in proxy_agent/src/proxy/proxy_authorizer.rs [93:118]
fn authorize(
&self,
logger: &mut ConnectionLogger,
request_url: hyper::Uri,
access_control_rules: Option<ComputedAuthorizationItem>,
) -> AuthorizeResult {
if let Some(rules) = access_control_rules {
if rules.is_allowed(logger, request_url.clone(), self.claims.clone()) {
return AuthorizeResult::Ok;
} else {
if rules.mode == AuthorizationMode::Audit {
logger.write(
LoggerLevel::Info,
format!(
"IMDS request {} denied in audit mode, continue forward the request",
request_url
),
);
return AuthorizeResult::OkWithAudit;
}
return AuthorizeResult::Forbidden;
}
}
AuthorizeResult::Ok
}