cacafc1947
Mark audit e2e tests as flaky
2019-03-18 14:59:37 -04:00
c4e0ede58b
add missing psp e2e tests for runasgroup
2019-03-12 22:07:07 -07:00
898700d104
removes cluster type restrictions from dynamic audit e2e test
2019-03-05 14:38:58 -07:00
718a747961
fix missing event report handling in dynamic audit e2e
2019-03-05 14:38:58 -07:00
62edfe8d97
adds owner of TODO comments in dynamic audit e2e test
2019-03-05 14:38:58 -07:00
db1207c646
adds better logging around retry loops in dynamic audit e2e test
2019-03-05 14:38:58 -07:00
67a245ae61
remove unneeded println
2019-03-05 14:38:58 -07:00
45d715cdc6
adds dynamic audit e2e test
2019-03-05 14:38:58 -07:00
b5566c7818
Merge pull request #71896 from awly/client-go-keyutil
...
client-go: extract new keyutil package from util/cert
2019-02-23 01:43:16 -08:00
9e4f8d6fae
Audit test utils fix ( #74276 )
...
* changes audit e2e event version scheme; adds internal audit to common audit scheme; removes unneeded comments
* add more detail to audit missing events in e2e/integration tests
* adds version priority to audit scheme; updates comment
2019-02-22 00:19:51 -08:00
18458392ca
Extract new keyutil package from client-go/util/cert
...
This package contains public/private key utilities copied directly from
client-go/util/cert. All imports were updated.
Future PRs will actually refactor the libraries.
Updates #71004
2019-02-19 09:48:59 -08:00
b43c04452f
Updated OWNERS files to include link to docs
2019-02-04 22:33:12 +01:00
7c37e91a6d
Re-Organize the pkutil library
2019-01-26 14:56:36 +05:30
6a8ad537a7
Merge pull request #72688 from liggitt/token-test
...
Update service account token mount test
2019-01-10 14:42:51 -08:00
8955857998
Merge pull request #71199 from k-toyoda-pi/fix_node_authn_e2e_test
...
e2e/auth: fix NodeAuthenticator tests not working
2019-01-10 02:31:28 -08:00
421d8649bf
Update service account token mount test
2019-01-08 11:27:51 -05:00
10f45aacd5
Split audit test cases into separate tests
2018-12-18 16:58:19 -08:00
f9df691c72
Add an impersonation test case to the audit E2E test
2018-12-18 11:13:39 +01:00
52959b4bcb
e2e/auth: fix NodeAuthenticator tests not working
2018-11-19 15:40:17 +09:00
9b31985b08
fix client-side specification of timeout now that it is honored
2018-11-16 11:43:37 -05:00
fb6716e83c
Merge pull request #67495 from islinwb/policy_psp
...
use PodSecurityPolicySpec of policy/v1beta1 instead of extensions/v1beta1
2018-10-29 08:31:15 -07:00
8c4fd312c9
make error messages more helpful for some e2e auth tests
2018-10-18 22:03:02 +02:00
e81776b140
update bazel
2018-10-18 10:18:15 +08:00
d02e3bd780
use PodSecurityPolicySpec of policy/v1beta1 instead of extensions/v1beta1
2018-10-18 10:18:13 +08:00
766f5875bf
Remove ericchiang from OWNERS files
...
Kept myself in the OpenID Connect ones for now.
2018-10-11 18:11:15 -07:00
0a6389e872
Add e2e test for TTL after finished
2018-09-04 14:21:14 -07:00
a224e53dab
Merge pull request #66842 from hanxiaoshuai/cleanup0801
...
Automatic merge from submit-queue (batch tested with PRs 65297, 67179, 67116, 67011, 66842). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md ">here</a>.
clean up unused parameter in func restrictedPod and testPrivilegedPods
**What this PR does / why we need it**:
clean up unused parameter in func restrictedPod and testPrivilegedPods
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/kind cleanup
**Release note**:
```release-note
NONE
```
2018-08-09 08:39:41 -07:00
28b2b21287
Merge pull request #65891 from CaoShuFeng/audit_v1_stable
...
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md ">here</a>.
upgrade Audit api version to stable
Partial Fix: https://github.com/kubernetes/kubernetes/issues/65266
TODO:
use v1 version of advanced audit policy in [kubeadm](86b9a53226/cmd/kubeadm/app/util/audit/utils.go (L29)86b9a53226/cluster/gce/gci/configure-helper.sh (L743)86b9a53226/test/kubemark/resources/start-kubemark-master.sh (L349)
2018-08-08 02:17:24 -07:00
7e61ea9e72
clean up unused parameter in func restrictedPod and testPrivilegedPods
2018-08-01 09:55:39 +08:00
e0796ab913
should get return err and check it
2018-08-01 09:34:41 +08:00
858e4508c4
add an integration test for advanced audit feature
2018-07-31 11:10:51 +08:00
f1343af5d7
auto-generated file
2018-07-28 07:54:17 +08:00
55251c716a
update the import file for move util/pointer to k8s.io/utils
2018-07-27 19:47:02 +08:00
dbeb16c221
Adding details to Conformance Tests using RFC 2119 standards.
2018-07-05 16:02:59 -07:00
42f1e81488
apiextensions-apiserver: add pkg/cmd/server/testing pkg for integration bootstrapping
...
In analogy to kube-apiserver.
