diff --git a/go.mod b/go.mod index 9e93019d..13b32390 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.16 // replace github.com/apigee/apigee-remote-service-golib/v2 => ../apigee-remote-service-golib require ( - github.com/apigee/apigee-remote-service-golib/v2 v2.0.6 + github.com/apigee/apigee-remote-service-golib/v2 v2.0.7-0.20230308165829-ba684bc16fda github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad github.com/gogo/googleapis v1.4.1 github.com/golang/protobuf v1.5.2 diff --git a/go.sum b/go.sum index 0a14ff90..4309977c 100644 --- a/go.sum +++ b/go.sum @@ -42,8 +42,8 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/apigee/apigee-remote-service-golib/v2 v2.0.6 h1:Mo4JyO6YUmDynrZlDklX1sHEdKqvL+DxNPF4s/dULdg= -github.com/apigee/apigee-remote-service-golib/v2 v2.0.6/go.mod h1:km/iROUzLa13srZgVP0R31sAcsdgYnCJlvZdCW7ud98= +github.com/apigee/apigee-remote-service-golib/v2 v2.0.7-0.20230308165829-ba684bc16fda h1:T1VfDgp3mSIXqOiLo14VdwhnwmVjV+/wGESBzr5KOGg= +github.com/apigee/apigee-remote-service-golib/v2 v2.0.7-0.20230308165829-ba684bc16fda/go.mod h1:km/iROUzLa13srZgVP0R31sAcsdgYnCJlvZdCW7ud98= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= diff --git a/server/authorization.go b/server/authorization.go index 5112f8ad..9be1af2d 100644 --- a/server/authorization.go +++ b/server/authorization.go @@ -75,7 +75,7 @@ func (a *AuthorizationServer) Check(ctx gocontext.Context, req *envoy_auth.Check defer tracker.record() if err != nil { - return a.internalError(req, tracker, err), nil + return a.internalError(req, tracker, nil, "", err), nil } var api string @@ -85,7 +85,7 @@ func (a *AuthorizationServer) Check(ctx gocontext.Context, req *envoy_auth.Check api, ok = req.Attributes.Request.Http.Headers[a.handler.apiHeader] if !ok { log.Debugf("missing api header %s", a.handler.apiHeader) - return a.unauthorized(req, tracker), nil + return a.unauthorized(req, tracker, nil, ""), nil } } @@ -127,11 +127,11 @@ func (a *AuthorizationServer) Check(ctx gocontext.Context, req *envoy_auth.Check authContext, err := a.handler.authMan.Authenticate(rootContext, apiKey, claims, a.handler.apiKeyClaim) switch err { case auth.ErrNoAuth: - return a.unauthorized(req, tracker), nil + return a.unauthorized(req, tracker, authContext, api), nil case auth.ErrBadAuth: return a.denied(req, tracker, authContext, api), nil case auth.ErrInternalError: - return a.internalError(req, tracker, err), nil + return a.internalError(req, tracker, authContext, api, err), nil } if len(authContext.APIProducts) == 0 { @@ -162,7 +162,7 @@ func (a *AuthorizationServer) Check(ctx gocontext.Context, req *envoy_auth.Check } } if anyError != nil { - return a.internalError(req, tracker, anyError), nil + return a.internalError(req, tracker, authContext, api, anyError), nil } if exceeded { return a.quotaExceeded(req, tracker, authContext, api), nil @@ -192,13 +192,13 @@ func (a *AuthorizationServer) authOK(tracker *prometheusRequestMetricTracker, au } } -func (a *AuthorizationServer) unauthorized(req *envoy_auth.CheckRequest, tracker *prometheusRequestMetricTracker) *envoy_auth.CheckResponse { - return a.createDenyResponse(req, tracker, nil, "", rpc.UNAUTHENTICATED) +func (a *AuthorizationServer) unauthorized(req *envoy_auth.CheckRequest, tracker *prometheusRequestMetricTracker, authContext *auth.Context, api string) *envoy_auth.CheckResponse { + return a.createDenyResponse(req, tracker, authContext, api, rpc.UNAUTHENTICATED) } -func (a *AuthorizationServer) internalError(req *envoy_auth.CheckRequest, tracker *prometheusRequestMetricTracker, err error) *envoy_auth.CheckResponse { +func (a *AuthorizationServer) internalError(req *envoy_auth.CheckRequest, tracker *prometheusRequestMetricTracker, authContext *auth.Context, api string, err error) *envoy_auth.CheckResponse { log.Errorf("sending internal error: %v", err) - return a.createDenyResponse(req, tracker, nil, "", rpc.INTERNAL) + return a.createDenyResponse(req, tracker, authContext, api, rpc.INTERNAL) } func (a *AuthorizationServer) denied(req *envoy_auth.CheckRequest, tracker *prometheusRequestMetricTracker, authContext *auth.Context, api string) *envoy_auth.CheckResponse {