ContainerImage.Pinniped/internal/concierge/impersonator
Monis Khan 521adffb17
impersonation proxy: add nested impersonation support
This change updates the impersonator logic to use the delegated
authorizer for all non-rest verbs such as impersonate.  This allows
it to correctly perform authorization checks for incoming requests
that set impersonation headers while not performing unnecessary
checks that are already handled by KAS.

The audit layer is enabled to track the original user who made the
request.  This information is then included in a reserved extra
field original-user-info.impersonation-proxy.concierge.pinniped.dev
as a JSON blob.

Signed-off-by: Monis Khan <mok@vmware.com>
2021-04-19 15:52:46 -04:00
..
config_test.go impersonator_config.go: refactor to clean up cert name handling 2021-03-03 09:22:35 -08:00
config.go impersonator_config.go: refactor to clean up cert name handling 2021-03-03 09:22:35 -08:00
doc.go impersonation proxy: add nested impersonation support 2021-04-19 15:52:46 -04:00
impersonator_test.go impersonation proxy: add nested impersonation support 2021-04-19 15:52:46 -04:00
impersonator.go impersonation proxy: add nested impersonation support 2021-04-19 15:52:46 -04:00