Kubernetes, which is the basis of OpenShift, already has audit logging for API calls, and an extension proposal is up.
We need to make sure we can correlate the tlog and aushape logs with Kubernetes API calls, so that it is possible to see the effect the recorded terminal session had on Kubernetes/OpenShift.
I sent a question to kubernetes-dev maillist and got a suggestion to pass any necessary identifying information in the bearer token, joining any authenticating information there. So far I presume that would require providing a wrapper to kubectl, and making sure that modified wrapper is used, instead of the basic kubectl, or just an HTTP client, such as cURL. I don't think the latter part is practical, but perhaps if we make our route easy, and users prefer it, then that will be good enough.
Kubernetes, which is the basis of OpenShift, already has audit logging for API calls, and an extension proposal is up.
We need to make sure we can correlate the tlog and aushape logs with Kubernetes API calls, so that it is possible to see the effect the recorded terminal session had on Kubernetes/OpenShift.
I sent a question to kubernetes-dev maillist and got a suggestion to pass any necessary identifying information in the bearer token, joining any authenticating information there. So far I presume that would require providing a wrapper to kubectl, and making sure that modified wrapper is used, instead of the basic kubectl, or just an HTTP client, such as cURL. I don't think the latter part is practical, but perhaps if we make our route easy, and users prefer it, then that will be good enough.