Commit Graph

197 Commits

Author SHA1 Message Date
Tim Allclair 8368b6dc06 Don't cache rediculous subject access reviews
Kubernetes-commit: ea1b4eb2394a1ee5a3847f92382b30e32eee4d47
2018-10-26 13:18:06 -07:00
Roy Lenferink 4c9524b9fb Updated OWNERS files to include link to docs
Kubernetes-commit: b43c04452f3b563473b5c2a765d4ac18cc0ff58f
2019-01-30 20:05:00 +01:00
Jordan Liggitt 4e95d8b8ee Return authentication webhook error message
Kubernetes-commit: fe549a5a17884434c1a1eff7d5229fdffb9a9cf9
2019-01-31 09:59:48 -05:00
danielqsj 8f8d23605e fix shellcheck in k8s.io/apiserver
Kubernetes-commit: 481c2d8e03508dba2c28aeb4bba48ce48904183b
2019-01-24 13:55:09 +08:00
Patrick Barker a89b4082d9 fix shutdown audit sink concurrently
Kubernetes-commit: d81f7205637ab1fb83cab26edfae511014ac81cd
2019-01-12 16:47:33 -07:00
Daniel Kłobuszewski 877329b0f3 Add option to k8s apiserver to reject incoming requests upon audit failure
Kubernetes-commit: 7a10f4eda725f55bec9893eb1c03f2402dbcd32f
2018-07-03 14:40:55 +02:00
Mike Danese ae00afc213 patch webhook authenticator to support token review with arbitrary audiences
Kubernetes-commit: effad15ecc373beb46afd2915827247da51f399d
2018-10-29 20:45:10 -07:00
Mike Danese 81c2dfc933 make oidc authenticator (more?) audience aware
Part of https://github.com/kubernetes/kubernetes/issues/69893

Kubernetes-commit: a714d9cd044aab9c6f2d11c5bac0c6e60d3ba0b4
2018-10-26 17:46:32 -07:00
Davanum Srinivas 5dfe5ac061 s/glog/klog/ - keep up with master
Change-Id: I27ff0545bc456ed8c0900cfeb90555f9ab7ae235

Kubernetes-commit: e558e291d1a41728da23f517e51b71038e3ba93e
2018-11-10 07:53:25 -05:00
Davanum Srinivas 2710b17b80 Move from glog to klog
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135

Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c
2018-11-09 13:49:10 -05:00
Patrick Barker f3b69c3f89 adds dynamic audit plugins
Kubernetes-commit: 8eb2150689159bd011aec189cf77e5b15fbcb22b
2018-10-18 21:34:02 -05:00
Jordan Liggitt c710b80254 authorizers subproject approvers/reviewers
Kubernetes-commit: 9ae79f965395047ed46de110b2b45f0a91083f43
2018-11-02 13:53:57 -04:00
Jordan Liggitt 6320ce44cc authenticators subproject approvers/reviewers
Kubernetes-commit: 4fa2a0cc8a86a5d322e52c43eb7d5ffe36b7887f
2018-11-02 13:36:47 -04:00
Jordan Liggitt e206313b1e audit subproject owners/reviewers
Kubernetes-commit: 4fe30e92fa655b08f819bc449ca6002a7ccd3eea
2018-11-02 12:46:56 -04:00
Mike Danese 0bf5dcd764 remove webhook cache implementation and replace with the token cache
The striped cache used by the token cache is slightly more sophisticated
however the simple cache provides about the same exact behavior. I used
the striped cache rather than the simple cache because:

* It has been used without issue as the primary token cache.
* It preforms better under load.
* It is already exposed in the public API of the token cache package.

