From 95f5bb876481eff8cfcdec215b250cd77e774fee Mon Sep 17 00:00:00 2001
From: Sushanth T <sushanqt@amazon.com>
Date: Tue, 15 Oct 2024 20:55:56 +0000
Subject: [PATCH] log sts host instead of global/regional

---
 pkg/server/server.go | 20 ++++++++++----------
 pkg/token/token.go   |  8 ++++----
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/pkg/server/server.go b/pkg/server/server.go
index 44f19ba5a..7646b8ce8 100644
--- a/pkg/server/server.go
+++ b/pkg/server/server.go
@@ -344,12 +344,12 @@ func (h *handler) authenticateEndpoint(w http.ResponseWriter, req *http.Request)
 
 	if h.isLoggableIdentity(identity) {
 		log.WithFields(logrus.Fields{
-			"accesskeyid":     identity.AccessKeyID,
-			"arn":             identity.ARN,
-			"accountid":       identity.AccountID,
-			"userid":          identity.UserID,
-			"session":         identity.SessionName,
-			"stsendpointtype": identity.STSEndpointType,
+			"accesskeyid": identity.AccessKeyID,
+			"arn":         identity.ARN,
+			"accountid":   identity.AccountID,
+			"userid":      identity.UserID,
+			"session":     identity.SessionName,
+			"stsendpoint": identity.STSEndpoint,
 		}).Info("STS response")
 
 		// look up the ARN in each of our mappings to fill in the username and groups
@@ -373,10 +373,10 @@ func (h *handler) authenticateEndpoint(w http.ResponseWriter, req *http.Request)
 
 	// the token is valid and the role is mapped, return success!
 	log.WithFields(logrus.Fields{
-		"username":        username,
-		"uid":             uid,
-		"groups":          groups,
-		"stsendpointtype": identity.STSEndpointType,
+		"username":    username,
+		"uid":         uid,
+		"groups":      groups,
+		"stsendpoint": identity.STSEndpoint,
 	}).Info("access granted")
 	metrics.Get().Latency.WithLabelValues(metrics.Success).Observe(duration(start))
 	w.WriteHeader(http.StatusOK)
diff --git a/pkg/token/token.go b/pkg/token/token.go
index 73b478dc3..fe0c74a8c 100644
--- a/pkg/token/token.go
+++ b/pkg/token/token.go
@@ -79,8 +79,8 @@ type Identity struct {
 	// if the individual assumed an IAM role before making the request.
 	AccessKeyID string
 
-	// ASW STS endpoint type(global/regional) used to authenticate (expected values sts_global/sts_regional)
-	STSEndpointType string
+	// ASW STS endpoint (global/regional) used to authenticate (expected values sts_global/sts_regional)
+	STSEndpoint string
 }
 
 const (
@@ -608,8 +608,8 @@ func (v tokenVerifier) Verify(token string) (*Identity, error) {
 	}
 
 	id := &Identity{
-		AccessKeyID:     accessKeyID,
-		STSEndpointType: stsEndpointType,
+		AccessKeyID: accessKeyID,
+		STSEndpoint: parsedURL.Host,
 	}
 	return getIdentityFromSTSResponse(id, callerIdentity)
 }