-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make http headers available in the decision-log #6693
Comments
Having |
Hi @ashutosh-narkar |
Ok. Here's a proposal. We'll extend the decision log config to allow users to specify the headers they want to include in the log. It will look something like:
Then the log will look something like:
WDYT? |
Hi. Thanks for the quick feedback. That is a fine solution for us 👍 |
It would be useful if users had the ability to enhance the decision log with info from the incoming HTTP request such as headers. This change allows users to configure headers whose values if present in the incoming HTTP request would be surfaced via the decision log. This can be extended in the future to include more context from the request. Fixes: open-policy-agent#6693 Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
It would be useful if users had the ability to enhance the decision log with info from the incoming HTTP request such as headers. This change allows users to configure headers whose values if present in the incoming HTTP request would be surfaced via the decision log. This can be extended in the future to include more context from the request. Fixes: open-policy-agent#6693 Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
It would be useful if users had the ability to enhance the decision log with info from the incoming HTTP request such as headers. This change allows users to configure headers whose values if present in the incoming HTTP request would be surfaced via the decision log. This can be extended in the future to include more context from the request. Fixes: #6693 Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
In our OPA/Styra setup, we already uses
system.log
to mask sensitive input, and enrich the decision-log e.g. by adding the decoded jwt to the input next to the encoded-jwt.What is the underlying problem you're trying to solve?
We would like to make additional enriching of our decision-log, by adding certain attributes/claims that is available in the http header.
Describe the ideal solution
The ideal solution would be that
input.headers
was available in thesystem.log
package as it is already in thesystem.authz
package.Describe a "Good Enough" solution
Some other way just to enable all http headers to be added to decision-log.
Additional Context
As mentioned above we can in the
system.authz
package create a rule checking for certain http headers:The text was updated successfully, but these errors were encountered: