github/k3s - k3s - https://git.xinac.net

Commit Graph

Author	SHA1	Message	Date
k8s-merge-robot	19650207a2	Merge pull request #24678 from ericchiang/log_webhook_error Automatic merge from submit-queue plugin/pkg/auth/authorizer/webhook: log request errors Currently the API server only checks the errors returned by an authorizer plugin, it doesn't return or log them[0]. This makes incorrectly configuring the wehbook authorizer plugin extremely difficult to debug. Add a logging statement if the request to the remove service fails as this indicates misconfiguration. [0] https://goo.gl/9zZFv4 <!-- Reviewable:start --> --- This change is [<img src="http://reviewable.k8s.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](http://reviewable.k8s.io/reviews/kubernetes/kubernetes/24678) <!-- Reviewable:end -->	2016-06-24 21:43:36 -07:00
CJ Cullen	38a1042199	Add a 5x exponential backoff on 429s & 5xxs to the webhook Authenticator/Authorizer.	2016-06-23 18:15:39 -07:00
CJ Cullen	ae67a4e209	Check HTTP Status code in webhook authorizer/authenticator.	2016-06-22 11:15:33 -07:00
bin liu	fd27cd47f7	fix some typos Signed-off-by: bin liu <liubin0329@gmail.com>	2016-06-22 18:14:26 +08:00
Eric Chiang	d13e351028	add unit and integration tests for rbac authorizer	2016-06-14 11:07:48 -07:00
Eric Chiang	c8ca49ec88	plugin/pkg/auth/authorizer/webhook: log request errors Currently the API server only checks the errors returned by an authorizer plugin, it doesn't return or log them[0]. This makes incorrectly configuring the wehbook authorizer plugin extremely difficult to debug. Add a logging statement if the request to the remove service fails as this indicates misconfiguration. [0] https://goo.gl/9zZFv4	2016-06-08 13:19:23 -07:00
Eric Chiang	ef40aa9572	pkg/master: enable certificates API and add rbac authorizer	2016-05-25 14:24:47 -07:00
Hai Huang	235020ad64	getting emailAddress from TLS cert	2016-05-23 18:36:14 -04:00
CJ Cullen	d03dbbcc14	Add LRU Expire cache to webhook authorizer.	2016-05-21 14:50:50 -07:00
k8s-merge-robot	346f965871	Merge pull request #25694 from cjcullen/authncache Automatic merge from submit-queue Cache Webhook Authentication responses Add a simple LRU cache w/ 2 minute TTL to the webhook authenticator. Kubectl is a little spammy, w/ >= 4 API requests per command. This also prevents a single unauthenticated user from being able to DOS the remote authenticator.	2016-05-21 10:48:38 -07:00
Bobby Rullo	e85940ed17	add tests for newOIDCAuthProvider	2016-05-18 17:03:11 -07:00
Bobby Rullo	c990462d0f	Refactor test oidc provider into its own package This makes it easier to test other OIDC code.	2016-05-18 17:03:11 -07:00
CJ Cullen	57f96a932f	Add expiration LRU cache for webhook token authenticator.	2016-05-18 11:58:11 -07:00
CJ Cullen	eb3b0e78b4	Add a webhook token authenticator plugin.	2016-05-10 14:54:35 -07:00
CJ Cullen	1d096d29cb	Pull common webhook code into generic webhook plugin.	2016-05-10 14:41:14 -07:00
Clayton Coleman	e0ebcf4216	Split the storage and negotiation parts of Codecs The codec factory should support two distinct interfaces - negotiating for a serializer with a client, vs reading or writing data to a storage form (etcd, disk, etc). Make the EncodeForVersion and DecodeToVersion methods only take Encoder and Decoder, and slight refactoring elsewhere. In the storage factory, use a content type to control what serializer to pick, and use the universal deserializer. This ensures that storage can read JSON (which might be from older objects) while only writing protobuf. Add exceptions for those resources that may not be able to write to protobuf (specifically third party resources, but potentially others in the future).	2016-05-05 12:08:23 -04:00
