Roles header with refresh configuration #277
Conversation
Passing in arbitrary string for now; next up is grab roles from provider.
This cleans up the optional RoleProvider interface and fixes some test crashes where PassRolesHeader was defaulting to true in the test suite.
Also some fmt
Fix case of restarted proxy causing need to refetch roles, enable metered role updates via cookie refresh configuration
# Conflicts: # oauthproxy.go # options.go # providers/github.go
|
This feature enables using oauth2_proxy in front of Rundeck, and then roles in rundeck can be mapped from github team membership. Super handy! See rundeck/rundeck#1883 |
|
This same functionality would also be useful for GitLab users. I believe the analogous to "Teams" in GitHub would be to use the "Groups" in GitLab |
|
Looks like a useful feature. What is missing to get this merged? (apart from solving the conflicts..) |
|
I had opened feature request #386 but somehow managed to miss this until now. It would be nice to have the change merged, of course, but also have the parameter be a string, rather than a boolean, specifying the name of the header, for broader compatibility with upstreams. |
|
See issue #428 |
|
bump. Any likelihood of a merge? |
|
Been looking for this for some time. Any chance this will get merged soon? |
|
Hi IT would be nice to have this feature, what's missing for merging? |
|
Fyi: there is an active discussion about forking this project here: #628 |
This enhancement provides a new configuration to send roles as a header with an implementation for the Github provider.
Roles are not stored in the cookie (per #174 (comment)) but in the case of a restart of the oauth2_proxy application, the roles are retrieved.
Additionally, metered updates of roles can be enabled with the cookie-refresh configuration to apply privilege changes to the current session.