I have not found a workaround other than using audit logging, although audit logging can be quite verbose. If there are any other places we track user activity that I am missing we could possibly use that as a workaround.
This will be available in 3.8. This was pulled in rebase [1], docs are updated in [2]. [1] https://github.com/openshift/origin/pull/17115 [2] https://github.com/openshift/openshift-docs/pull/6496
Delivered via the central auditing feature in OCP 3.9.