3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-06 10:21:05 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'origin/main' into cdoxsey/log-headers

Browse source
This commit is contained in:
Caleb Doxsey 2023-07-24 13:18:45 -06:00
commit 5d86c84978
3 changed files with 45 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

8
authorize/evaluator/evaluator_test.go
View file

@ -76,11 +76,11 @@ func TestEvaluator(t *testing.T) {
AllowedDomains: []string{"example.com"}, AllowedDomains: []string{"example.com"},
}, },
{ {
To: config.WeightedURLs{{URL: *mustParseURL("https://to9.example.com")}}, To: config.WeightedURLs{{URL: *mustParseURL("https://to8.example.com")}},
AllowAnyAuthenticatedUser: true, AllowAnyAuthenticatedUser: true,
}, },
{ {
To: config.WeightedURLs{{URL: *mustParseURL("https://to10.example.com")}}, To: config.WeightedURLs{{URL: *mustParseURL("https://to9.example.com")}},
Policy: &config.PPLPolicy{ Policy: &config.PPLPolicy{
Policy: &parser.Policy{ Policy: &parser.Policy{
Rules: []parser.Rule{{ Rules: []parser.Rule{{
@ -95,7 +95,7 @@ func TestEvaluator(t *testing.T) {
}, },
}, },
{ {
To: config.WeightedURLs{{URL: *mustParseURL("https://to11.example.com")}}, To: config.WeightedURLs{{URL: *mustParseURL("https://to10.example.com")}},
Policy: &config.PPLPolicy{ Policy: &config.PPLPolicy{
Policy: &parser.Policy{ Policy: &parser.Policy{
Rules: []parser.Rule{{ Rules: []parser.Rule{{
@ -385,7 +385,7 @@ func TestEvaluator(t *testing.T) {
Id: "user1", Id: "user1",
}, },
}, &Request{ }, &Request{
Policy: &policies[8], Policy: &policies[7],
Session: RequestSession{ Session: RequestSession{
ID: "session1", ID: "session1",
}, },

38
internal/log/access.go
View file

@ -25,24 +25,6 @@ const (
AccessLogFieldUserAgent AccessLogField = "user-agent" AccessLogFieldUserAgent AccessLogField = "user-agent"
) )
// DefaultAccessLogFields returns the default access log fields.
func DefaultAccessLogFields() []AccessLogField {
return []AccessLogField{
AccessLogFieldUpstreamCluster,
AccessLogFieldMethod,
AccessLogFieldAuthority,
AccessLogFieldPath,
AccessLogFieldUserAgent,
AccessLogFieldReferer,
AccessLogFieldForwardedFor,
AccessLogFieldRequestID,
AccessLogFieldDuration,
AccessLogFieldSize,
AccessLogFieldResponseCode,
AccessLogFieldResponseCodeDetails,
}
}
const accessLogFieldHeaderPrefix = "header." const accessLogFieldHeaderPrefix = "header."
// AccessLogFieldForHeader returns an access log field for the given header name. // AccessLogFieldForHeader returns an access log field for the given header name.
@ -58,6 +40,26 @@ func (field AccessLogField) IsForHeader() (headerName string, ok bool) {
return "", false return "", false
} }
var defaultAccessLogFields = []AccessLogField{
AccessLogFieldUpstreamCluster,
AccessLogFieldMethod,
AccessLogFieldAuthority,
AccessLogFieldPath,
AccessLogFieldUserAgent,
AccessLogFieldReferer,
AccessLogFieldForwardedFor,
AccessLogFieldRequestID,
AccessLogFieldDuration,
AccessLogFieldSize,
AccessLogFieldResponseCode,
AccessLogFieldResponseCodeDetails,
}
// DefaultAccessLogFields returns the default access log fields.
func DefaultAccessLogFields() []AccessLogField {
return defaultAccessLogFields
}
// ErrUnknownAccessLogField indicates that an access log field is unknown. // ErrUnknownAccessLogField indicates that an access log field is unknown.
var ErrUnknownAccessLogField = errors.New("unknown access log field") var ErrUnknownAccessLogField = errors.New("unknown access log field")

39
internal/log/authorize.go
View file

@ -29,28 +29,31 @@ const (
AuthorizeLogFieldUser AuthorizeLogField = "user" AuthorizeLogFieldUser AuthorizeLogField = "user"
) )
var defaultAuthorizeLogFields = []AuthorizeLogField{
AuthorizeLogFieldRequestID,
AuthorizeLogFieldCheckRequestID,
AuthorizeLogFieldMethod,
AuthorizeLogFieldPath,
AuthorizeLogFieldHost,
AuthorizeLogFieldQuery,
AuthorizeLogFieldIP,
AuthorizeLogFieldSessionID,
AuthorizeLogFieldImpersonateSessionID,
AuthorizeLogFieldImpersonateUserID,
AuthorizeLogFieldImpersonateEmail,
AuthorizeLogFieldServiceAccountID,
AuthorizeLogFieldUser,
AuthorizeLogFieldEmail,
}
var defaultDebugAuthorizeLogFields = append(defaultAuthorizeLogFields, AuthorizeLogFieldHeaders)
// DefaultAuthorizeLogFields returns the default authorize log fields. // DefaultAuthorizeLogFields returns the default authorize log fields.
func DefaultAuthorizeLogFields() []AuthorizeLogField { func DefaultAuthorizeLogFields() []AuthorizeLogField {
fields := []AuthorizeLogField{
AuthorizeLogFieldRequestID,
AuthorizeLogFieldCheckRequestID,
AuthorizeLogFieldMethod,
AuthorizeLogFieldPath,
AuthorizeLogFieldHost,
AuthorizeLogFieldQuery,
AuthorizeLogFieldIP,
AuthorizeLogFieldSessionID,
AuthorizeLogFieldImpersonateSessionID,
AuthorizeLogFieldImpersonateUserID,
AuthorizeLogFieldImpersonateEmail,
AuthorizeLogFieldServiceAccountID,
AuthorizeLogFieldUser,
AuthorizeLogFieldEmail,
}
if zerolog.GlobalLevel() <= zerolog.DebugLevel { if zerolog.GlobalLevel() <= zerolog.DebugLevel {
fields = append(fields, AuthorizeLogFieldHeaders) return defaultDebugAuthorizeLogFields
} }
return fields return defaultAuthorizeLogFields
} }
// ErrUnknownAuthorizeLogField indicates that an authorize log field is unknown. // ErrUnknownAuthorizeLogField indicates that an authorize log field is unknown.