From 4e7526fc18ca6c19518649230f95fef28cdec6fa Mon Sep 17 00:00:00 2001
From: Clayton Coleman <ccoleman@redhat.com>
Date: Tue, 30 Jun 2015 13:46:38 -0400
Subject: [PATCH] The bearer token client transport should not override
 Authorization

If an authorization header is already set via the client or request,
the bearer transport for the client should not override the
Authorization header.

Allows one client to be used for multiple users when acting as a
proxy or gateway.
---
 pkg/client/transport.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/pkg/client/transport.go b/pkg/client/transport.go
index 7c5f94f3167..b0da4ee14a1 100644
--- a/pkg/client/transport.go
+++ b/pkg/client/transport.go
@@ -48,11 +48,16 @@ type basicAuthRoundTripper struct {
 	rt       http.RoundTripper
 }
 
+// NewBasicAuthRoundTripper will apply a BASIC auth authorization header to a request unless it has
+// already been set.
 func NewBasicAuthRoundTripper(username, password string, rt http.RoundTripper) http.RoundTripper {
 	return &basicAuthRoundTripper{username, password, rt}
 }
 
 func (rt *basicAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	if len(req.Header.Get("Authorization")) != 0 {
+		return rt.rt.RoundTrip(req)
+	}
 	req = cloneRequest(req)
 	req.SetBasicAuth(rt.username, rt.password)
 	return rt.rt.RoundTrip(req)
@@ -63,11 +68,17 @@ type bearerAuthRoundTripper struct {
 	rt     http.RoundTripper
 }
 
+// NewBearerAuthRoundTripper adds the provided bearer token to a request unless the authorization
+// header has already been set.
 func NewBearerAuthRoundTripper(bearer string, rt http.RoundTripper) http.RoundTripper {
 	return &bearerAuthRoundTripper{bearer, rt}
 }
 
 func (rt *bearerAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	if len(req.Header.Get("Authorization")) != 0 {
+		return rt.rt.RoundTrip(req)
+	}
+
 	req = cloneRequest(req)
 	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", rt.bearer))
 	return rt.rt.RoundTrip(req)