github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
36,506 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

52 Commits (3215e8535ae8afcf850fbaac9df7ff9abe42f9e0)

Author SHA1 Message Date
Jordan Liggitt 0f3baaad50
Create GroupAdder authenticator wrapper 2016-09-26 17:18:05 -04:00
Dr. Stefan Schimanski 87356c0623 Cleanup handler chain 2016-09-23 12:03:58 +02:00
Kubernetes Submit Queue 2db76ad133 Merge pull request #30369 from lixiaobing10051267/masterQuote 
Automatic merge from submit-queue

check using single quote in cmd/pkg/plugin
 2016-08-23 00:19:25 -07:00
deads2k 432e6ecdae allow impersonating user.Info.Extra 2016-08-22 07:43:52 -04:00
Clayton Coleman 5f8366aac3
Convert() should accept the new conversion Context value 
Allows Convert() to reuse the same conversions as ConvertToVersion
without being overly coupled to the version.
 2016-08-18 14:45:20 -04:00
lixiaobing10051267 6cb66b6695 check using single quote in cmd/pkg/plugin 2016-08-10 23:32:09 +08:00
k8s-merge-robot 8d46d9b0c7 Merge pull request #28281 from nhlfr/authorize-return-bool 
Automatic merge from submit-queue

Return (bool, error) in Authorizer.Authorize()

Before this change, Authorize() method was just returning an error, regardless of whether the user is unauthorized or whether there is some other unrelated error. Returning boolean with information about user authorization and error (which should be unrelated to the authorization) separately will make it easier to debug.

Fixes #27974
 2016-07-18 21:40:26 -07:00
k8s-merge-robot fa174bcdaf Merge pull request #29042 from dims/fixup-imports 
Automatic merge from submit-queue

Use Go canonical import paths

Add canonical imports only in existing doc.go files.
https://golang.org/doc/go1.4#canonicalimports

Fixes #29014
 2016-07-18 07:23:38 -07:00
Michal Rostecki fa0dd46ab7 Return (bool, error) in Authorizer.Authorize() 
Before this change, Authorize() method was just returning an error,
regardless of whether the user is unauthorized or whether there
is some other unrelated error. Returning boolean with information
about user authorization and error (which should be unrelated to
the authorization) separately will make it easier to debug.

Fixes #27974
 2016-07-18 12:06:54 +02:00
Davanum Srinivas 2b0ed014b7 Use Go canonical import paths 
Add canonical imports only in existing doc.go files.
https://golang.org/doc/go1.4#canonicalimports

