github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 21:17:23 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #36769 from deads2k/auth-03-fix-impersonation

Browse Source 
Automatic merge from submit-queue

clear impersonation headers

If you clone a request that came in after impersonation, you were also cloning the impersonation headers that came with it.  These seem roughly analogous to the `Authorization` header, so this clears them.

@kubernetes/sig-auth
This commit is contained in:
Kubernetes Submit Queue 2016-12-01 04:52:09 -08:00 committed by GitHub
commit d00696a0d8
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/apiserver/filters/impersonation.go
View File

@ -123,6 +123,15 @@ func WithImpersonation(handler http.Handler, requestContextMapper api.RequestCon
oldUser, _ := api.UserFrom(ctx) oldUser, _ := api.UserFrom(ctx)
httplog.LogOf(req, w).Addf("%v is acting as %v", oldUser, newUser) httplog.LogOf(req, w).Addf("%v is acting as %v", oldUser, newUser)
// clear all the impersonation headers from the request
req.Header.Del(authenticationapi.ImpersonateUserHeader)
req.Header.Del(authenticationapi.ImpersonateGroupHeader)
for headerName := range req.Header {
if strings.HasPrefix(headerName, authenticationapi.ImpersonateUserExtraHeaderPrefix) {
req.Header.Del(headerName)
}
}
handler.ServeHTTP(w, req) handler.ServeHTTP(w, req)
}) })
} }