2018-07-05 17:34:16 +02:00
23ceebac22
Run hack/update-bazel.sh
2018-06-22 16:22:57 -07:00
924df8a111
auto-generated files
2018-06-12 17:05:27 +08:00
8094e1c681
add e2e regression tests for the kubelet being secure
2018-06-12 17:05:27 +08:00
deb632e727
Merge pull request #64204 from sttts/sttts-unify-NewNoxuInstance
...
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md ">here</a>.
apiextensions: unify mono- and multi-versioned test helpers
The mono-versioned helpers are a special case of the multi-versioned ones.
Fixes part of https://github.com/kubernetes/kubernetes/issues/64136 .
2018-05-25 04:49:37 -07:00
818147d6fb
apiextensions: make CreateNewCustomResourceDefinition return created CRD
2018-05-23 21:41:55 +02:00
046ae81e35
e2e/auth: Expect apps/v1 Deployment calls in audit test.
2018-05-22 13:43:07 -07:00
a6a5190494
test/e2e: Use apps/v1 Deployment/ReplicaSet.
...
This must be done at the same time as the controller update,
since they share code.
2018-05-22 13:43:06 -07:00
b75d6464c8
Merge pull request #63189 from hzxuzhonghu/master
...
Automatic merge from submit-queue (batch tested with PRs 61804, 63189). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md ">here</a>.
make use of simple dynamic client instead of deprecated client pool
**What this PR does / why we need it**:
Use simple dynamic client through all integration test.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #63182
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
2018-04-27 08:44:07 -07:00
393324497f
make use of simple dynamic client in test
2018-04-27 13:38:58 +08:00
e102633ae8
Change docker/default to runtime/default
2018-04-19 10:39:53 -07:00
58c0748b4d
Merge pull request #58807 from CaoShuFeng/audit_annotation_rbac
...
Automatic merge from submit-queue (batch tested with PRs 61183, 58807). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md ">here</a>.
Add RBAC information to audit logs
Depends on: https://github.com/kubernetes/kubernetes/pull/58806
**Release note**:
```release-note
RBAC information is included in audit logs via audit.Event annotations:
authorization.k8s.io/decision = {allow, forbid}
authorization.k8s.io/reason = human-readable reason for the decision
```
2018-04-06 19:31:04 -07:00
1bb810e749
Use pause manifest image
2018-04-06 11:00:50 +05:30
c46738a3f0
Merge pull request #60073 from justaugustus/int-to-int32ptr
...
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md ">here</a>.
Use `pkg/util/pointer` functions instead of self-written versions
**What this PR does / why we need it**:
Replaces instances of module-written `int(32|64)? --> *int(32|64)?` functions with functions from k8s.io/kubernetes/pkg/util/pointer
**Special notes for your reviewer**:
Here's the grep used, based on the comments in:
* https://github.com/kubernetes/kubernetes/pull/59924#issuecomment-366119396
* https://github.com/kubernetes/kubernetes/issues/59971#issue-297766556
```bash
$ git grep -E 'func\ [^ (]+\([^ ]+\ int(32|64)?\)\ \*int(32|64)?' !(vendor|staging) | grep -v pkg/util/pointer
pkg/apis/apps/v1/defaults_test.go:func newInt32(val int32) *int32 {
pkg/apis/apps/v1beta1/defaults_test.go:func newInt32(val int32) *int32 {
pkg/apis/apps/v1beta2/defaults_test.go:func newInt32(val int32) *int32 {
pkg/apis/autoscaling/v1/defaults_test.go:func newInt32(val int32) *int32 {
pkg/apis/autoscaling/v2beta1/defaults_test.go:func newInt32(val int32) *int32 {
pkg/apis/autoscaling/validation/validation_test.go:func newInt32(val int32) *int32 {
pkg/apis/batch/v1/defaults_test.go:func newInt32(val int32) *int32 {
pkg/apis/batch/v1beta1/defaults_test.go:func newInt32(val int32) *int32 {
pkg/apis/core/v1/defaults_test.go:func newInt(val int32) *int32 {
pkg/apis/core/validation/validation_test.go:func newInt32(val int) *int32 {
pkg/apis/extensions/v1beta1/defaults_test.go:func newInt32(val int32) *int32 {
pkg/controller/deployment/sync_test.go:func intOrStrP(val int) *intstr.IntOrString {
pkg/kubectl/autoscale_test.go:func newInt32(value int) *int32 {
plugin/pkg/admission/security/podsecuritypolicy/admission_test.go:func userIDPtr(i int) *int64 {
plugin/pkg/admission/security/podsecuritypolicy/admission_test.go:func groupIDPtr(i int) *int64 {
test/e2e/apps/deployment.go:func intOrStrP(num int) *intstr.IntOrString {
test/e2e/auth/pod_security_policy.go:func intPtr(i int64) *int64 {
test/integration/deployment/util.go:func intOrStrP(num int) *intstr.IntOrString {
```
**Release note**:
```release-note
NONE
```
/kind cleanup
/cc @php-coder
/assign @tallclair
2018-04-02 16:22:28 -07:00
ab8dc12333
node authorizer sets up access rules for dynamic config
...
This PR makes the node authorizer automatically set up access rules for
dynamic Kubelet config.
I also added some validation to the node strategy, which I discovered we
were missing while writing this.
2018-03-27 08:49:45 -07:00
09aa0b9c1d
pkg/util/pointer: Update `int` pointer functions
...
* Implement `Int64Ptr` function
* Replace per module functions of `int(32|64)?` --> `*int(32|64)?`
* Update bazel rules
2018-03-27 10:30:01 -04:00
Jordan Liggitt