3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-24 13:38:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: log JWT groups filtering

Browse source
This commit is contained in:
Kenneth Jenkins 2025-01-08 13:33:21 -08:00
parent 8bc86fe06f
commit e7831cc299
6 changed files with 64 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

8
authorize/log.go
View file

@ -33,7 +33,7 @@ func (a *Authorize) logAuthorizeCheck(
evt := log.Ctx(ctx).Info().Str("service", "authorize")
fields := a.currentOptions.Load().GetAuthorizeLogFields()
for _, field := range fields {
evt = populateLogEvent(ctx, field, evt, in, s, u, hdrs, impersonateDetails)
evt = populateLogEvent(ctx, field, evt, in, s, u, hdrs, impersonateDetails, res)
}
evt = log.HTTPHeaders(evt, fields, hdrs)
@ -132,6 +132,7 @@ func populateLogEvent(
u *user.User,
hdrs map[string]string,
impersonateDetails *impersonateDetails,
res *evaluator.Result,
) *zerolog.Event {
path, query, _ := strings.Cut(in.GetAttributes().GetRequest().GetHttp().GetPath(), "?")
@ -198,6 +199,11 @@ func populateLogEvent(
}
return evt.Str(string(field), userID)
default:
if res != nil {
if v, ok := res.AdditionalLogFields[field]; ok {
evt = evt.Interface(string(field), v)
}
}
return evt
}
}