github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
58,175 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

62 Commits (920a5b312806b1a5240a383e2765ef45c74467f7)

Author SHA1 Message Date
Mike Danese 12125455d8 move authorizers over to new interface 2017-11-03 13:46:28 -07:00
Dr. Stefan Schimanski ce6ecbbc54 Remove all api.Scheme references by using explicit package aliases 2017-10-30 19:54:02 +01:00
Jeff Grafton aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Chen Rong ed8adf6e51 generated 2017-09-01 19:11:19 +08:00
xilabao f14c138438 add selfsubjectrulesreview api 2017-09-01 19:09:43 +08:00
Jeff Grafton a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton 33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Mike Danese a05c3c0efd autogenerated 2017-04-14 10:40:57 -07:00
Cao Shufeng 6d433de425 Fix abac oplicy example file 
"system:unauthenticated" is a group name rather than user name.
Fix it in the example file.
 2017-02-27 07:24:57 -05:00
Kubernetes Submit Queue 954a86d701 Merge pull request #36116 from apelisse/owners-pkg-auth- 
Automatic merge from submit-queue

Curating Owners: pkg/auth/

cc @liggitt @erictune

In an effort to expand the existing pool of reviewers and establish a
two-tiered review process (first someone lgtms and then someone
experienced in the project approves), we are adding new reviewers to
existing owners files.


If You Care About the Process:
------------------------------

We did this by algorithmically figuring out who’s contributed code to
the project and in what directories.  Unfortunately, that doesn’t work
well: people that have made mechanical code changes (e.g change the
copyright header across all directories) end up as reviewers in lots of
places.

Instead of using pure commit data, we generated an excessively large
list of reviewers and pruned based on all time commit data, recent
commit data and review data (number of PRs commented on).

At this point we have a decent list of reviewers, but it needs one last
pass for fine tuning.

TLDR:
-----

As an owner of a sig/directory and a leader of the project, here’s what
we need from you:

1. Use PR https://github.com/kubernetes/kubernetes/pull/35715 as an example.

2. The pull-request is made editable, please edit the `OWNERS` file to
remove the names of people that shouldn't be reviewing code in the future in
the **reviewers** section. You probably do NOT need to modify the **approvers**
section. Names are sorted by relevance, using some secret statistics.

3. Notify me if you want some OWNERS file to be removed.  Being an
approver or reviewer of a parent directory makes you a reviewer/approver
of the subdirectories too, so not all OWNERS files may be necessary.

4. Please use ALIAS if you want to use the same list of people over and
over again (don't hesitate to ask me for help, or use the pull-request
above as an example)
 2017-01-13 15:19:04 -08:00
deads2k 5280c8d3ac moves of genericapiserver packages without dependencies 2017-01-11 15:06:38 -05:00
deads2k 6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
Jeff Grafton 20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
deads2k 4d7fcae85a mechanicals 2017-01-05 11:14:27 -05:00
deads2k b813e98a26 move no k8s.io/kubernetes dependencies round one 2017-01-05 11:09:42 -05:00
deads2k 1ebe759743 selectively move to client-go packages 2017-01-04 17:49:24 -05:00
deads2k ca58ec0237 mechanical changes for move 2017-01-04 10:27:05 -05:00
Mike Danese 161c391f44 autogenerated 2016-12-29 13:04:10 -08:00
Jordan Liggitt 742ef34484
Convert user/group * to match authenticated users only in ABAC 2016-12-19 13:41:35 -05:00
Mike Danese c87de85347 autoupdate BUILD files 2016-12-12 13:30:07 -08:00
Dr. Stefan Schimanski 0301487de0 Add verbs to APIResource for discovery 2016-12-05 12:36:04 +01:00
Antoine Pelisse 8e25666550 Update OWNERS: Remove reviewers: pkg/auth/ 2016-11-02 16:44:56 -07:00
Antoine Pelisse 5618056614 Update OWNERS approvers and reviewers: pkg/auth/ 2016-11-02 16:44:56 -07:00
Mike Danese df713b478c fix tests by declaring testdata 2016-10-21 17:32:32 -07:00
Mike Danese 3b6a067afc autogenerated 2016-10-21 17:32:32 -07:00
deads2k 8c20af79a4 fix loopback authorizer 2016-10-03 12:46:39 -04:00
Kubernetes Submit Queue 2db76ad133 Merge pull request #30369 from lixiaobing10051267/masterQuote 
Automatic merge from submit-queue

