Merge remote-tracking branch 'origin/main' into cdoxsey/log-headers

2025-08-03 08:50:42 +02:00 · 2023-07-24 13:18:45 -06:00 · 2023-07-24 13:18:45 -06:00 · 5d86c84978
commit 5d86c84978
parent 4d7140a8a2 438aecd7bc
3 changed files with 45 additions and 40 deletions
--- a/authorize/evaluator/evaluator_test.go
+++ b/authorize/evaluator/evaluator_test.go
@ -76,11 +76,11 @@ func TestEvaluator(t *testing.T) {
 			AllowedDomains: []string{"example.com"},
 		},
 		{
-			To:                        config.WeightedURLs{{URL: *mustParseURL("https://to9.example.com")}},
+			To:                        config.WeightedURLs{{URL: *mustParseURL("https://to8.example.com")}},
 			AllowAnyAuthenticatedUser: true,
 		},
 		{
-			To: config.WeightedURLs{{URL: *mustParseURL("https://to10.example.com")}},
+			To: config.WeightedURLs{{URL: *mustParseURL("https://to9.example.com")}},
 			Policy: &config.PPLPolicy{
 				Policy: &parser.Policy{
 					Rules: []parser.Rule{{
@ -95,7 +95,7 @@ func TestEvaluator(t *testing.T) {
 			},
 		},
 		{
-			To: config.WeightedURLs{{URL: *mustParseURL("https://to11.example.com")}},
+			To: config.WeightedURLs{{URL: *mustParseURL("https://to10.example.com")}},
 			Policy: &config.PPLPolicy{
 				Policy: &parser.Policy{
 					Rules: []parser.Rule{{
@ -385,7 +385,7 @@ func TestEvaluator(t *testing.T) {
 				Id: "user1",
 			},
 		}, &Request{
-			Policy: &policies[8],
+			Policy: &policies[7],
 			Session: RequestSession{
 				ID: "session1",
 			},
--- a/internal/log/access.go
+++ b/internal/log/access.go
@ -25,24 +25,6 @@ const (
 	AccessLogFieldUserAgent           AccessLogField = "user-agent"
 )

-// DefaultAccessLogFields returns the default access log fields.
-func DefaultAccessLogFields() []AccessLogField {
-	return []AccessLogField{
-		AccessLogFieldUpstreamCluster,
-		AccessLogFieldMethod,
-		AccessLogFieldAuthority,
-		AccessLogFieldPath,
-		AccessLogFieldUserAgent,
-		AccessLogFieldReferer,
-		AccessLogFieldForwardedFor,
-		AccessLogFieldRequestID,
-		AccessLogFieldDuration,
-		AccessLogFieldSize,
-		AccessLogFieldResponseCode,
-		AccessLogFieldResponseCodeDetails,
-	}
-}
-
 const accessLogFieldHeaderPrefix = "header."

 // AccessLogFieldForHeader returns an access log field for the given header name.
@ -58,6 +40,26 @@ func (field AccessLogField) IsForHeader() (headerName string, ok bool) {
 	return "", false
 }

+var defaultAccessLogFields = []AccessLogField{
+	AccessLogFieldUpstreamCluster,
+	AccessLogFieldMethod,
+	AccessLogFieldAuthority,
+	AccessLogFieldPath,
+	AccessLogFieldUserAgent,
+	AccessLogFieldReferer,
+	AccessLogFieldForwardedFor,
+	AccessLogFieldRequestID,
+	AccessLogFieldDuration,
+	AccessLogFieldSize,
+	AccessLogFieldResponseCode,
+	AccessLogFieldResponseCodeDetails,
+}
+
+// DefaultAccessLogFields returns the default access log fields.
+func DefaultAccessLogFields() []AccessLogField {
+	return defaultAccessLogFields
+}
+
 // ErrUnknownAccessLogField indicates that an access log field is unknown.
 var ErrUnknownAccessLogField = errors.New("unknown access log field")

--- a/internal/log/authorize.go
+++ b/internal/log/authorize.go
@ -29,28 +29,31 @@ const (
 	AuthorizeLogFieldUser                 AuthorizeLogField = "user"
 )

+var defaultAuthorizeLogFields = []AuthorizeLogField{
+	AuthorizeLogFieldRequestID,
+	AuthorizeLogFieldCheckRequestID,
+	AuthorizeLogFieldMethod,
+	AuthorizeLogFieldPath,
+	AuthorizeLogFieldHost,
+	AuthorizeLogFieldQuery,
+	AuthorizeLogFieldIP,
+	AuthorizeLogFieldSessionID,
+	AuthorizeLogFieldImpersonateSessionID,
+	AuthorizeLogFieldImpersonateUserID,
+	AuthorizeLogFieldImpersonateEmail,
+	AuthorizeLogFieldServiceAccountID,
+	AuthorizeLogFieldUser,
+	AuthorizeLogFieldEmail,
+}
+
+var defaultDebugAuthorizeLogFields = append(defaultAuthorizeLogFields, AuthorizeLogFieldHeaders)
+
 // DefaultAuthorizeLogFields returns the default authorize log fields.
 func DefaultAuthorizeLogFields() []AuthorizeLogField {
-	fields := []AuthorizeLogField{
-		AuthorizeLogFieldRequestID,
-		AuthorizeLogFieldCheckRequestID,
-		AuthorizeLogFieldMethod,
-		AuthorizeLogFieldPath,
-		AuthorizeLogFieldHost,
-		AuthorizeLogFieldQuery,
-		AuthorizeLogFieldIP,
-		AuthorizeLogFieldSessionID,
-		AuthorizeLogFieldImpersonateSessionID,
-		AuthorizeLogFieldImpersonateUserID,
-		AuthorizeLogFieldImpersonateEmail,
-		AuthorizeLogFieldServiceAccountID,
-		AuthorizeLogFieldUser,
-		AuthorizeLogFieldEmail,
-	}
 	if zerolog.GlobalLevel() <= zerolog.DebugLevel {
-		fields = append(fields, AuthorizeLogFieldHeaders)
+		return defaultDebugAuthorizeLogFields
 	}
-	return fields
+	return defaultAuthorizeLogFields
 }

 // ErrUnknownAuthorizeLogField indicates that an authorize log field is unknown.