Kubernetes-commit: 0ec4d6d396f237ccb3ae0e96922a90600befb83d
2018-10-30 12:41:46 -07:00
包梦江 368bcce487 chore(apiserver): nit fix
Kubernetes-commit: c5e51dc2e44818aacaad9b99b14fae088c5f0ad1
2018-11-03 02:32:04 +08:00
Mike Danese 2ced48ac6e rebase authenticators onto new interface.
Kubernetes-commit: e5227216c0796d725c695e36cfc1d54e7631d3a6
2018-10-15 15:17:36 -07:00
Christoph Blecker 92e87e143a Update gofmt for go1.11
Kubernetes-commit: 97b2992dc191a357e2167eff5035ce26237a4799
2018-10-05 12:59:38 -07:00
Mike Danese 62cccfa4e8 oidc: respect the legacy goog issuer
Kubernetes-commit: 1873ad48d0ce626c9b8be21143cfcc8a608db21b
2018-09-19 12:16:43 -07:00
Tim Allclair 8e1390d9d4 Synchronous & unbatched audit log writes
Kubernetes-commit: c9670d0652f8d7da662f71caac6fca2044296ae6
2018-03-15 00:44:46 -07:00
Cao Shufeng b40373204e use Audit v1 api and add it to some unit tests
Kubernetes-commit: 716dc87a1095027f9ab08ee59abfffab1d15ec29
2018-07-27 14:06:29 +08:00
xuzhonghu bc8364d7ab Add String method to audit.Backend interface
Kubernetes-commit: 416a478cf6e4ea2aaecf5108aade563c9fc3fc53
2018-07-18 17:35:08 +08:00
Mikhail Mazurskiy 0ba502e8f9 Handle errors
Kubernetes-commit: 5cab7f9a57dbbd6e2a181018aae523235843f77d
2018-07-17 20:29:55 +10:00
Marian Lobur 0da9a3f4a0 Fix truncating and buffering backends integration.
Kubernetes-commit: 20fb0b5eb180fb4cb9be18ab3fc8cd259c7f7bf0
2018-07-09 10:25:41 +02:00
David Eads c41d1d0993 simplify api registration
Kubernetes-commit: c5445d3c56e06ab366b9cca34bd69c5cc386ec47
2018-05-07 08:32:20 -04:00
Filip Filmar fad0fdecfa Implements distributed OIDC claims.
A distributed claim allows the OIDC provider to delegate a claim to a
separate URL.  Distributed claims are of the form as seen below, and are
defined in the OIDC Connect Core 1.0, section 5.6.2.

See: https://openid.net/specs/openid-connect-core-1_0.html#AggregatedDistributedClaims

Example claim:

```
{
  ... (other normal claims)...
  "_claim_names": {
    "groups": "src1"
  },
  "_claim_sources": {
    "src1": {
      "endpoint": "https://www.example.com",
      "access_token": "f005ba11"
    },
  },
}
```

Example response to a followup request to https://www.example.com is a
JWT-encoded claim token:

```
{
  "iss": "https://www.example.com",
  "aud": "my-client",
  "groups": ["team1", "team2"],
  "exp": 9876543210
}
```

Apart from the indirection, the distributed claim behaves exactly
the same as a standard claim.  For Kubernetes, this means that the
token must be verified using the same approach as for the original OIDC
token.  This requires the presence of "iss", "aud" and "exp" claims in
addition to "groups".

All existing OIDC options (e.g. groups prefix) apply.

Any claim can be made distributed, even though the "groups" claim is
the primary use case.

Allows groups to be a single string due to
https://github.com/kubernetes/kubernetes/issues/33290, even though
OIDC defines "groups" claim to be an array of strings. So, this will
be parsed correctly:

```
{
  "iss": "https://www.example.com",
  "aud": "my-client",
  "groups": "team1",
  "exp": 9876543210
}
```

Expects that distributed claims endpoints return JWT, per OIDC specs.

In case both a standard and a distributed claim with the same name
exist, standard claim wins.  The specs seem undecided about the correct
approach here.

Distributed claims are resolved serially.  This could be parallelized
for performance if needed.

Aggregated claims are silently skipped.  Support could be added if
needed.

