github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
49,980 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

51 Commits (d779e9c9561b732adf06263c5424889e7564fdbd)

Author SHA1 Message Date
Jordan Liggitt fc8e915a4b
Add Node authorization mode based on graph of node-related objects 2017-05-30 16:53:03 -04:00
deads2k be39283923 plumb stopch to post start hook index since many of them are starting go funcs 2017-05-11 09:16:13 -04:00
Mike Danese 21617a60ae don't use build tags to mark integration tests 2017-04-28 14:19:39 -07:00
Jordan Liggitt 7f4e5c5676
Use namespace from context 2017-03-07 14:02:13 -05:00
Jordan Liggitt 2a76fa1c8f
Switch RBAC subject apiVersion to apiGroup in v1beta1 2017-02-13 15:33:09 -05:00
Dr. Stefan Schimanski 536460e1d9 Mechanical fixup imports: pkg/genericapiserver 2017-02-03 08:15:45 +01:00
deads2k 0d8e6b8500 move genericapiserver authenticator and authorizer factories 2017-01-26 08:50:47 -05:00
Dr. Stefan Schimanski 4077e0bba7 genericapiserver: move authn plugins into k8s.io/apiserver 2017-01-24 20:56:03 +01:00
Clayton Coleman 469df12038
refactor: move ListOptions references to metav1 2017-01-23 17:52:46 -05:00
deads2k ee6752ef20 find and replace 2017-01-20 08:04:53 -05:00
Kubernetes Submit Queue ac857a5ade Merge pull request #40106 from deads2k/client-09-switch 
Automatic merge from submit-queue

make client-go more authoritative

Builds on https://github.com/kubernetes/kubernetes/pull/40103

This moves a few more support package to client-go for origination.  
 1. restclient/watch - nodep
 1. util/flowcontrol - used interface
 1. util/integer, util/clock - used in controllers and in support of util/flowcontrol
 2017-01-19 06:34:49 -08:00
deads2k cdb2934bbc remove kubernetes copy of clientcmd types 2017-01-19 07:39:19 -05:00
Dr. Stefan Schimanski 3d9449a353 genericapiserver: fix imports 2017-01-19 13:06:47 +01:00
Kubernetes Submit Queue 302d3ab1d7 Merge pull request #39625 from deads2k/rbac-36-beta 
Automatic merge from submit-queue (batch tested with PRs 39625, 39842)

Add RBAC v1beta1

Add `rbac.authorization.k8s.io/v1beta1`.  This scrubs `v1alpha1` to remove cruft, then add `v1beta1`.  We'll update other bits of infrastructure to code to `v1beta1` as a separate step.

```release-note
The `attributeRestrictions` field has been removed from the PolicyRule type in the rbac.authorization.k8s.io/v1alpha1 API. The field was not used by the RBAC authorizer.
```

@kubernetes/sig-auth-misc @liggitt @erictune
 2017-01-18 10:19:11 -08:00
deads2k e74efe41a0 add rbac v1beta1 2017-01-18 09:49:33 -05:00
deads2k 4f915039e4 move pkg/client/transport to client-go 2017-01-18 07:56:01 -05:00
Clayton Coleman 9a2a50cda7
refactor: use metav1.ObjectMeta in other types 2017-01-17 16:17:19 -05:00
Dr. Stefan Schimanski bf307d9948 genericapiserver: cut off pkg/serviceaccount dependency 2017-01-17 09:36:10 +01:00
deads2k f1176d9c5c mechanical repercussions 2017-01-13 08:27:14 -05:00
Timothy St. Clair fbc5323dad Refactor registry to use store vs. etcd 2017-01-12 09:23:38 -06:00
deads2k c4fae4e690 mechanical repercussions 2017-01-11 15:20:36 -05:00
deads2k 6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
Jordan Liggitt a2670d3b9d
Allow rolebinding/clusterrolebinding with explicit bind permission check 2017-01-10 14:34:33 -05:00
deads2k 4d7fcae85a mechanicals 2017-01-05 11:14:27 -05:00
deads2k ca58ec0237 mechanical changes for move 2017-01-04 10:27:05 -05:00
Jordan Liggitt 742ef34484
Convert user/group * to match authenticated users only in ABAC 2016-12-19 13:41:35 -05:00
Monis Khan a6bafbacbf
Refactor REST storage to use generic defaults 
Signed-off-by: Monis Khan <mkhan@redhat.com>
 2016-12-08 17:24:21 -05:00
deads2k 2923d09091 remove rbac super user 2016-12-05 13:49:54 -05:00
Jordan Liggitt d3991aa7c6
Cleanup auth logging, allow starting secured kubelet in local-up-cluster.sh 2016-11-03 16:17:11 -04:00
deads2k f56cbfa8d5 add healthz to genericapiserver 2016-11-01 14:39:33 -04:00
deads2k ceaf026881 slim down authorization listing interfaces 2016-10-13 07:50:01 -04:00
deads2k 518d5500c7 remove testapi.Default.GroupVersion 2016-10-07 10:10:54 -04:00
deads2k 9f4f6a1cba fix integration tests for loopback client 2016-10-04 08:40:59 -04:00
Dr. Stefan Schimanski 61409c821b Turn embedding into composition: master.Config.{Config -> GenericConfig} 2016-09-29 08:09:39 +02:00
Dr. Stefan Schimanski b4c6a68036 Unify genericapiserver Config.New() and master Config.New() 2016-09-28 19:19:54 +02:00
deads2k b330b0a220 start creating controller SA roles. start with just one 2016-09-26 09:31:36 -04:00
deads2k a2a6423574 separate RESTStorage by API group 2016-09-20 08:00:50 -04:00
deads2k 7d1f13d3e0 add GenericAPIServer posthooks for initialization 2016-09-19 14:58:27 -04:00
deads2k 8fac64b43f add localSAR 2016-09-13 08:54:23 -04:00
deads2k 8c788233e7 change rbac roleref type 2016-09-09 09:55:51 -04:00
deads2k 97529e3687 add selfsubjectaccessreview API 2016-08-29 09:51:54 -04:00
Eric Chiang b4eaf625a0 pkg/genericapiserver/options: don't import pkg/apiserver 
Refactor the authorization options for the API server so
pkg/apiserver isn't directly imported by the options package.
 2016-08-18 13:01:50 -07:00
Hongchao Deng d0938094d9 move new etcd storage into cacher 2016-08-12 18:40:20 -07:00
deads2k 32920b5617 add subjectaccessreviews resource 2016-08-05 11:20:56 -04:00
deads2k 60dd4a5d26 interesting changes to add tokenreviews endpoint to implement webhook 2016-08-03 08:37:45 -04:00
deads2k aa3db4d995 make the resource prefix in etcd configurable for cohabitation 2016-07-27 07:51:40 -04:00
Wojciech Tyczynski 4d0d115690 Revert "add tokenreviews endpoint to implement webhook" 2016-07-21 09:40:35 +02:00
deads2k 2c4a9f2e8d interesting changes to add tokenreviews endpoint to implement webhook 2016-07-20 15:11:56 -04:00
Michal Rostecki fa0dd46ab7 Return (bool, error) in Authorizer.Authorize() 
Before this change, Authorize() method was just returning an error,
regardless of whether the user is unauthorized or whether there
is some other unrelated error. Returning boolean with information
about user authorization and error (which should be unrelated to
the authorization) separately will make it easier to debug.

Fixes #27974
 2016-07-18 12:06:54 +02:00
deads2k f6f1ab34aa authorize based on user.Info 2016-07-14 07:48:42 -04:00