3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-03 16:59:22 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: add policy error details for custom error messages (#3542)

Browse source 
* authorize: add policy error details for custom error messages

* remove fmt.Println

* fix tests

* add docs
This commit is contained in:
Caleb Doxsey 2022-08-09 14:46:31 -06:00 committed by GitHub
parent 60b9f3d92d
commit 3c63b6c028
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
24 changed files with 619 additions and 505 deletions
Download patch file Download diff file Expand all files Collapse all files

6
authorize/grpc.go
View file

@ -16,6 +16,7 @@ import (
"github.com/pomerium/pomerium/internal/telemetry/requestid"
"github.com/pomerium/pomerium/internal/telemetry/trace"
"github.com/pomerium/pomerium/internal/urlutil"
"github.com/pomerium/pomerium/pkg/contextutil"
"github.com/pomerium/pomerium/pkg/grpc/user"
"github.com/pomerium/pomerium/pkg/storage"
)
@ -88,6 +89,11 @@ func (a *Authorize) Check(ctx context.Context, in *envoy_service_auth_v3.CheckRe
a.logAuthorizeCheck(ctx, in, out, res, s, u)
}()
// if show error details is enabled, attach the policy evaluation traces
if req.Policy != nil && req.Policy.ShowErrorDetails {
ctx = contextutil.WithPolicyEvaluationTraces(ctx, res.Traces)
}
isForwardAuthVerify := isForwardAuth && hreq.URL.Path == "/verify"
// if there's a deny, the result is denied using the deny reasons.