Kubernetes-commit: dfb527843ca1720ad64383fa5d6baea4113daa3e
2018-02-22 02:14:50 -08:00
Matthias Bertschy 0203b2aa93 Update all script to use /usr/bin/env bash in shebang
Kubernetes-commit: 9b15af19b22e91284eeb89827b2091caaec25bf6
2018-04-16 18:31:44 +02:00
David Eads bf8532c54e remove KUBE_API_VERSIONS
Kubernetes-commit: a68c57155e728b2782408cbab88ecee0444a4ba8
2018-04-25 16:07:15 -04:00
David Eads 88d943c0e6 eliminate indirection from type registration
Kubernetes-commit: e7fbbe0e3c91f34836b999e695aa133503cfdae5
2018-04-24 08:21:23 -04:00
Mik Vyatskov 53e0783ab7 Implemented truncating audit backend
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 52fae991305e3252ccc5c9c86a9b7abc04c149af
2018-03-23 16:13:34 +01:00
Jordan Liggitt be5dc4d760 Log webhook request error
Kubernetes-commit: 55c66f79a6ab71fd2eaa5574bb13a2632236e640
2018-04-17 11:25:26 -04:00
rithu john 6f00834df1 oidc authentication: Required claims support
Kubernetes-commit: dd433b595f5f0b1d9a5195b3dbefe0fd2afc425d
2018-04-03 10:54:09 -07:00
rithu john 2c968342df oidc authentication: email_verified claim is not required for JWT validation
Kubernetes-commit: 1f25319077f9b371440a66eebbd3d1e0edcbfda9
2018-03-21 16:15:17 -07:00
hangaoshuai f5c57057ab remove unused code authenticator/password/allow
Kubernetes-commit: bf44c29932711c27d4b64e2443627fd16e809119
2018-03-15 17:14:28 +08:00
Cao Shufeng 0e5b010b14 [advanced audit]fix comment about throttle burst
Kubernetes-commit: c6f72c20d121a8f4e161d490af0aa2db48e05caf
2018-03-09 18:07:04 +08:00
Kubernetes Publisher 627fa76a8b sync: initially remove files BUILD */BUILD BUILD.bazel */BUILD.bazel 2018-03-15 09:38:17 +00:00
Tim Allclair d89e8e9460 Fix default auditing options.
- Log backend defaults to blocking mode (backwards compatability)
- Fix webhook validation
- Add options test

Kubernetes-commit: e004257919d779d56f27ad84c7f33799cc7ab580
2018-03-02 15:16:37 -08:00
Cao Shufeng 6466b038b4 fix option --audit-webhook-initial-backoff
Before this change, --audit-webhook-initial-backoff has no effect

Kubernetes-commit: 5bc5cd1b2ccb0b9fb5e652b579b4fb379428cb56
2018-03-10 17:44:20 +08:00
Eric Chiang d75d797054 oidc: add rithujohn191 as a reviewer
Kubernetes-commit: 3561f23128a35a53256e541776eea1a7c3437c11
2018-03-05 10:44:33 -08:00
Mik Vyatskov 9169f6d300 Add buffering to the log audit backend
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 881e6d4f6f905079b2c27299e7b631b6903b6815
2018-02-22 19:52:33 +01:00
Mik Vyatskov 054769c183 Introduce buffered audit backend
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 3f0e49aea430c30f4539d34c0f93486fd451d073
2018-02-20 15:25:46 +01:00
Eric Chiang ee1578474d bump(github.com/coreos/go-oidc): 065b426bd41667456c1a924468f507673629c46b
Kubernetes-commit: 379af0405c318de9a009e339ee03a1d8ab0cde2f
2018-01-19 11:18:27 -08:00
Eric Chiang 94fd51cf3a oidc authentication: generate testdata and delete old test packages
Kubernetes-commit: 2d8cb9c4ad9a792ccfe5066f55e725ca50c77330
2018-01-19 11:15:38 -08:00
Eric Chiang 1acdd69460 oidc authentication: switch to v2 of coreos/go-oidc
Kubernetes-commit: 48c6d1abf5de6ac8167bbe3af07963ceb91a6716
2018-01-19 11:14:05 -08:00
Jeff Grafton 1ab12b2dc8 Autogenerated: hack/update-bazel.sh
Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e
2018-02-16 13:43:01 -08:00
Davanum Srinivas 650e119954 Remove experimental keystone authenticator
experimental-keystone-url and experimental-keystone-ca-file were always
experimental. So we don't need a deprecation period.
KeystoneAuthenticator was on the server side and needed userid/password
to be passed in and used that to authenticate with Keystone. We now
have authentication and authorization web hooks that can be used. There
is a external repo with a webook for keystone which works fine along
with the kubectl auth provider that was added in:
a0cebcb559c5c0ab8a2e50b1ee11cc62f9ebb3a8

