mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-02 03:46:29 +02:00
396c35b6b4
* update tracing config definitions * new tracing system * performance improvements * only configure tracing in envoy if it is enabled in pomerium * [tracing] refactor to use custom extension for trace id editing (#5420) refactor to use custom extension for trace id editing * set default tracing sample rate to 1.0 * fix proxy service http middleware * improve some existing auth related traces * test fixes * bump envoyproxy/go-control-plane * code cleanup * test fixes * Fix missing spans for well-known endpoints * import extension apis from pomerium/envoy-custom
45 lines
1.1 KiB
Go
45 lines
1.1 KiB
Go
package evaluator
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/open-policy-agent/opa/rego"
|
|
|
|
"github.com/pomerium/pomerium/authorize/internal/store"
|
|
"github.com/pomerium/pomerium/internal/telemetry/trace"
|
|
)
|
|
|
|
// HeadersResponse is the output from the headers.rego script.
|
|
type HeadersResponse struct {
|
|
Headers http.Header
|
|
}
|
|
|
|
// A HeadersEvaluator evaluates the headers.rego script.
|
|
type HeadersEvaluator struct {
|
|
store *store.Store
|
|
}
|
|
|
|
// NewHeadersEvaluator creates a new HeadersEvaluator.
|
|
func NewHeadersEvaluator(store *store.Store) *HeadersEvaluator {
|
|
return &HeadersEvaluator{
|
|
store: store,
|
|
}
|
|
}
|
|
|
|
// Evaluate evaluates the headers.rego script.
|
|
func (e *HeadersEvaluator) Evaluate(ctx context.Context, req *Request, options ...rego.EvalOption) (*HeadersResponse, error) {
|
|
ctx, span := trace.Continue(ctx, "authorize.HeadersEvaluator.Evaluate")
|
|
defer span.End()
|
|
|
|
ectx := new(rego.EvalContext)
|
|
for _, option := range options {
|
|
option(ectx)
|
|
}
|
|
now := ectx.Time()
|
|
if now.IsZero() {
|
|
now = time.Now()
|
|
}
|
|
return newHeadersEvaluatorEvaluation(e, req, now).execute(ctx)
|
|
}
|