github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
76,507 Commits
32 Branches
881 Tags
632 MiB
Commit Graph

102 Commits (750881c0ab62a9f59d53582bc33826caa167aa83)

Author SHA1 Message Date
Erik Wilson 765fd253f6 Update vendor 2019-08-19 09:17:28 -07:00
Andrew Lytvynov 18458392ca Extract new keyutil package from client-go/util/cert 
This package contains public/private key utilities copied directly from
client-go/util/cert. All imports were updated.

Future PRs will actually refactor the libraries.

Updates #71004
 2019-02-19 09:48:59 -08:00
Roy Lenferink b43c04452f Updated OWNERS files to include link to docs 2019-02-04 22:33:12 +01:00
Jordan Liggitt a9dc919f82 Look up service accounts from informer before trying live lookup 2018-12-06 16:48:39 -05:00
Mike Danese 67bbf753cb retrofit svcacct token authenticator to support audience validation 2018-11-13 20:38:41 -08:00
Davanum Srinivas 954996e231
Move from glog to klog 
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
 2018-11-10 07:50:31 -05:00
Jordan Liggitt 360a890c58 serviceaccount subproject approvers/reviewers 2018-11-06 00:57:39 -05:00
Mike Danese e5227216c0 rebase authenticators onto new interface. 2018-10-22 10:16:59 -07:00
k8s-ci-robot 3478e94495
Merge pull request #69664 from stepyu/master 
fix typos
 2018-10-14 08:13:37 -07:00
stepyu 75887ec33c fix typos 2018-10-12 16:56:08 +08:00
Eric Chiang 766f5875bf Remove ericchiang from OWNERS files 
Kept myself in the OpenID Connect ones for now.
 2018-10-11 18:11:15 -07:00
WanLinghao 1c8d0eec01 add a test case which check secret's type 2018-09-26 09:21:36 +08:00
Mike Danese 43eaeb8c6c svcacct: pass pod information in user.Info.Extra() when available 
Fixes https://github.com/kubernetes/kubernetes/issues/59670
 2018-08-31 11:54:50 -07:00
Kubernetes Submit Queue 166a1356e8
Merge pull request #62420 from mikedanese/jose-bump 
Automatic merge from submit-queue (batch tested with PRs 67707, 62420). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

svcacct: support jose.OpaqueSigner and push errors to token generator creation

```release-note
NONE
```
 2018-08-23 15:39:59 -07:00
Mike Danese e68f14a249 jwt: support opaque signer and push errors to token generator creation 2018-08-23 12:21:56 -07:00
yue9944882 17306b540b externalize serviceaacount admission controller 
remove unused internal serviceaccount util
 2018-08-22 11:41:54 +08:00
WanLinghao ac94a0a253 fix a nit error in log 2018-06-27 14:21:27 +08:00
Jeff Grafton 23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
Jeff Grafton a725660640 Update to gazelle 0.12.0 and run hack/update-bazel.sh 2018-06-22 16:22:18 -07:00
Mike Danese f39ec8b333 add myself as an approver in various auth related directories 
matching the subprojects I work on:

https://docs.google.com/document/d/1RJvnSPOJ3JC61gerCpCpaCtzQjRcsZ2tXkcyokr6sLY/edit
 2018-05-17 11:32:37 -07:00
WanLinghao 9e7379ab97 clean duplicate test function 2018-04-27 13:43:12 +08:00
WanLinghao 198b9e482c fix a error in serviceaccount validate. 
This error is a human-writing error.
	Small as it is, it could cause recreate Object validate
	through bug.
	This patch fix it.
 2018-04-24 14:48:37 +08:00
WanLinghao c1e5b1bf2c Clean unused error type variable 
The function which invoked this variable
	was removed by
	https://github.com/kubernetes/kubernetes/pull/58725/
 2018-04-15 14:05:55 +08:00
Mike Danese 024f57affe implement token authenticator for new id tokens 2018-02-27 17:20:46 -08:00
Mike Danese 8ad1c6655b add support for /token subresource in serviceaccount registry 2018-02-21 13:16:51 -08:00
Kubernetes Submit Queue 237007b615
Merge pull request #59934 from mikedanese/jwt-auth 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

svcacct: make token authenticator fully generic

so it can be used for both new and legacy svcacct tokens. Also move the
legacy validator into legacy.go.

