This commit adds support to core resources to enable deferred deletion
of resources. Clients may optionally specify a time period after which
resources must be deleted via an object sent with their DELETE. That
object may define an optional grace period in seconds, or allow the
default "preferred" value for a resource to be used. Once the object
is marked as pending deletion, the deletionTimestamp field will be set
and an etcd TTL will be in place.
Clients should assume resources that have deletionTimestamp set will
be deleted at some point in the future. Other changes will come later
to enable graceful deletion on a per resource basis.
Also make sure all POST operations return 201 by default.
Removes the remainder of the asych logic in RESTStorage and
leaves it up to the API server to expose that behavior.
Added function to read basic ACL from a CSV file.
Added implementation of Authorize based on that file's policies.
Added docs on authentication and authorization.
Added example file and tested it.
Without this, tests which create a master
will panic with a nil pointer when the periodic
podCache update runs.
Deleted unused FakePodInfoGetter.
Added FakeKubeletClient.
Passed to master.New.
Required a KubeletClient in master.New.
Use some constants for tokens.
Refactor tokenfile creation to function.
Reorder some test cases to make lookups follow creates so they succeed.
Add expected status code to test cases (some are not quite what expected,
so filed bugs #2112, #2113, #2114)
Check expected status codes.
Close Body after each iterations so that we don't run out of file handles
when I add even more test cases in the next PR.
Handle that it is unpredictable whether status 200 or 202 is returned.
Added basic interface for authorizer implementations.
Added default "authorize everything" and "authorize nothing
implementations.
Added authorization check immediately after authentication check.
Added an integration test of authorization at the HTTP level of
abstraction.
Callsites no longer allocate a mux.
Master now exposes method to install handlers
which use the master's auth code. Not used
but forks (openshift) are expected to use these
methods. These methods will later be a point
for additional plug-in functionality.
Integration tests now use the master-provided
handler which has auth, rather than using the mux,
which didn't. Fix TestWhoAmI now that /_whoami
sits behind auth.
Added new endpoint /_whoami for debugging authentication.
Added integration test which checks that a user is authenticated
using token authentication.
Rearranged initialization of authenticator to support preceeding.
Clayton Coleman