Wojciech Tyczynski	3aadafd411	Use NegotiatedSerializer in client	2016-05-04 10:57:36 +02:00
zhouhaibing089	bf1a3f99c0	Uncomment the code that cause by #19254	2016-04-25 23:21:31 +08:00
CJ Cullen	e53aa93836	Add Subresource & Name to webhook authorizer.	2016-04-19 21:43:40 -07:00
Joe Finney	ae79677fd0	Remove global var for OIDC retry/backoff, and remove retries from unit tests.	2016-04-07 14:18:29 -07:00
k8s-merge-robot	1ad3049ed6	Merge pull request #23288 from smarterclayton/refactor_codec Auto commit by PR queue bot	2016-03-26 10:47:58 -07:00
Clayton Coleman	54eaa56b92	Add a streaming and "raw" abstraction to codec factory	2016-03-23 17:25:20 -04:00
zhouhaibing089	83248a9783	move keystone package to password since it is a password authenticator	2016-03-22 23:27:28 +08:00
harry	b0900bf0d4	Refactor diff into sub pkg	2016-03-21 20:21:39 +08:00
Harry Zhang	a4d04095d0	Refactor crlf & crypto	2016-03-21 20:20:05 +08:00
k8s-merge-robot	5d58c74398	Merge pull request #22304 from ericchiang/bump_go_oidc Auto commit by PR queue bot	2016-03-11 02:57:09 -08:00
k8s-merge-robot	d81d823ca5	Merge pull request #22393 from eparis/blunderbuss Auto commit by PR queue bot	2016-03-02 18:51:56 -08:00
Eric Paris	5e5a823294	Move blunderbuss assignees into tree	2016-03-02 20:46:32 -05:00
Eric Chiang	8df55ddbe5	plugin/pkg/auth/authenticator/token/oidc: update test to new go-oidc types The provider config has changed a little bit in go-oidc. It is more complete and now throws errors when unmarshaling provider configs that are missing required fields (as defined by the OpenID Connect Discovery spec). Update the oidc plugin to use the new type.	2016-03-01 11:39:18 -08:00
Kris	e664ef922f	Move restclient to its own package	2016-02-29 12:05:13 -08:00
k8s-merge-robot	00d99ac261	Merge pull request #20347 from ericchiang/authz_grpc Auto commit by PR queue bot	2016-02-26 22:00:42 -08:00
k8s-merge-robot	7f1b699880	Merge pull request #21071 from soltysh/server_close Auto commit by PR queue bot	2016-02-23 06:34:27 -08:00
Eric Chiang	3116346161	*: add webhook implementation of authorizer.Authorizer plugin	2016-02-22 11:39:07 -08:00
k8s-merge-robot	f366baeaeb	Merge pull request #21128 from yifan-gu/fix_oidc_tailing_slash_issuer Auto commit by PR queue bot	2016-02-15 17:46:49 -08:00
k8s-merge-robot	43fb544a4a	Merge pull request #21001 from ericchiang/oidc_groups Auto commit by PR queue bot	2016-02-14 05:24:43 -08:00
Eric Chiang	92d37d5cc5	plugin/pkg/auth/authenticator/token/oidc: get groups from custom claim	2016-02-12 09:58:18 -08:00
Dan Williams	905dfd9b77	Fix another instance of golang #12262 Reliably reproducible on two up-to-date Fedora 23 machines using go 1.5.3, both one Core i7-4770R and a Core i7-4790. https://github.com/golang/go/issues/12262	2016-02-12 10:04:48 -06:00
Yifan Gu	36bd693d3a	oidc: Remove tailing slash before fetching the provider config.	2016-02-12 16:40:45 +08:00
Maciej Szulik	72654d347c	Comment out calls to httptest.Server.Close() to work around https://github.com/golang/go/issues/12262 . See #19254 for more details. This change should be reverted when we upgrade to Go 1.6.	2016-02-11 16:16:11 +01:00
