authorize: refactor logAuthorizeCheck()

Currently, policy evaluation and authorize logging are coupled to the
Envoy CheckRequest proto message (part of the ext_authz API). In the
context of ssh proxy authentication, we won't have a CheckRequest.
Instead, let's make the existing evaluator.Request type the source of
truth for the authorize log fields.

This way, whether we populate the evaluator.Request struct from an
ext_authz request or from an ssh proxy request, we can use the same
logAuthorizeCheck() method for logging.

Add some additional fields to evaluator.RequestHTTP for the authorize
log fields that are not currently represented in this struct.

authorize/log_test.go

@@ -6,8 +6,6 @@ import (
 	"strings"
 	"testing"
 
-	envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
-	envoy_service_auth_v3 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
 	"github.com/rs/zerolog"
 	"github.com/stretchr/testify/assert"
 
@@ -24,27 +22,16 @@ func Test_populateLogEvent(t *testing.T) {
 	ctx := context.Background()
 	ctx = requestid.WithValue(ctx, "REQUEST-ID")
 
-	checkRequest := &envoy_service_auth_v3.CheckRequest{
-		Attributes: &envoy_service_auth_v3.AttributeContext{
-			Request: &envoy_service_auth_v3.AttributeContext_Request{
-				Http: &envoy_service_auth_v3.AttributeContext_HttpRequest{
-					Host:   "HOST",
-					Path:   "https://www.example.com/some/path?a=b",
-					Method: "GET",
-				},
-			},
-			Source: &envoy_service_auth_v3.AttributeContext_Peer{
-				Address: &envoy_config_core_v3.Address{
-					Address: &envoy_config_core_v3.Address_SocketAddress{
-						SocketAddress: &envoy_config_core_v3.SocketAddress{
-							Address: "127.0.0.1",
-						},
-					},
-				},
-			},
+	req := &evaluator.Request{
+		HTTP: evaluator.RequestHTTP{
+			Method:   "GET",
+			Host:     "HOST",
+			RawPath:  "/some/path",
+			RawQuery: "a=b",
+			Headers:  map[string]string{"X-Request-Id": "CHECK-REQUEST-ID"},
+			IP:       "127.0.0.1",
 		},
 	}
-	headers := map[string]string{"X-Request-Id": "CHECK-REQUEST-ID"}
 	s := &session.Session{
 		Id: "SESSION-ID",
 		IdToken: &session.IDToken{
@@ -86,7 +73,7 @@ func Test_populateLogEvent(t *testing.T) {
 		{log.AuthorizeLogFieldImpersonateUserID, s, `{"impersonate-user-id":"IMPERSONATE-USER-ID"}`},
 		{log.AuthorizeLogFieldIP, s, `{"ip":"127.0.0.1"}`},
 		{log.AuthorizeLogFieldMethod, s, `{"method":"GET"}`},
-		{log.AuthorizeLogFieldPath, s, `{"path":"https://www.example.com/some/path"}`},
+		{log.AuthorizeLogFieldPath, s, `{"path":"/some/path"}`},
 		{log.AuthorizeLogFieldQuery, s, `{"query":"a=b"}`},
 		{log.AuthorizeLogFieldRemovedGroupsCount, s, `{"removed-groups-count":42}`},
 		{log.AuthorizeLogFieldRequestID, s, `{"request-id":"REQUEST-ID"}`},
@@ -102,7 +89,7 @@ func Test_populateLogEvent(t *testing.T) {
 			var buf bytes.Buffer
 			log := zerolog.New(&buf)
 			evt := log.Log()
-			evt = populateLogEvent(ctx, tc.field, evt, checkRequest, tc.s, u, headers, impersonateDetails, res)
+			evt = populateLogEvent(ctx, tc.field, evt, req, tc.s, u, impersonateDetails, res)
 			evt.Send()
 
 			assert.Equal(t, tc.expect, strings.TrimSpace(buf.String()))