Fixes #29014
 2016-07-16 13:48:21 -04:00
deads2k f6f1ab34aa authorize based on user.Info 2016-07-14 07:48:42 -04:00
David McMahon ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
CJ Cullen 0124e23450 Add an 'authenticated user' metric to the RequestAuthenticator. 2016-05-19 16:04:11 -07:00
deads2k b4ebfd47c5 add user.Info.GetExtra 2016-04-26 15:08:34 -04:00
deads2k 02578a7ea7 add missing attributes to authorization interface 2016-03-29 08:46:21 -04:00
Eric Paris 5e5a823294 Move blunderbuss assignees into tree 2016-03-02 20:46:32 -05:00
Clayton Coleman 4386e8cc38 Change legacy ABAC decode to use new Decoder 
The new Decode() method is able to deserialize an unknown type when an
explicit Into is provided.
 2016-01-22 01:10:23 -05:00
Clayton Coleman c1d932e44a Switch API objects to not register per version codecs 
Remove Codec from versionInterfaces in meta (RESTMapper is now agnostic
to codec and serialization). Register api/latest.Codecs as the codec
factory and use latest.Codecs.LegacyCodec(version) as an equvialent to
the previous codec.
 2016-01-22 01:10:21 -05:00
liggitt 23dc96f08e Fix example ABAC policy file 2016-01-12 14:22:20 -05:00
deads2k f764e0099c Update ObjectTyper to GroupVersion 2015-12-07 08:35:05 -05:00
Jordan Liggitt 2321651518 Add non-resource and API group support to ABAC authorizer, version ABAC policy rules 2015-12-03 12:31:13 -05:00
eulerzgy f8f9afb874 alias local packagename for pkg/util/errors 2015-10-18 09:37:46 +08:00
Jordan Liggitt 9d6b52881d Add authentication/authorization interfaces to kubelet, always include /metrics with /stats 2015-10-09 03:10:00 -04:00
Jordan Liggitt e024e55e8e Add verb to authorizer attributes 2015-10-01 23:54:02 -04:00
deads2k 8db054651c plumb APIGroup to authorization attributes and test 2015-09-30 09:45:10 -04:00
Wojciech Tyczynski 53ae56f205 Replace "minion" with "node" in bunch of places. 2015-09-14 11:07:11 +02:00
Ruddarraju, Uday Kumar Raju f8d6f13f7c Union of authorizers 2015-09-04 11:04:50 -07:00
Jordan Liggitt 848ec0491e fix ABAC tests 2015-08-10 16:07:08 -04:00
Marek Grabowski 5f9cefc1d8 Merge pull request #12441 from vlajos/typofixes-vlajos-20150807 
typofix - https://github.com/vlajos/misspell_fixer
 2015-08-10 16:33:52 +02:00
xiejunan 8d99ba94c8 modify example and doc for ABAC authorization 2015-08-10 18:46:13 +08:00
Veres Lajos 9f77e49109 typofix - https://github.com/vlajos/misspell_fixer 2015-08-08 22:31:48 +01:00
Mike Danese 17defc7383 run gofmt on everything we touched 2015-08-05 17:52:56 -07:00
Mike Danese 8e33cbfa28 rewrite go imports 2015-08-05 17:30:03 -07:00
Jordan Liggitt 92bd58ede6 ServiceAccount e2e/integration tests 2015-05-11 17:18:06 -04:00
Eric Paris 6b3a6e6b98 Make copyright ownership statement generic 
Instead of saying "Google Inc." (which is not always correct) say "The
Kubernetes Authors", which is generic.
 2015-05-01 17:49:56 -04:00
Robert Bailey 4304b1d24a Set the 'WWW-Authenticate' header on 401 responses when basic 
auth is enabled. This is required for basic auth to work with
web browsers.
 2015-04-28 11:00:05 -07:00
deads2k 00fc17e690 abac policy file parsing bug 2015-04-02 11:13:20 -04:00
Kris Rousey 6904c4d585 Fixing a lot of string formatting issues with regards to: 
* Improper format specifier (e.g. %s for bools or %s for ints)
  * More or less parameters than format specifiers
  * Not calling a formatting function when it should have (e.g. Error() instead of Errorf())
 2015-03-31 16:47:10 -07:00
Brendan Burns 7c654a3d1b Expand test coverage in master, kubectl/cmd/util, pkg/registry/resourcequota, and api/rest. 2015-03-07 15:24:39 -08:00
Jordan Liggitt 083ce268e0 Put user in context, map requests to context above resthandler layer 2015-02-12 20:58:04 -05:00
deads2k 8a2fe9bd2b modify policy to correctly identify resource versus kind 2015-02-04 13:36:01 -05:00
Eric Tune 7648aa2a93 update ABAC example with right kubelet/proxy perms. 2015-01-30 11:05:27 -08:00
Jordan Liggitt 9d8d313113 Initial addition of groups to user/policy 2014-12-18 15:33:45 -05:00
Sam Ghods 6399854240 Remove unused YAML tags and GetYAML/SetYAML methods 
Unneeded after move to ghodss/yaml.
 2014-12-02 16:25:28 -08:00
Jordan Liggitt 3532be3c82 Add basicauth and password authenticators 2014-11-24 17:52:10 -05:00
Jordan Liggitt c895331277 Make master take authenticator.Request interface instead of tokenfile 2014-11-19 15:07:51 -05:00
Eric Tune 6e81e8c896 Basic ACL file. 
Added function to read basic ACL from a CSV file.
Added implementation of Authorize based on that file's policies.
Added docs on authentication and authorization.
Added example file and tested it.
 2014-11-05 16:06:22 -08:00
Eric Tune 1668c6f107 Authorization based on namespace, kind, readonly. 
Also, pass Authorizer into master.Config.
 2014-11-03 17:45:15 -08:00
Eric Tune 3045035512 Get user from request and put in authz attribs. 
Added integration tests for user-based auth.
 2014-11-03 16:38:56 -08:00
Eric Tune 55c2d6bbbb Add basic Authorization. 
Added basic interface for authorizer implementations.
Added default "authorize everything" and "authorize nothing
implementations.
Added authorization check immediately after authentication check.
Added an integration test of authorization at the HTTP level of
abstraction.
 2014-10-31 12:04:33 -07:00