Authorization ACLs using groups in the HTTP header

This issue has been tracked since 2022-09-08.

Do ACLs support using groups defined in the HTTP header? I'm guessing this should work.

I have an HTTP header returned x-auth-request-groups that has the following contents:

The groups are returned via authentication against Keycloak (using oauth2-proxy) on kubernetes. I'd like to allow members of the SG-KAdmin group to be able to create silences and everyone else can simply view alerts.

My acl looks like:

  - action: block
    reason: silences are blocked
        - name_re: .+
          value_re: .+
  - action: allow
    reason: admins can create silences
        - SG-KAdmin

I currently do no have groups defined in the authorization part of the karma config file. If I define a group here, karma logs a message that members are required, whereas I want the members defined at keycloak rather than than on karma. Is this possible?

More Details About Repo
Owner Name prymitive
Repo Name karma
Full Name prymitive/karma
Language TypeScript
Created Date 2018-09-09
Updated Date 2023-03-17
Star Count 1921
Watcher Count 33
Fork Count 166
Issue Count 2


Issue Title Created Date Updated Date