JoshVanL
commented
4 years ago Hello! This can't be done yet currently no- I'm not against it at all but what is the use case for doing this?
Closed amit-handda closed 4 years ago
JoshVanL
commented
4 years ago Hello! This can't be done yet currently no- I'm not against it at all but what is the use case for doing this?
amit-handda
commented
4 years ago Sorry, I missed your response. Usecase is to use oidc proxy which will add client-ip to userinfo.extra headers, while relaying request to api-server. we could, then, utilize this information in applying validation policies via open-policy-agent.
The oidc-proxy knows about the remoteaddr which initiated the request.
In fact, would like to suggest that if we could enhance oidc-proxy to make the extra headers configurable. It would be nice.
Thanks,
JoshVanL
commented
4 years ago Makes sense to me, I'll have a look at putting that together.
/assign
amit-handda
commented
4 years ago Thank you. For now, I just forked the repo and added few lines of code to make it work for me. It obviously needs to be done in a better and generic way.
+ extra := make(map[string][]string)
+ extra["scopes"] = []string{req.RemoteAddr}
conf := transport.ImpersonationConfig{
UserName: user.GetName(),
Groups: groups,
- Extra: user.GetExtra(),
+ Extra: extra,
}Hey @amit-handda, I went ahead and opened up a PR to implement something that should helpfully solve what you are trying to look for. https://github.com/jetstack/kube-oidc-proxy/pull/128
Hi Folks, Thanks for a very useful product. Have a small query, let me know if this isnt right platform for the same.
I am looking to append client-ip from which request originated, as part of
x-remote-extra-headers from oidc-proxy to api-server. Is there a way to achieve the same ?many thanks !