3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-01 11:26:29 +02:00
Code Issues Projects Releases Packages Wiki Activity
3421 commits 159 branches 125 tags 103 MiB
Commit graph

19 commits

Author SHA1 Message Date
Kenneth Jenkins
b182ef350e
authorize: log service account user ID (#4964) 
Currently the 'user-id' field of the authorize logs is empty for
requests authenticated via a service account, as there is no associated
User object. Instead, populate this log field directly from the the
sessionOrServiceAccount value, to handle both types of user.
 2024-02-27 14:01:19 -08:00
Caleb Doxsey
4301da3648
core/telemetry: move requestid to pkg directory (#4911) 2024-01-19 13:18:16 -07:00
Caleb Doxsey
6c1416fc0f
authorize: log id token claims separately from id token (#4394) 2023-07-26 11:45:10 -06:00
Caleb Doxsey
1aa8187a4b
authorize: add support for logging id token (#4392) 2023-07-25 15:44:25 -06:00
Caleb Doxsey
baf8918676
logs: add support for logging the http query (#4390) 
* config: add customization options for logging

* config: validate log fields

* proxy: add support for logging http request headers

* log subset of headers

* add support for logging the http query

* fix test name

* use strings.Cut, add unit tests
 2023-07-25 12:56:49 -06:00
Caleb Doxsey
638d9f3d6c
proxy: add support for logging http request headers (#4388) 
* config: add customization options for logging

* config: validate log fields

* proxy: add support for logging http request headers

* log subset of headers

* fix test name

* dont use log.HTTPHeaders for access logs

* canonicalize http/2 headers
 2023-07-25 09:46:42 -06:00
Caleb Doxsey
438aecd7bc
config: add customization options for logging (#4383) 
* config: add customization options for logging

* config: validate log fields

* allocate slices once
 2023-07-24 13:17:03 -06:00
Caleb Doxsey
f61e7efe73
authorize: use query instead of sync for databroker data (#3377) 2022-06-01 15:40:07 -06:00
Caleb Doxsey
a0e64b1cf9
authorize: add request IP to rego evaluation (#3107) 2022-03-07 15:07:58 -07:00
Caleb Doxsey
efffe57bf0
ppl: pass contextual information through policy (#2612) 
* ppl: pass contextual information through policy

* maybe fix nginx

* fix nginx

* pr comments

* go mod tidy
 2021-09-20 16:02:26 -06:00
Caleb Doxsey
57c0c0a1bc
authorize: log additional session details (#2419) 2021-08-02 12:08:34 -06:00
Caleb Doxsey
1a95036b8c
sessions: add impersonate_session_id, remove legacy impersonation (#2407) 
* sessions: add impersonate_session_id, remove legacy impersonation

* show impersonated user details

* fix headers

* address feedback

* only check impersonate id on non-nil pbSession

* Revert "only check impersonate id on non-nil pbSession"

This reverts commit a6f7ca5abd.
 2021-07-30 08:42:36 -06:00
Caleb Doxsey
cef08a1c2d
authorize: remove service account impersonate user id, email and groups (#2365) 2021-07-15 09:31:45 -06:00
Caleb Doxsey
8e155bdf61
authorize: log service account and impersonation details (#2354) 2021-07-12 14:21:37 -06:00
Caleb Doxsey
dad35bcfb0
ppl: refactor authorize to evaluate PPL (#2224) 
* ppl: refactor authorize to evaluate PPL

* remove opa test step

* add log statement

* simplify assignment

* deny with forbidden if logged in

* add safeEval function

* create evaluator-specific config and options

* embed the headers rego file directly
 2021-05-21 09:50:18 -06:00
bobby
7973ab43fe
authorize: audit log had duplicate "message" key (#2141) 
* authorize: audit log had duplicate "message" key

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-04-27 15:26:16 -06:00
wasaga
e0c09a0998
log context (#2107) 2021-04-22 10:58:13 -04:00
Caleb Doxsey
8a2af8029b
authorize: additional tracing, add benchmark for encryptor (#2059) 2021-04-05 12:55:16 -06:00
Caleb Doxsey
f4c4fe314a
authorize: audit logging (#2050) 
* authorize: add databroker server and record version to result, force sync via polling

* authorize: audit logging
 2021-04-05 09:58:55 -06:00