github/kubevela
1
0
Fork 0
mirror of https://github.com/kubevela/kubevela.git synced 2026-05-06 09:27:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
21bf1410193dbf60672a6347ec00fd237104c23e
kubevela/pkg/auth/round_trippers.go
Somefive 57309884fc Feat: enhance controller auth by removing useless features & add authentication for componentrevision+healthcheck (#3992) 
* Feat: use application identity in gc & componentrevision & collectHealthStatus

Signed-off-by: Somefive <yd219913@alibaba-inc.com>

* Chore: remove useless features and roles

Signed-off-by: Somefive <yd219913@alibaba-inc.com>

* Fix: remove DELETE from mutating webhook

Signed-off-by: Somefive <yd219913@alibaba-inc.com>

* Chore: enhance deploy error display

Signed-off-by: Somefive <yd219913@alibaba-inc.com>

* Fix: e2e test vela cli output match & controllerrevision recycle for serviceaccount impersonation

Signed-off-by: Somefive <yd219913@alibaba-inc.com>
2022-05-27 15:50:21 +08:00

74 lines
1.9 KiB
Go
Raw Blame History

/*
Copyright 2021 The KubeVela Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package auth
import (
"net/http"
utilnet "k8s.io/apimachinery/pkg/util/net"
"k8s.io/apiserver/pkg/endpoints/request"
"k8s.io/client-go/transport"
"github.com/oam-dev/kubevela/pkg/utils"
)
const (
impersonateKey = "impersonate"
)
var _ utilnet.RoundTripperWrapper = &impersonatingRoundTripper{}
type impersonatingRoundTripper struct {
rt http.RoundTripper
}
// NewImpersonatingRoundTripper will add an ImpersonateUser header to a request
// if the context has a specific user whom to act-as.
func NewImpersonatingRoundTripper(rt http.RoundTripper) http.RoundTripper {
return &impersonatingRoundTripper{
rt: rt,
}
}
func (rt *impersonatingRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
ctx := req.Context()
req = req.Clone(ctx)
userInfo, exists := request.UserFrom(ctx)
if exists && userInfo != nil {
if name := userInfo.GetName(); name != "" {
req.Header.Set(transport.ImpersonateUserHeader, name)
for _, group := range userInfo.GetGroups() {
req.Header.Add(transport.ImpersonateGroupHeader, group)
}
q := req.URL.Query()
q.Add(impersonateKey, "true")
req.URL.RawQuery = q.Encode()
}
}
return rt.rt.RoundTrip(req)
}
func (rt *impersonatingRoundTripper) CancelRequest(req *http.Request) {
utils.TryCancelRequest(rt.WrappedRoundTripper(), req)
}
func (rt *impersonatingRoundTripper) WrappedRoundTripper() http.RoundTripper {
return rt.rt
}
Reference in New Issue View Git Blame Copy Permalink