Do ACLs support using groups defined in the HTTP header? I'm guessing this should work.
I have an HTTP header returned x-auth-request-groups that has the following contents:
/SG-KAdmin,/SG_KUser,role:user,role:techuser
The groups are returned via authentication against Keycloak (using oauth2-proxy) on kubernetes. I'd like to allow members of the SG-KAdmin group to be able to create silences and everyone else can simply view alerts.
My acl looks like:
rules:
- action: block
reason: silences are blocked
scope:
filters:
- name_re: .+
value_re: .+
- action: allow
reason: admins can create silences
scope:
groups:
- SG-KAdmin
I currently do no have groups defined in the authorization part of the karma config file. If I define a group here, karma logs a message that members are required, whereas I want the members defined at keycloak rather than than on karma. Is this possible?
| Owner Name | prymitive |
| Repo Name | karma |
| Full Name | prymitive/karma |
| Language | TypeScript |
| Created Date | 2018-09-09 |
| Updated Date | 2023-03-17 |
| Star Count | 1921 |
| Watcher Count | 33 |
| Fork Count | 166 |
| Issue Count | 2 |
| Issue Title | Created Date | Updated Date |
|---|