github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
54,539 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

19 Commits (500642602210088447c9dcd7abe2e26815f271ed)

Author SHA1 Message Date
Eric Chiang 1f8ee7fe13 oidc auth: make the OIDC claims prefix configurable 
Add the following flags to control the prefixing of usernames and
groups authenticated using OpenID Connect tokens.

	--oidc-username-prefix
	--oidc-groups-prefix
 2017-08-18 09:49:32 -07:00
Jordan Liggitt 0458fac8c0
Simplify bearer token auth chain, cache successful authentications 2017-08-09 23:37:24 -04:00
Christoph Blecker aac4d5382d
Move remaining cert helper functions to client-go/util/cert 
- Move public key functions to client-go/util/cert
- Move pki file helper functions to client-go/util/cert
- Standardize on certutil package alias
- Update dependencies to client-go/util/cert
 2017-08-03 13:17:07 -07:00
Eric Chiang e2f2ab67f2 *: remove --insecure-allow-any-token option 
e2e and integration tests have been switched over to the tokenfile
authenticator instead.

```release-note
The --insecure-allow-any-token flag has been removed from kube-apiserver. Users of the flag should use impersonation headers instead for debugging.
```
 2017-07-18 16:03:15 -07:00
Jordan Liggitt 6a872c09eb
Use websocket protocol authenticator in apiserver 2017-06-21 09:47:34 -04:00
Kubernetes Submit Queue 7d4fe5f3cd Merge pull request #41775 from CaoShuFeng/username_password_401_403 
Automatic merge from submit-queue

Ensure invalid username/password returns 401 error, not 403

If a user attempts to use basic auth, and the username/password combination
is rejected, the authenticator should return an error. This distinguishes
requests that did not provide username/passwrod (and are unauthenticated
without error) from ones that attempted to, and failed.

Related to:
https://github.com/kubernetes/kubernetes/pull/39408
 2017-04-07 17:35:42 -07:00
deads2k 379a73a8db make the system:authenticated group adder smarter 2017-03-03 12:32:52 -05:00
Cao Shufeng 0ec585c139 Ensure invalid username/password returns 401 error, not 403 
If a user attempts to use basic auth, and the username/password combination
is rejected, the authenticator should return an error. This distinguishes
requests that did not provide username/passwrod (and are unauthenticated
without error) from ones that attempted to, and failed.
 2017-02-22 04:52:05 -05:00
Eric Chiang a0df658b20 kube-apiserver: add a bootstrap token authenticator for TLS bootstrapping 2017-02-21 08:43:55 -08:00
deads2k 0d8e6b8500 move genericapiserver authenticator and authorizer factories 2017-01-26 08:50:47 -05:00
Dr. Stefan Schimanski 4077e0bba7 genericapiserver: move authn plugins into k8s.io/apiserver 2017-01-24 20:56:03 +01:00
deads2k 5a8f075197 move authoritative client-go utils out of pkg 2017-01-24 08:59:18 -05:00
deads2k ee6752ef20 find and replace 2017-01-20 08:04:53 -05:00
deads2k 31b6ba4e94 mechanicals 2017-01-13 16:33:09 -05:00
deads2k c4fae4e690 mechanical repercussions 2017-01-11 15:20:36 -05:00
deads2k 1df5b658f2 switch webhook to clientgo 2017-01-09 16:53:24 -05:00
deads2k 4d7fcae85a mechanicals 2017-01-05 11:14:27 -05:00
deads2k ca58ec0237 mechanical changes for move 2017-01-04 10:27:05 -05:00
deads2k ab1b77673f decouple genericapiserver from non-generic authenticator 2016-12-22 07:48:08 -05:00