userinfo.extras add client-ip

Question

userinfo.extras add client-ip

amit-handda opened this issue 4 years ago · 5 comments

Hi Folks,
Thanks for a very useful product. Have a small query, let me know if this isnt right platform for the same.

I am looking to append client-ip from which request originated, as part of x-remote-extra- headers from oidc-proxy to api-server.
Is there a way to achieve the same ?

many thanks !

Answer 1 · 2020-02-06T10:06:39.000Z

Hello! This can't be done yet currently no- I'm not against it at all but what is the use case for doing this?

Answer 2 · 2020-02-12T00:50:18.000Z

Sorry, I missed your response.
Usecase is to use oidc proxy which will add client-ip to userinfo.extra headers, while relaying request to api-server. we could, then, utilize this information in applying validation policies via open-policy-agent.

The oidc-proxy knows about the remoteaddr which initiated the request.
In fact, would like to suggest that if we could enhance oidc-proxy to make the extra headers configurable. It would be nice.

Thanks,

Answer 3 · 2020-02-12T10:29:13.000Z

Makes sense to me, I'll have a look at putting that together.

/assign

Answer 4 · 2020-02-12T18:47:28.000Z

Thank you. For now, I just forked the repo and added few lines of code to make it work for me. It obviously needs to be done in a better and generic way.

+       extra := make(map[string][]string)
+       extra["scopes"] = []string{req.RemoteAddr}
        conf := transport.ImpersonationConfig{
                UserName: user.GetName(),
                Groups:   groups,
-               Extra:    user.GetExtra(),
+               Extra:    extra,
        }

Answer 5 · 2020-02-13T21:58:11.000Z

Hey @amit-handda, I went ahead and opened up a PR to implement something that should helpfully solve what you are trying to look for. #128