Pass thrift header to authenticate context

uber-archive · May 25, 2017 · d6f8ce2 · d6f8ce2
1 parent 4f48ff9
commit d6f8ce2
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/services/frontendhost/frontend.go b/services/frontendhost/frontend.go
@@ -60,6 +60,9 @@ type ContextKey string
 // ResourceUrnKey is the context key name for resourceUrn
 var ResourceUrnKey = ContextKey("resourceUrn")
 
+// HeaderKey is the context key name for header
+var HeaderKey = ContextKey("header")
+
 var nilRequestError = &c.BadRequestError{Message: `request must not be nil`}
 var badRequestKafkaConfigError = &c.BadRequestError{Message: `kafka destination must set kafka cluster and topic, and may not be multi-zone`}
 var badRequestNonKafkaConfigError = &c.BadRequestError{Message: `non-Kafka destination must not set kafka cluster and topic`}
@@ -1645,8 +1648,12 @@ func (h *Frontend) getControllerClient() (controller.TChanController, error) {
 	return cf.GetControllerClient()
 }
 
-func (h *Frontend) checkAuth(ctx context.Context, authResource string, operation common.Operation, logger bark.Logger) error {
+func (h *Frontend) checkAuth(ctx thrift.Context, authResource string, operation common.Operation, logger bark.Logger) error {
 	authContext := context.WithValue(ctx, ResourceUrnKey, authResource)
+	if ctx.Headers() != nil {
+		authContext = context.WithValue(authContext, HeaderKey, ctx.Headers())
+	}
+
 	authSubject, err := h.GetAuthManager().Authenticate(authContext)
 	if err != nil {
 		logger.WithFields(bark.Fields{