From 47cdaea6e5e924414d49a72f4fa500dd1f235770 Mon Sep 17 00:00:00 2001
From: Christophe LACOMBE <141164119+Tof1973@users.noreply.github.com>
Date: Mon, 18 Dec 2023 01:34:24 +0100
Subject: [PATCH] [OSD-20024] Allow GetRestConfigAsUser with elevationReason
 (#294)

* Allow GetRestConfigAsUser with elevationReason

* integrate suggestions
---
 cmd/ocm-backplane/login/login.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/cmd/ocm-backplane/login/login.go b/cmd/ocm-backplane/login/login.go
index e90eacb9..55d23d08 100644
--- a/cmd/ocm-backplane/login/login.go
+++ b/cmd/ocm-backplane/login/login.go
@@ -299,13 +299,20 @@ func GetRestConfig(bp config.BackplaneConfiguration, clusterID string) (*rest.Co
 
 // GetRestConfigAsUser returns a client-go *rest.Config like GetRestConfig, but supports configuring an
 // impersonation username. Commonly, this is "backplane-cluster-admin"
-func GetRestConfigAsUser(bp config.BackplaneConfiguration, clusterID, username string) (*rest.Config, error) {
+// best practice would be to add at least one elevationReason in order to justity the impersonation
+func GetRestConfigAsUser(bp config.BackplaneConfiguration, clusterID, username string, elevationReasons ...string) (*rest.Config, error) {
 	cfg, err := GetRestConfig(bp, clusterID)
 	if err != nil {
 		return nil, err
 	}
 
-	cfg.Impersonate = rest.ImpersonationConfig{UserName: username}
+	cfg.Impersonate = rest.ImpersonationConfig{
+		UserName: username,
+	}
+
+	if len(elevationReasons) > 0 {
+		cfg.Impersonate.Extra = map[string][]string{"reason": elevationReasons}
+	}
 
 	return cfg, nil
 }