So we don't need this older style / hard coded / experimental code
anymore.

Kubernetes-commit: 18590378c4491eacdea5cd05f98c92fe84020263
2018-02-07 13:17:29 -05:00
halfcrazy 6f8c3a80da fix typo in package apiserver
Kubernetes-commit: 0da91a8577ddfdeaff985cbb6c0da69d5a2ffc81
2018-02-01 03:04:33 +08:00
Jeff Grafton c8a97ee31a Autogenerate BUILD files
Kubernetes-commit: efee0704c60a2ee3049268a41535aaee7f661f6c
2017-12-23 13:06:26 -08:00
Mik Vyatskov 8977dcee4a Make audit batch webhook backend configurable
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 7e717ef3a6a57d31251ccee94d9e2dd29a70c27b
2017-11-30 18:47:48 +01:00
Mike Danese c7a7912588 add deny to SAR API
Kubernetes-commit: 096da12fc4bf3c8b4003679d22f7228d3d178e54
2017-10-13 13:51:38 -07:00
Mike Danese 06a5d25846 move authorizers over to new interface
Kubernetes-commit: 12125455d84c75562e6dd6a183762549adff747f
2017-09-29 14:21:40 -07:00
Jeff Grafton f4dbe23125 update BUILD files
Kubernetes-commit: aee5f457dbfd70c2d15c33e392dce6a3ca710116
2017-10-12 13:52:10 -07:00
Cao Shufeng f7e881914a support micro time for advanced audit
Kubernetes-commit: 817bc6954ca9af02013fd8f492f8ef865c217b0d
2017-09-25 11:56:30 +08:00
Mik Vyatskov 29522c33dc Add throttling to the batching audit webhook
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 6bce120a11782caad7ea477aaaafe3ba31f797d1
2017-10-05 23:19:45 +02:00
Mik Vyatskov bddf432ba6 Adjust defaults of audit webhook backends
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 5f4ff9f28341d58a4a905a0e86742aa6c90e81bf
2017-10-05 23:18:55 +02:00
CaoShufeng 5d22e67a97 enhance unit tests of advance audit feature
This change does three things:
    1. use auditinternal for unit test in filter stage
    2. add a seperate unit test for Audit-ID http header
    3. add unit test for audit log backend

Kubernetes-commit: c030026b544da2dd7ef7201019bdc0ac255c2d23
2017-09-09 21:44:30 +00:00
Eric Chiang 8a6b3f7f2e oidc auth: make the OIDC claims prefix configurable
Add the following flags to control the prefixing of usernames and
groups authenticated using OpenID Connect tokens.

