Bug 1415836 - [RFE] Keep track of user's last activity / Inactive user monitoring
Summary: [RFE] Keep track of user's last activity / Inactive user monitoring
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 3.9.0
Assignee: Maciej Szulik
QA Contact: ge liu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-23 21:31 UTC by Steven Walter
Modified: 2020-03-11 15:38 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-02-14 04:00:12 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Steven Walter 2017-01-23 21:31:01 UTC
1. Proposed title of this feature request
User activity tracking

3. What is the nature and description of the request?

 Customer would like a way to keep track of user activity. The question they want to be able to answer is, "When was the last time a user was active, ran a command or used the web console". The idea is to be able to set up monitoring to alert the administrator if a user has not been active for some period of time.

4. Why does the customer need this? (List the business requirements here)

 In case a developer leaves the department or company, or otherwise is no longer using OpenShift for other business reasons, they want to be alerted after the user has been inactive. Thus they can "deactivate" the user (or remove permissions from the user).

5. How would the customer like to achieve this? (List the functional requirements here)

 This could be achieved, perhaps, by updating the user's api object with a timestamp when they make an api call. Then you could check with "oc get user -o yaml <username>" to see the last datetime of user activity.

6. For each functional requirement listed in question 5, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.

 Perform a cli or web console command:
$ oc get pod
 Check the user
$ oc get user -o yaml <username> | grep lastActive


7. Is there already an existing RFE upstream or in Red Hat bugzilla?
 No

Comment 2 Steven Walter 2017-01-23 21:34:35 UTC
So far I have not found a workaround other than using audit logging, although audit logging can be quite verbose. If there are any other places we track user activity that I am missing we could possibly use that as a workaround.

Comment 8 Maciej Szulik 2017-11-28 12:26:21 UTC
This will be available in 3.8. This was pulled in rebase [1], docs are updated in [2].

[1] https://github.com/openshift/origin/pull/17115
[2] https://github.com/openshift/openshift-docs/pull/6496

Comment 13 Mike Barrett 2018-02-14 04:00:12 UTC
Delivered via the central auditing feature in OCP 3.9.


Note You need to log in before you can comment on or make changes to this bug.