peer identity update, help in dynamic group updates

Author: shyam0904a

client/internal/engine.go

@@ -662,6 +662,11 @@ func (e *Engine) modifyPeers(peersUpdate []*mgmProto.RemotePeerConfig) error {
 		if err := e.statusRecorder.UpdatePeerFQDN(peerPubKey, p.GetFqdn()); err != nil {
 			log.Warnf("error updating peer's %s fqdn in the status recorder, got error: %v", peerPubKey, err)
 		}
+
+		// Update peer identity (groups/userId) for K8s Auth Proxy impersonation
+		if err := e.statusRecorder.UpdatePeerIdentity(peerPubKey, p.GetGroups(), p.GetUserId()); err != nil {
+			log.Warnf("error updating peer's %s identity in the status recorder, got error: %v", peerPubKey, err)
+		}
 	}
 
 	// second, close all modified connections and remove them from the state map

client/internal/peer/status.go

@@ -606,6 +606,24 @@ func (d *Status) UpdatePeerFQDN(peerPubKey, fqdn string) error {
 	return nil
 }
 
+// UpdatePeerIdentity updates peer's groups and userId for K8s Auth Proxy impersonation.
+// This is called when the management server sends updated peer config.
+func (d *Status) UpdatePeerIdentity(peerPubKey string, groups []string, userId string) error {
+	d.mux.Lock()
+	defer d.mux.Unlock()
+
+	peerState, ok := d.peers[peerPubKey]
+	if !ok {
+		return errors.New("peer doesn't exist")
+	}
+
+	peerState.Groups = groups
+	peerState.UserId = userId
+	d.peers[peerPubKey] = peerState
+
+	return nil
+}
+
 // UpdatePeerSSHHostKey updates peer's SSH host key
 func (d *Status) UpdatePeerSSHHostKey(peerPubKey string, sshHostKey []byte) error {
 	d.mux.Lock()