log sts host instead of global/regional

kubernetes-sigs · Nov 13, 2024 · 95f5bb8 · 95f5bb8
1 parent 7770163
commit 95f5bb8
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 14 deletions.
diff --git a/pkg/server/server.go b/pkg/server/server.go
@@ -344,12 +344,12 @@ func (h *handler) authenticateEndpoint(w http.ResponseWriter, req *http.Request)
 
 	if h.isLoggableIdentity(identity) {
 		log.WithFields(logrus.Fields{
-			"accesskeyid":     identity.AccessKeyID,
-			"arn":             identity.ARN,
-			"accountid":       identity.AccountID,
-			"userid":          identity.UserID,
-			"session":         identity.SessionName,
-			"stsendpointtype": identity.STSEndpointType,
+			"accesskeyid": identity.AccessKeyID,
+			"arn":         identity.ARN,
+			"accountid":   identity.AccountID,
+			"userid":      identity.UserID,
+			"session":     identity.SessionName,
+			"stsendpoint": identity.STSEndpoint,
 		}).Info("STS response")
 
 		// look up the ARN in each of our mappings to fill in the username and groups
@@ -373,10 +373,10 @@ func (h *handler) authenticateEndpoint(w http.ResponseWriter, req *http.Request)
 
 	// the token is valid and the role is mapped, return success!
 	log.WithFields(logrus.Fields{
-		"username":        username,
-		"uid":             uid,
-		"groups":          groups,
-		"stsendpointtype": identity.STSEndpointType,
+		"username":    username,
+		"uid":         uid,
+		"groups":      groups,
+		"stsendpoint": identity.STSEndpoint,
 	}).Info("access granted")
 	metrics.Get().Latency.WithLabelValues(metrics.Success).Observe(duration(start))
 	w.WriteHeader(http.StatusOK)

diff --git a/pkg/token/token.go b/pkg/token/token.go
@@ -79,8 +79,8 @@ type Identity struct {
 	// if the individual assumed an IAM role before making the request.
 	AccessKeyID string
 
-	// ASW STS endpoint type(global/regional) used to authenticate (expected values sts_global/sts_regional)
-	STSEndpointType string
+	// ASW STS endpoint (global/regional) used to authenticate (expected values sts_global/sts_regional)
+	STSEndpoint string
 }
 
 const (
@@ -608,8 +608,8 @@ func (v tokenVerifier) Verify(token string) (*Identity, error) {
 	}
 
 	id := &Identity{
-		AccessKeyID:     accessKeyID,
-		STSEndpointType: stsEndpointType,
+		AccessKeyID: accessKeyID,
+		STSEndpoint: parsedURL.Host,
 	}
 	return getIdentityFromSTSResponse(id, callerIdentity)
 }