3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-24 21:48:23 +02:00
Code Issues Projects Releases Packages Wiki Activity

proxy: remove impersonate headers for kubernetes (#1394)

Browse source 
* proxy: remove impersonate headers for kubernetes

* master on frontend/statik
This commit is contained in:
Caleb Doxsey 2020-09-09 15:24:39 -06:00 committed by GitHub
parent 05d9fbb4b3
commit a19e45334b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 69 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

6
authorize/check_response.go
View file

@ -154,15 +154,15 @@ func (a *Authorize) redirectResponse(in *envoy_service_auth_v2.CheckRequest) *en
func getKubernetesHeaders(reply *evaluator.Result) []*envoy_api_v2_core.HeaderValueOption {
var requestHeaders []*envoy_api_v2_core.HeaderValueOption
if reply.MatchingPolicy != nil && reply.MatchingPolicy.KubernetesServiceAccountToken != "" {
if reply.MatchingPolicy != nil && (reply.MatchingPolicy.KubernetesServiceAccountTokenFile != "" || reply.MatchingPolicy.KubernetesServiceAccountToken != "") {
requestHeaders = append(requestHeaders,
mkHeader("Authorization", "Bearer "+reply.MatchingPolicy.KubernetesServiceAccountToken, false))
if reply.UserEmail != "" {
requestHeaders = append(requestHeaders, mkHeader("Impersonate-User", reply.UserEmail, false))
}
for _, group := range reply.UserGroups {
requestHeaders = append(requestHeaders, mkHeader("Impersonate-Group", group, true))
for i, group := range reply.UserGroups {
requestHeaders = append(requestHeaders, mkHeader("Impersonate-Group", group, i > 0))
}
}
return requestHeaders