diff --git a/lib/auth/auth_with_roles.go b/lib/auth/auth_with_roles.go index 79575140bd268..aab4709018164 100644 --- a/lib/auth/auth_with_roles.go +++ b/lib/auth/auth_with_roles.go @@ -2222,11 +2222,7 @@ func enforceEnterpriseJoinMethodCreation(token types.ProvisionToken) error { // emitTokenEvent is called by Create/Upsert Token in order to emit any relevant // events. -func emitTokenEvent( - ctx context.Context, - e apievents.Emitter, - roles types.SystemRoles, - joinMethod types.JoinMethod, +func emitTokenEvent(ctx context.Context, e apievents.Emitter, token types.ProvisionToken, ) { userMetadata := authz.ClientUserMetadata(ctx) if err := e.EmitAuditEvent(ctx, &apievents.ProvisionTokenCreate{ @@ -2234,9 +2230,14 @@ func emitTokenEvent( Type: events.ProvisionTokenCreateEvent, Code: events.ProvisionTokenCreateCode, }, + ResourceMetadata: apievents.ResourceMetadata{ + Name: token.GetSafeName(), + Expires: token.Expiry(), + UpdatedBy: userMetadata.GetUser(), + }, UserMetadata: userMetadata, - Roles: roles, - JoinMethod: joinMethod, + Roles: token.GetRoles(), + JoinMethod: token.GetJoinMethod(), }); err != nil { log.WithError(err).Warn("Failed to emit join token create event.") } @@ -2260,12 +2261,11 @@ func (a *ServerWithRoles) UpsertToken(ctx context.Context, token types.Provision return trace.Wrap(err) } - emitTokenEvent(ctx, a.authServer.emitter, token.GetRoles(), token.GetJoinMethod()) + emitTokenEvent(ctx, a.authServer.emitter, token) return nil } func (a *ServerWithRoles) CreateToken(ctx context.Context, token types.ProvisionToken) error { - jm := token.GetJoinMethod() if err := a.action(apidefaults.Namespace, types.KindToken, types.VerbCreate); err != nil { return trace.Wrap(err) } @@ -2282,7 +2282,7 @@ func (a *ServerWithRoles) CreateToken(ctx context.Context, token types.Provision return trace.Wrap(err) } - emitTokenEvent(ctx, a.authServer.emitter, token.GetRoles(), jm) + emitTokenEvent(ctx, a.authServer.emitter, token) return nil } diff --git a/lib/auth/tls_test.go b/lib/auth/tls_test.go index cf5b3d998059a..5c1597f35b6d7 100644 --- a/lib/auth/tls_test.go +++ b/lib/auth/tls_test.go @@ -4356,6 +4356,10 @@ func TestGRPCServer_CreateTokenV2(t *testing.T) { Type: events.ProvisionTokenCreateEvent, Code: events.ProvisionTokenCreateCode, }, + ResourceMetadata: eventtypes.ResourceMetadata{ + Name: "*******", + UpdatedBy: "token-creator", + }, UserMetadata: eventtypes.UserMetadata{ User: "token-creator", UserKind: eventtypes.UserKind_USER_KIND_HUMAN, @@ -4385,6 +4389,10 @@ func TestGRPCServer_CreateTokenV2(t *testing.T) { Type: events.ProvisionTokenCreateEvent, Code: events.ProvisionTokenCreateCode, }, + ResourceMetadata: eventtypes.ResourceMetadata{ + Name: "*****************luster", + UpdatedBy: "token-creator", + }, UserMetadata: eventtypes.UserMetadata{ User: "token-creator", UserKind: eventtypes.UserKind_USER_KIND_HUMAN, @@ -4507,6 +4515,10 @@ func TestGRPCServer_UpsertTokenV2(t *testing.T) { Type: events.ProvisionTokenCreateEvent, Code: events.ProvisionTokenCreateCode, }, + ResourceMetadata: eventtypes.ResourceMetadata{ + Name: "*******", + UpdatedBy: "token-upserter", + }, UserMetadata: eventtypes.UserMetadata{ User: "token-upserter", UserKind: eventtypes.UserKind_USER_KIND_HUMAN, @@ -4536,6 +4548,10 @@ func TestGRPCServer_UpsertTokenV2(t *testing.T) { Type: events.ProvisionTokenCreateEvent, Code: events.ProvisionTokenCreateCode, }, + ResourceMetadata: eventtypes.ResourceMetadata{ + Name: "*****************luster", + UpdatedBy: "token-upserter", + }, UserMetadata: eventtypes.UserMetadata{ User: "token-upserter", UserKind: eventtypes.UserKind_USER_KIND_HUMAN, @@ -4567,6 +4583,10 @@ func TestGRPCServer_UpsertTokenV2(t *testing.T) { Type: events.ProvisionTokenCreateEvent, Code: events.ProvisionTokenCreateCode, }, + ResourceMetadata: eventtypes.ResourceMetadata{ + Name: "**************", + UpdatedBy: "token-upserter", + }, UserMetadata: eventtypes.UserMetadata{ User: "token-upserter", UserKind: eventtypes.UserKind_USER_KIND_HUMAN,