Add 'AuthorizeID From Parameters' audit logs to the /callback and /login endpoints

Co-authored-by: Ryan Richard <richardry@vmware.com>
2026-01-07 14:05:50 +00:00 · 2024-10-31 17:00:52 -05:00
parent bf1e37f149
commit 44e218194b
24 changed files with 321 additions and 142 deletions
--- a/internal/plog/audit_event.go
+++ b/internal/plog/audit_event.go
@@ -17,6 +17,7 @@ const (
 	AuditEventHTTPRequestParameters              AuditEventMessage = "HTTP Request Parameters"
 	AuditEventHTTPRequestCustomHeadersUsed       AuditEventMessage = "HTTP Request Custom Headers Used"
 	AuditEventUsingUpstreamIDP                   AuditEventMessage = "Using Upstream IDP"
+	AuditEventAuthorizeIDFromParameters          AuditEventMessage = "AuthorizeID From Parameters"
 	AuditEventIdentityFromUpstreamIDP            AuditEventMessage = "Identity From Upstream IDP"
 	AuditEventIdentityRefreshedFromUpstreamIDP   AuditEventMessage = "Identity Refreshed From Upstream IDP"
 	AuditEventSessionStarted                     AuditEventMessage = "Session Started"
--- a/internal/plog/plog.go
+++ b/internal/plog/plog.go
@@ -42,6 +42,18 @@ type SessionIDGetter interface {
 	GetID() string
 }

+// NoSessionPersisted means do not associate this audit event with a session ID.
+// The session has not yet "started" and may or may not ever be persisted to permanent storage.
+func NoSessionPersisted() SessionIDGetter {
+	return nil
+}
+
+// NoHTTPRequestAvailable means there is no request context for this audit event.
+// Use this when an audit event is emitted from a controller or some other place that does not have a request context.
+func NoHTTPRequestAvailable() context.Context {
+	return nil
+}
+
 // AuditLogger is only the audit logging part of Logger. There is no global function for Audit because
 // that would make unit testing of audit logs harder.
 type AuditLogger interface {