check using single quote in cmd/pkg/plugin
 2016-08-23 00:19:25 -07:00
Clayton Coleman 5f8366aac3
Convert() should accept the new conversion Context value 
Allows Convert() to reuse the same conversions as ConvertToVersion
without being overly coupled to the version.
 2016-08-18 14:45:20 -04:00
lixiaobing10051267 6cb66b6695 check using single quote in cmd/pkg/plugin 2016-08-10 23:32:09 +08:00
Michal Rostecki fa0dd46ab7 Return (bool, error) in Authorizer.Authorize() 
Before this change, Authorize() method was just returning an error,
regardless of whether the user is unauthorized or whether there
is some other unrelated error. Returning boolean with information
about user authorization and error (which should be unrelated to
the authorization) separately will make it easier to debug.

Fixes #27974
 2016-07-18 12:06:54 +02:00
deads2k f6f1ab34aa authorize based on user.Info 2016-07-14 07:48:42 -04:00
David McMahon ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
deads2k 02578a7ea7 add missing attributes to authorization interface 2016-03-29 08:46:21 -04:00
Clayton Coleman 4386e8cc38 Change legacy ABAC decode to use new Decoder 
The new Decode() method is able to deserialize an unknown type when an
explicit Into is provided.
 2016-01-22 01:10:23 -05:00
Clayton Coleman c1d932e44a Switch API objects to not register per version codecs 
Remove Codec from versionInterfaces in meta (RESTMapper is now agnostic
to codec and serialization). Register api/latest.Codecs as the codec
factory and use latest.Codecs.LegacyCodec(version) as an equvialent to
the previous codec.
 2016-01-22 01:10:21 -05:00
liggitt 23dc96f08e Fix example ABAC policy file 2016-01-12 14:22:20 -05:00
deads2k f764e0099c Update ObjectTyper to GroupVersion 2015-12-07 08:35:05 -05:00
Jordan Liggitt 2321651518 Add non-resource and API group support to ABAC authorizer, version ABAC policy rules 2015-12-03 12:31:13 -05:00
eulerzgy f8f9afb874 alias local packagename for pkg/util/errors 2015-10-18 09:37:46 +08:00
Jordan Liggitt 9d6b52881d Add authentication/authorization interfaces to kubelet, always include /metrics with /stats 2015-10-09 03:10:00 -04:00
Jordan Liggitt e024e55e8e Add verb to authorizer attributes 2015-10-01 23:54:02 -04:00
deads2k 8db054651c plumb APIGroup to authorization attributes and test 2015-09-30 09:45:10 -04:00
Wojciech Tyczynski 53ae56f205 Replace "minion" with "node" in bunch of places. 2015-09-14 11:07:11 +02:00
Ruddarraju, Uday Kumar Raju f8d6f13f7c Union of authorizers 2015-09-04 11:04:50 -07:00
Jordan Liggitt 848ec0491e fix ABAC tests 2015-08-10 16:07:08 -04:00
Marek Grabowski 5f9cefc1d8 Merge pull request #12441 from vlajos/typofixes-vlajos-20150807 
typofix - https://github.com/vlajos/misspell_fixer
 2015-08-10 16:33:52 +02:00
xiejunan 8d99ba94c8 modify example and doc for ABAC authorization 2015-08-10 18:46:13 +08:00
Veres Lajos 9f77e49109 typofix - https://github.com/vlajos/misspell_fixer 2015-08-08 22:31:48 +01:00
Mike Danese 8e33cbfa28 rewrite go imports 2015-08-05 17:30:03 -07:00
Jordan Liggitt 92bd58ede6 ServiceAccount e2e/integration tests 2015-05-11 17:18:06 -04:00