3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-05 12:23:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: audit logging (#2050)

Browse source 
* authorize: add databroker server and record version to result, force sync via polling

* authorize: audit logging
This commit is contained in:
Caleb Doxsey 2021-04-05 09:58:55 -06:00 committed by GitHub
parent 00e56212ec
commit f4c4fe314a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 1395 additions and 1390 deletions
Download patch file Download diff file Expand all files Collapse all files

10
authorize/state.go
View file

@ -11,12 +11,14 @@ import (
"github.com/pomerium/pomerium/internal/encoding/jws"
"github.com/pomerium/pomerium/pkg/grpc"
"github.com/pomerium/pomerium/pkg/grpc/databroker"
"github.com/pomerium/pomerium/pkg/protoutil"
)
type authorizeState struct {
evaluator *evaluator.Evaluator
encoder encoding.MarshalUnmarshaler
dataBrokerClient databroker.DataBrokerServiceClient
auditEncryptor *protoutil.Encryptor
}
func newAuthorizeStateFromConfig(cfg *config.Config, store *evaluator.Store) (*authorizeState, error) {
@ -61,6 +63,14 @@ func newAuthorizeStateFromConfig(cfg *config.Config, store *evaluator.Store) (*a
}
state.dataBrokerClient = databroker.NewDataBrokerServiceClient(cc)
auditKey, err := cfg.Options.GetAuditKey()
if err != nil {
return nil, fmt.Errorf("authorize: invalid audit key: %w", err)
}
if auditKey != nil {
state.auditEncryptor = protoutil.NewEncryptor(auditKey)
}
return state, nil
}