Documentation
¶
Overview ¶
Package authheaders contains helpers for stamping the request-header identity headers (X-Remote-User / X-Remote-Group / X-Remote-Extra-*) that kcp proxies use to forward an authenticated identity to a backend shard or virtual workspace. The backend trusts these headers verbatim over the proxy's mutually-authenticated connection, so the stamping must always strip any client-supplied copies first.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ClearAuthHeaders ¶ added in v0.31.4
ClearAuthHeaders deletes any inbound copies of the request-header identity headers.
func SetAuthHeaders ¶
func SetAuthHeaders(header http.Header, user userinfo.Info, userHeader, groupHeader, extraHeaderPrefix string)
SetAuthHeaders stamps the given authenticated user's identity onto the request headers, after deleting any inbound copies of the identity headers.
This mirrors k8s.io/client-go/transport.SetAuthProxyHeaders and the upstream requestheader authenticator's ClearAuthenticationHeaders.
Types ¶
This section is empty.