proxy: add support for logging http request headers (#4388)

* config: add customization options for logging

* config: validate log fields

* proxy: add support for logging http request headers

* log subset of headers

* fix test name

* dont use log.HTTPHeaders for access logs

* canonicalize http/2 headers

authorize/evaluator/evaluator.go

@@ -311,13 +311,13 @@ func safeEval(ctx context.Context, q rego.PreparedEvalQuery, options ...rego.Eva
 // carryOverJWTAssertion copies assertion JWT from request to response
 // note that src keys are expected to be http.CanonicalHeaderKey
 func carryOverJWTAssertion(dst http.Header, src map[string]string) {
-	jwtForKey := http.CanonicalHeaderKey(httputil.HeaderPomeriumJWTAssertionFor)
+	jwtForKey := httputil.CanonicalHeaderKey(httputil.HeaderPomeriumJWTAssertionFor)
 	jwtFor, ok := src[jwtForKey]
 	if ok && jwtFor != "" {
 		dst.Add(jwtForKey, jwtFor)
 		return
 	}
-	jwtFor, ok = src[http.CanonicalHeaderKey(httputil.HeaderPomeriumJWTAssertion)]
+	jwtFor, ok = src[httputil.CanonicalHeaderKey(httputil.HeaderPomeriumJWTAssertion)]
 	if ok && jwtFor != "" {
 		dst.Add(jwtForKey, jwtFor)
 	}

authorize/evaluator/evaluator_test.go

@@ -422,11 +422,11 @@ func TestEvaluator(t *testing.T) {
 		}{
 			{map[string]string{}, ""},
 			{map[string]string{
-				http.CanonicalHeaderKey(httputil.HeaderPomeriumJWTAssertion): "identity-a",
+				httputil.CanonicalHeaderKey(httputil.HeaderPomeriumJWTAssertion): "identity-a",
 			}, "identity-a"},
 			{map[string]string{
-				http.CanonicalHeaderKey(httputil.HeaderPomeriumJWTAssertionFor): "identity-a",
-				http.CanonicalHeaderKey(httputil.HeaderPomeriumJWTAssertion):    "identity-b",
+				httputil.CanonicalHeaderKey(httputil.HeaderPomeriumJWTAssertionFor): "identity-a",
+				httputil.CanonicalHeaderKey(httputil.HeaderPomeriumJWTAssertion):    "identity-b",
 			}, "identity-a"},
 		}
 		for _, tc := range tcs {