part of https://github.com/kubernetes/kubernetes/issues/58790

```release-note
NONE
```
 2018-02-20 18:40:59 -08:00
Mike Danese 2862fb333a svcacct: make token authenticator fully generic 
so it can be used for both new and legacy svcacct tokens. Also move the
legacy validator into legacy.go.
 2018-02-20 12:30:42 -08:00
Jeff Grafton ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
Mike Danese 7d74c35963 svcacct: move claim generation out of TokenGenerator 2018-02-06 13:19:54 -08:00
Ti Zhou 10cda2686f Add tests for pkg/serviceaccount. 2018-02-02 11:11:13 +08:00
Mike Danese c89cb942cd serviceaccount: handle jwt flow specific validation in seperate validator struct 2018-01-24 20:40:54 -08:00
Mike Danese 057b7af798 serviceaccount: check token is issued by correct iss before verifying 
Right now if a JWT for an unknown issuer, for any subject hits the
serviceaccount token authenticator, we return a errors as if the token
was meant for us but we couldn't find a key to verify it. We should
instead return nil, false, nil.

This change helps us support multiple service account token
authenticators with different issuers.
 2018-01-24 20:21:59 -08:00
Mike Danese 33046de3cf move service account signing to using go-jose 
also extract custom validation to seperate function
 2018-01-23 17:40:08 -08:00
linweibin fa8afc1d39 Remove unused code in UT files in pkg/ 2018-01-15 16:02:35 +08:00
iloayuil c4b908ad52
typo wrong, not "namespace", but "secretName" 
namespace, _ := claims[NamespaceClaim].(string)
		if len(namespace) == 0 {
			return nil, false, errors.New("namespace claim is missing")
		}
		secretName, _ := claims[SecretNameClaim].(string)
		if len(namespace) == 0 {
			return nil, false, errors.New("secretName claim is missing")
		}
 2017-12-15 09:27:52 +08:00
Dr. Stefan Schimanski bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski 012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Jeff Grafton aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Kubernetes Submit Queue afabd09889 Merge pull request #50876 from enj/enj/f/owners_reviewer 
Automatic merge from submit-queue

Add enj as reviewer to OWNERS

Adding myself as a reviewer for the following areas:

- API
- auth
- registry
- storage (etcd)

Signed-off-by: Monis Khan <mkhan@redhat.com>

**Release note**:

```release-note
NONE
```

@kubernetes/sig-api-machinery-pr-reviews
@kubernetes/sig-auth-pr-reviews
 2017-08-18 05:42:07 -07:00
Kubernetes Submit Queue c3a39f763e Merge pull request #48263 from CaoShuFeng/useless_argument 
Automatic merge from submit-queue

remove useless argument "name"

**Release note**:

```
NONE
```
 2017-08-18 05:41:45 -07:00
Monis Khan dd06794bc2
Add enj as reviewer to OWNERS 
Adding myself as a reviewer for the following areas:

- API
- auth
- registry
- storage (etcd)

Signed-off-by: Monis Khan <mkhan@redhat.com>
 2017-08-17 20:42:46 -04:00
Jeff Grafton a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton 33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Jeff Grafton cf55f9ed45 Autogenerate BUILD files 2017-08-11 09:30:23 -07:00
Christoph Blecker aac4d5382d
Move remaining cert helper functions to client-go/util/cert 
- Move public key functions to client-go/util/cert
- Move pki file helper functions to client-go/util/cert
- Standardize on certutil package alias
- Update dependencies to client-go/util/cert
 2017-08-03 13:17:07 -07:00
Jacob Simpson 29c1b81d4c Scripted migration from clientset_generated to client-go. 2017-07-17 15:05:37 -07:00
deads2k 0939602ca6 don't accept delete tokens that are waiting to be reaped 2017-06-30 09:22:36 -04:00
Cao Shufeng 2e97611bc6 remove useless argument "name" 2017-06-29 17:36:00 +08:00
Chao Xu 60604f8818 run hack/update-all 2017-06-22 11:31:03 -07:00
Chao Xu f4989a45a5 run root-rewrite-v1-..., compile 2017-06-22 10:25:57 -07:00