Skip to content

Commit c919c90

Browse files
leoryuleoryu
authored
feat(platform): support exec with impersonation (#1717)
1 parent a563b78 commit c919c90

File tree

1 file changed

+17
-8
lines changed
  • pkg/platform/proxy/core/pod/storage

1 file changed

+17
-8
lines changed

Diff for: pkg/platform/proxy/core/pod/storage/exec.go

+17-8
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ import (
3131
"k8s.io/apiserver/pkg/registry/rest"
3232
platforminternalclient "tkestack.io/tke/api/client/clientset/internalversion/typed/platform/internalversion"
3333
"tkestack.io/tke/pkg/platform/util"
34+
"tkestack.io/tke/pkg/util/log"
3435
)
3536

3637
// Support both GET and POST methods. We must support GET for browsers that want
@@ -64,7 +65,7 @@ func (r *ExecREST) Connect(ctx context.Context, name string, opts runtime.Object
6465
return nil, fmt.Errorf("invalid options object: %#v", opts)
6566
}
6667

67-
location, transport, token, err := util.APIServerLocation(ctx, r.platformClient)
68+
location, transport, _, err := util.APIServerLocation(ctx, r.platformClient)
6869
if err != nil {
6970
return nil, err
7071
}
@@ -101,22 +102,30 @@ func (r *ExecREST) Connect(ctx context.Context, name string, opts runtime.Object
101102

102103
return &execHandler{
103104
upgradeAwareHandler: newThrottledUpgradeAwareProxyHandler(location, transport, false, true, responder),
104-
token: token,
105105
}, nil
106106
}
107107

108108
type execHandler struct {
109109
upgradeAwareHandler *proxy.UpgradeAwareHandler
110-
token string
111110
}
112111

113112
func (h *execHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
114-
newReq := req.WithContext(req.Context())
115-
newReq.Header = utilnet.CloneHeader(req.Header)
116-
if h.token != "" {
117-
newReq.Header.Add("Authorization", fmt.Sprintf("Bearer %s", h.token))
113+
reqClone := utilnet.CloneRequest(req)
114+
reqClone.URL.Scheme = h.upgradeAwareHandler.Location.Scheme
115+
reqClone.URL.Host = h.upgradeAwareHandler.Location.Host
116+
reqClone.Header = nil
117+
resp, err := h.upgradeAwareHandler.Transport.RoundTrip(reqClone)
118+
if err != nil {
119+
log.Warnf("err %v", err)
120+
}
121+
outReq := resp.Request
122+
for k, vs := range req.Header {
123+
for _, v := range vs {
124+
outReq.Header.Add(k, v)
125+
}
118126
}
119-
h.upgradeAwareHandler.ServeHTTP(w, newReq)
127+
log.Errorf("header: %v", outReq)
128+
h.upgradeAwareHandler.ServeHTTP(w, outReq)
120129
}
121130

122131
func newThrottledUpgradeAwareProxyHandler(location *url.URL, transport http.RoundTripper, wrapTransport, upgradeRequired bool, responder rest.Responder) *proxy.UpgradeAwareHandler {

0 commit comments

Comments
 (0)