[added] jwt/issuerkey/nametag/tags to monitoring and event endpoints

[matthiashanel]

Also added a trace on jwt authentication

Signed-off-by: Matthias Hanel mh@synadia.com

[53472] [TRC] 127.0.0.1:51931 - cid:3 - "v1.11.0:go" - Authenticated JWT: Client "UAW2WHOE5AKJHEWVHJJMDWSVIN4BHU2HGNFKS4ZL2JOZ5RN774CP3ZVF" (claim-name: "a name", claim-tags: ["tags" "other"]) signed with "ACMAPDNT4LQZU6GYD22JVXLUZJT6AK4ONHKIB4TSJEAUHAEOONFLY22R" by Account "ACMAPDNT4LQZU6GYD22JVXLUZJT6AK4ONHKIB4TSJEAUHAEOONFLY22R" (claim-name: "", claim-tags: []) signed with "OCAT33MTVU2VUOIMGNGUNXJ66AH2RLSDAF3MUBCYAY5QMIL65NQM6XQG"
[53472] [TRC] 127.0.0.1:51932 - cid:4 - "v1.11.0:go" - Authenticated JWT: Client "UAW2WHOE5AKJHEWVHJJMDWSVIN4BHU2HGNFKS4ZL2JOZ5RN774CP3ZVF" (claim-name: "a name", claim-tags: ["tags" "other"]) signed with "ACMAPDNT4LQZU6GYD22JVXLUZJT6AK4ONHKIB4TSJEAUHAEOONFLY22R" by Account "ACMAPDNT4LQZU6GYD22JVXLUZJT6AK4ONHKIB4TSJEAUHAEOONFLY22R" (claim-name: "some account", claim-tags: ["foo" "bar"]) signed with "OCAT33MTVU2VUOIMGNGUNXJ66AH2RLSDAF3MUBCYAY5QMIL65NQM6XQG"
[53472] [TRC] 127.0.0.1:51933 - cid:5 - "v1.11.0:go:conn name" - Authenticated JWT: Client "UAW2WHOE5AKJHEWVHJJMDWSVIN4BHU2HGNFKS4ZL2JOZ5RN774CP3ZVF" (claim-name: "a name", claim-tags: ["tags" "other"]) signed with "ACMAPDNT4LQZU6GYD22JVXLUZJT6AK4ONHKIB4TSJEAUHAEOONFLY22R" by Account "ACMAPDNT4LQZU6GYD22JVXLUZJT6AK4ONHKIB4TSJEAUHAEOONFLY22R" (claim-name: "some account", claim-tags: ["foo" "bar"]) signed with "OCAT33MTVU2VUOIMGNGUNXJ66AH2RLSDAF3MUBCYAY5QMIL65NQM6XQG"
[53472] [TRC] 127.0.0.1:51934 - cid:6 - "v1.11.0:go" - Authenticated JWT: Client "UABC2XJEOWPA4DDDYKIDVS24SOLYTCILDFCHAGDG3JNS3RR6O77ZAJK3" (claim-name: "a name", claim-tags: ["tags" "other"]) signed with "AD7EMU4HIRDKAUIY5KURVIY4BEECIBJY4E6FQEL7OBVOGXZHYPXHLTAF" by Account "AD7EMU4HIRDKAUIY5KURVIY4BEECIBJY4E6FQEL7OBVOGXZHYPXHLTAF" (claim-name: "some account", claim-tags: ["foo" "bar"]) signed with "OCAT33MTVU2VUOIMGNGUNXJ66AH2RLSDAF3MUBCYAY5QMIL65NQM6XQG"
[53472] [TRC] 127.0.0.1:51935 - cid:7 - "v1.11.0:go" - Authenticated JWT: Client "UAW2WHOE5AKJHEWVHJJMDWSVIN4BHU2HGNFKS4ZL2JOZ5RN774CP3ZVF" (claim-name: "a name", claim-tags: ["tags" "other"]) signed with "ACMAPDNT4LQZU6GYD22JVXLUZJT6AK4ONHKIB4TSJEAUHAEOONFLY22R" by Account "ACMAPDNT4LQZU6GYD22JVXLUZJT6AK4ONHKIB4TSJEAUHAEOONFLY22R" (claim-name: "some account", claim-tags: ["foo" "bar"]) signed with "OCAT33MTVU2VUOIMGNGUNXJ66AH2RLSDAF3MUBCYAY5QMIL65NQM6XQG"
[53472] [TRC] 127.0.0.1:51937 - cid:9 - "v1.11.0:go" - Authenticated JWT: Client "UABC2XJEOWPA4DDDYKIDVS24SOLYTCILDFCHAGDG3JNS3RR6O77ZAJK3" (claim-name: "a name", claim-tags: ["tags" "other"]) signed with "AD7EMU4HIRDKAUIY5KURVIY4BEECIBJY4E6FQEL7OBVOGXZHYPXHLTAF" by Account "AD7EMU4HIRDKAUIY5KURVIY4BEECIBJY4E6FQEL7OBVOGXZHYPXHLTAF" (claim-name: "some account", claim-tags: ["foo" "bar"]) signed with "OCAT33MTVU2VUOIMGNGUNXJ66AH2RLSDAF3MUBCYAY5QMIL65NQM6XQG"

[kozlovic]

I think setting fields in the client during auth should be protected.
Also, I wonder if this needs separate configuration to be activated? Not sure if in the use case this came up from, user would be willing to run under -V (which generates a lot of output) in order to get this trace. Also wonder if there is anything sensitive in this trace, which would make the opt-in option even more necessary.

[matthiashanel]

I think setting fields in the client during auth should be protected.
Also, I wonder if this needs separate configuration to be activated? Not sure if in the use case this came up from, user would be willing to run under -V (which generates a lot of output) in order to get this trace. Also wonder if there is anything sensitive in this trace, which would make the opt-in option even more necessary.

I spoke to them and for now I'll keep it at debug, hoping that the system eventing stuff is good enough for them.
If it's not, they'll let me know. then we can talk about possibly adding a switch for this trace.

[kozlovic]

LGTM