From 8a551e67bf386964e2d36b6c32ca82052081fc8d Mon Sep 17 00:00:00 2001
From: Denis Mishin <dmishin@pomerium.com>
Date: Thu, 5 Sep 2024 11:54:37 -0400
Subject: [PATCH] authorize: add request-id to error messages (#5267)

---
 authorize/grpc.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/authorize/grpc.go b/authorize/grpc.go
index 55866971c..44006e5f2 100644
--- a/authorize/grpc.go
+++ b/authorize/grpc.go
@@ -45,7 +45,8 @@ func (a *Authorize) Check(ctx context.Context, in *envoy_service_auth_v3.CheckRe
 
 	// convert the incoming envoy-style http request into a go-style http request
 	hreq := getHTTPRequestFromCheckRequest(in)
-	ctx = requestid.WithValue(ctx, requestid.FromHTTPHeader(hreq.Header))
+	requestID := requestid.FromHTTPHeader(hreq.Header)
+	ctx = requestid.WithValue(ctx, requestID)
 
 	sessionState, _ := state.sessionStore.LoadSessionState(hreq)
 
@@ -55,7 +56,7 @@ func (a *Authorize) Check(ctx context.Context, in *envoy_service_auth_v3.CheckRe
 	if sessionState != nil {
 		s, err = a.getDataBrokerSessionOrServiceAccount(ctx, sessionState.ID, sessionState.DatabrokerRecordVersion)
 		if err != nil {
-			log.Info(ctx).Err(err).Msg("clearing session due to missing or invalid session or service account")
+			log.Info(ctx).Err(err).Str("request-id", requestID).Msg("clearing session due to missing or invalid session or service account")
 			sessionState = nil
 		}
 	}
@@ -65,7 +66,7 @@ func (a *Authorize) Check(ctx context.Context, in *envoy_service_auth_v3.CheckRe
 
 	req, err := a.getEvaluatorRequestFromCheckRequest(ctx, in, sessionState)
 	if err != nil {
-		log.Error(ctx).Err(err).Msg("error building evaluator request")
+		log.Error(ctx).Err(err).Str("request-id", requestID).Msg("error building evaluator request")
 		return nil, err
 	}
 
@@ -74,7 +75,7 @@ func (a *Authorize) Check(ctx context.Context, in *envoy_service_auth_v3.CheckRe
 	res, err := state.evaluator.Evaluate(ctx, req)
 	a.stateLock.RUnlock()
 	if err != nil {
-		log.Error(ctx).Err(err).Msg("error during OPA evaluation")
+		log.Error(ctx).Err(err).Str("request-id", requestID).Msg("error during OPA evaluation")
 		return nil, err
 	}
 
@@ -85,7 +86,7 @@ func (a *Authorize) Check(ctx context.Context, in *envoy_service_auth_v3.CheckRe
 
 	resp, err := a.handleResult(ctx, in, req, res)
 	if err != nil {
-		log.Error(ctx).Err(err).Str("request-id", requestid.FromContext(ctx)).Msg("grpc check ext_authz_error")
+		log.Error(ctx).Err(err).Str("request-id", requestID).Msg("grpc check ext_authz_error")
 	}
 	a.logAuthorizeCheck(ctx, in, resp, res, s, u)
 	return resp, err