Arsen Mamikonyan	8b5e9e2885	Change repository references to https://github.com/kubernetes/kubernetes	2016-01-22 10:23:14 -05:00
Harry Zhang	936a11e775	Use networking to hold network related pkgs Change names of unclear methods Use net as pkg name for short	2016-01-15 13:46:16 +08:00
David Oppenheimer	8ac484793d	Comment out calls to httptest.Server.Close() to work around https://github.com/golang/go/issues/12262 . See #19254 for more details. This change should be reverted when we upgrade to Go 1.6.	2016-01-11 23:02:11 -08:00
Yifan Gu	04db432fb4	auth: Add Close() for OIDC authenticator.	2015-12-23 01:26:20 -08:00
Yifan Gu	207fb721b9	Godeps: bump go-oidc to fix the race in tests.	2015-12-14 13:32:16 -08:00
Kris	0a4ee958c7	Use http's basic auth instead of manual encoding	2015-11-06 10:19:01 -08:00
Rohith	ee691aa1ab	[tokenfile] - the groups field has been changed to a single column option as requested in https://github.com/kubernetes/kubernetes/pull/15704 [docs] - updated the docs related the the tokefile along with an example	2015-10-21 10:37:35 +01:00
Rohith	f02c80584b	[plugin/auth/tokenfile] - allowing for variable length groups to be added to the static token file [docs/admin/authentication] - updating the documentation for token file	2015-10-19 17:14:14 +01:00
eulerzgy	f8f9afb874	alias local packagename for pkg/util/errors	2015-10-18 09:37:46 +08:00
Jordan Liggitt	2a1286c8f2	Add util to set transport defaults	2015-10-02 02:29:46 -04:00
Yifan Gu	ae22bd5710	plugin/pkg/auth: add tests for OpenID Connect authenticator.	2015-08-21 15:27:08 -07:00
Yifan Gu	6376e41850	plugin/pkg/auth: add OpenID Connect token authenticator. Also add related new flags to apiserver: "--oidc-issuer-url", "--oidc-client-id", "--oidc-ca-file", "--oidc-username-claim", to enable OpenID Connect authentication.	2015-08-21 15:27:08 -07:00
Ruddarraju, Uday Kumar Raju	937db3f70d	Keystone authentication plugin	2015-08-13 09:46:30 -07:00
Mike Danese	8e33cbfa28	rewrite go imports	2015-08-05 17:30:03 -07:00
Eric Paris	6b3a6e6b98	Make copyright ownership statement generic Instead of saying "Google Inc." (which is not always correct) say "The Kubernetes Authors", which is generic.	2015-05-01 17:49:56 -04:00
Robert Bailey	6d85dcb4a0	Add support for HTTP basic auth to the kube-apiserver.	2015-04-28 10:33:51 -07:00
Tim Hockin	4fcd496d59	change everything to use new util/errors	2015-01-08 22:10:03 -08:00
Rohit Jnagal	62ecd5f3ff	Fix few vet errors. There are quite a few 'composite literal uses unkeyed fields' errors that I have kept out of this patch. And there's a couple where vet just seems confused. These are the easiest ones.	2015-01-07 08:40:16 +00:00
George Kuan	5e1fc1f4e0	Fixes #1605 : make ErrorList introspectable by replacing ErrorList and ErrorList#ToError with []error and util.SliceToError() respectively	2014-12-12 10:56:31 -08:00
Jordan Liggitt	09ba404fb7	x509 request authenticator	2014-12-09 09:34:16 -05:00
deads2k	d8d889ef73	add union auth request handler	2014-11-26 10:51:23 -05:00
Jordan Liggitt	3532be3c82	Add basicauth and password authenticators	2014-11-24 17:52:10 -05:00
Jordan Liggitt	c895331277	Make master take authenticator.Request interface instead of tokenfile	2014-11-19 15:07:51 -05:00

... 5 6 7 8 9

412 Commits (450aa52a1258a6a83cab3e0d7bd6b8dffcc99537)