github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
67,693 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

27 Commits (617078d220cfa28d35c519e5b91e7f42a0902467)

Author SHA1 Message Date
Antoine Pelisse 03b1e14101 dry-run: Create new options for Update/Create and pass it along 2018-07-12 07:18:37 -07:00
jennybuckley d10e08fc89 Allow override AllowCreateOnUpdate with new argument to Update 2018-06-28 14:24:51 -07:00
Jordan Liggitt 1034efd439
Allow non-RBAC authorizers to participate in role/clusterrole escalation checks 2018-06-06 15:31:05 -04:00
David Eads 092714ea0f switch rbac to external 2018-05-22 08:17:05 -04:00
David Eads 8ae62517da remove rootscopedkinds from groupmeta 2018-05-01 13:08:23 -04:00
Mike Danese 54fd2aaefd replace request.Context with context.Context 2018-04-24 08:59:00 -07:00
David Eads f34fb9b0ab handle clusterrole migration 2017-11-13 08:18:00 -05:00
David Eads 0f0a5223df rbac api changes for aggregation 2017-11-13 08:14:37 -05:00
Dr. Stefan Schimanski 012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski 2452afffe0 admission: wire create+update validation func into kube registries 2017-11-02 09:29:16 +01:00
Monis Khan f3d9b940bb
Allow update to GC fields for RBAC resources 
This change makes it so that no escalation check is performed when
updating only the garbage collector fields (owner references and
finalizers) of RBAC resources.  This allows the
garbage collector to delete roles that grant permissions such
as "create", which it will never have.

Signed-off-by: Monis Khan <mkhan@redhat.com>
 2017-08-01 13:40:10 -04:00
Clayton Coleman 2568a92119
Grow signature for predicate attributes to include init status 2017-06-02 22:09:04 -04:00
Clayton Coleman 331eea67d8
Allow initialization of resources 
Add support for creating resources that are not immediately visible to
naive clients, but must first be initialized by one or more privileged
cluster agents. These controllers can mark the object as initialized,
allowing others to see them.

Permission to override initialization defaults or modify an initializing
object is limited per resource to a virtual subresource "RESOURCE/initialize"
via RBAC.

Initialization is currently alpha.
 2017-06-02 22:09:03 -04:00
Dr. Stefan Schimanski 536460e1d9 Mechanical fixup imports: pkg/genericapiserver 2017-02-03 08:15:45 +01:00
Dr. Stefan Schimanski 3d9449a353 genericapiserver: fix imports 2017-01-19 13:06:47 +01:00
Dr. Stefan Schimanski 5c88b7d05a Fix imports 2017-01-17 09:30:30 +01:00
deads2k 77b4d55982 mechanical 2017-01-16 09:35:12 -05:00
deads2k 31b6ba4e94 mechanicals 2017-01-13 16:33:09 -05:00
Dr. Stefan Schimanski cf60bec396 Split out server side code from pkg/apis/rbac/validation 2017-01-11 18:31:58 +01:00
deads2k 6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
Dr. Stefan Schimanski 87dd990bb7 Move pkg/api.{Context,RequestContextMapper} into pkg/genericapiserver/api/request 2017-01-03 14:57:33 +01:00
xilabao c9525c83ed remove wrapUpdatedObjectInfo from rbac storage 2016-12-08 15:06:41 +08:00
deads2k 2923d09091 remove rbac super user 2016-12-05 13:49:54 -05:00
deads2k f73d1ea90a make sure that the bootstrap rbac rules are getting created in test-cmd 2016-10-10 15:00:36 -04:00
deads2k 57039cfdfa make well-known users and groups into constants 2016-09-30 10:34:33 -04:00
deads2k 4c8959df59 pass loopback config to posthooks 2016-09-30 10:34:33 -04:00
deads2k a2a6423574 separate RESTStorage by API group 2016-09-20 08:00:50 -04:00