-
Notifications
You must be signed in to change notification settings - Fork 362
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: forward basic auth user #3312
feat: forward basic auth user #3312
Conversation
c66e1dd
to
187dec0
Compare
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
187dec0
to
bf20d0c
Compare
thoughts on |
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
…oute in a Gateway Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
@@ -24,4 +27,10 @@ type BasicAuth struct { | |||
// | |||
// Note: The secret must be in the same namespace as the SecurityPolicy. | |||
Users gwapiv1b1.SecretObjectReference `json:"users"` | |||
|
|||
// The name of the HTTP header that will be used to forward the username to the upstream server. | |||
// Please note that the header name is a global setting for all the routes in a Gateway. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
UserNameToHeader
can also be per route, but will need some upstream work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
imo we should wait until per route support is added, else a per route setting will enable this at the global level
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, let's wait for the upstream.
This pull request has been automatically marked as stale because it has not had activity in the last 30 days. Please feel free to give a status update now, ping for review, when it's ready. Thank you for your contributions! |
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
This PR extracts username from the HTTP authorization header and add it to a custom header, providing a user identity that can be directly used in the Authorization Policy and by other filters or backends.
Fix: #2947
Related: #2250 #2652