Merge pull request #38724 from deads2k/fed-12-fix-exec
Automatic merge from submit-queue fix connection upgrades through kuberentes-discovery The initial upgrade through the proxy doesn't use the passed transport to handle the communication to the remote side. Since we need auth proxy headers, this broke the upgrade for exec. This sets those headers once if its an upgrade request (the transport stomps them if called anyway, so it won't shadow.). @sttts I think this is the last required piece. Then we start wiring in for e2e.
This commit is contained in:
Kubernetes Submit Queue
@@ -106,6 +106,13 @@ func NewAuthProxyRoundTripper(username string, groups []string, extra map[string
|
||||
|
||||
func (rt *authProxyRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
|
||||
req = cloneRequest(req)
|
||||
SetAuthProxyHeaders(req, rt.username, rt.groups, rt.extra)
|
||||
|
||||
return rt.rt.RoundTrip(req)
|
||||
}
|
||||
|
||||
// SetAuthProxyHeaders stomps the auth proxy header fields. It mutates its argument.
|
||||
func SetAuthProxyHeaders(req *http.Request, username string, groups []string, extra map[string][]string) {
|
||||
req.Header.Del("X-Remote-User")
|
||||
req.Header.Del("X-Remote-Group")
|
||||
for key := range req.Header {
|
||||
@@ -114,17 +121,15 @@ func (rt *authProxyRoundTripper) RoundTrip(req *http.Request) (*http.Response, e
|
||||
}
|
||||
}
|
||||
|
||||
req.Header.Set("X-Remote-User", rt.username)
|
||||
for _, group := range rt.groups {
|
||||
req.Header.Set("X-Remote-User", username)
|
||||
for _, group := range groups {
|
||||
req.Header.Add("X-Remote-Group", group)
|
||||
}
|
||||
for key, values := range rt.extra {
|
||||
for key, values := range extra {
|
||||
for _, value := range values {
|
||||
req.Header.Add("X-Remote-Extra-"+key, value)
|
||||
}
|
||||
}
|
||||
|
||||
return rt.rt.RoundTrip(req)
|
||||
}
|
||||
|
||||
func (rt *authProxyRoundTripper) CancelRequest(req *http.Request) {
|
||||
|
||||
Reference in New Issue
Block a user