	--oidc-username-prefix
	--oidc-groups-prefix

Kubernetes-commit: 1f8ee7fe13490a8e8e0e7801492770caca9f9b5c
2017-09-04 14:03:47 +00:00
Maciej Szulik 3c2866020c Switch audit output to v1beta1
Kubernetes-commit: f3487f08c6c2444adde9ba110263c9132769332b
2017-09-03 14:04:14 +00:00
Chen Rong b4c851a534 generated
Kubernetes-commit: ed8adf6e51d76b3652be3b433b2dab590f1ff1f0
2017-09-03 14:04:11 +00:00
xilabao a50d8a0b4f add selfsubjectrulesreview api
Kubernetes-commit: f14c1384387ac196e87334b5a0e05e01d7581387
2017-09-03 14:04:10 +00:00
Cao Shufeng cbc6b83455 remove dead code for cloner
I found some dead code in audit webhook backend.
This change do some clean work for: 2bbe72d4e0

Kubernetes-commit: 7b5c7bb711e7f15a1bf216a7a51fd40148110fba
2017-08-29 13:16:15 +00:00
Dr. Stefan Schimanski 24a3b34c79 audit: disable new v1beta1 types until incompatible changes are done
Kubernetes-commit: 1dc251a1604b1576258f123ac8dd8390bba2e4a9
2017-08-29 13:16:13 +00:00
Cao Shufeng 24b54db39e run hack/update-all.sh
Kubernetes-commit: 0410221c3fec1a54cde05104b92e44e13cddc77a
2017-08-29 13:16:13 +00:00
Cao Shufeng 3468d049a7 upgrade advanced audit to v1beta1
Kubernetes-commit: f4e8b8f1464e588306d5c1c4ffdc1a6cb1e9313b
2017-08-29 13:16:13 +00:00
Mik Vyatskov 04aa1e08ec Implement batching audit webhook graceful shutdown
Kubernetes-commit: 7798d32fc787d79da617914259d9285e558054f7
2017-08-29 13:16:12 +00:00
Dr. Stefan Schimanski 86ef841256 apiservers: add synchronous shutdown mechanism on SIGTERM+INT
Kubernetes-commit: 11b25366bc7bfe2ad273c8bf9c332fd9d233bffc
2017-08-29 13:16:11 +00:00
Jeff Grafton 6c539a43c6 Use buildozer to delete licenses() rules except under third_party/
Kubernetes-commit: a7f49c906df816123e7d4ccbd4cebab411519465
2017-08-29 13:15:24 +00:00
Jeff Grafton 6caa2933ae Use buildozer to remove deprecated automanaged tags
Kubernetes-commit: 33276f06be5e872bf53ca62a095fcf0a6b6c11a8
2017-08-29 13:15:24 +00:00
Jeff Grafton 44942b068a Run hack/update-bazel.sh to generate BUILD files
Kubernetes-commit: 3579017b865ddbc5449d6bba87346f086e4b93ff
2017-08-29 13:13:51 +00:00
Davanum Srinivas 7d27fa3fec Add missing UID in SubjectAccessReviewSpec
WebhookAuthorizer's Authorize should send *all* the information
present in the user.Info data structure. We are not sending the
UID currently.

Kubernetes-commit: 9a761b16c1558106800222dbc52f6ab03c40c64c
2017-08-29 13:13:50 +00:00
Cao Shufeng 008d37c785 fix typo
Kubernetes-commit: 6c7aef07cbdea73a9c7eabb48a668f9dfba0210b
2017-07-28 13:56:11 +00:00
Eric Chiang 6fb062b0b3 *: remove --insecure-allow-any-token option
e2e and integration tests have been switched over to the tokenfile
authenticator instead.

```release-note
The --insecure-allow-any-token flag has been removed from kube-apiserver. Users of the flag should use impersonation headers instead for debugging.
```

Kubernetes-commit: e2f2ab67f29d3e859e0b3e6668d8d770d93132fc
2017-07-28 13:56:11 +00:00
Dr. Stefan Schimanski e24df9a2e5 Update generated code
Kubernetes-commit: 8dd0989b395b29b872e1f5e06934721863e4a210
2017-07-19 03:49:08 +00:00
Dr. Stefan Schimanski 42619eca71 deepcopy: misc fixes for static deepcopy compilation
- port direct calls to deepcopy funcs
- apimachinery: fix types in unstructured converter test
- federation: fix deepcopy registration

Kubernetes-commit: 2bbe72d4e09f7c95e1ad851187d4733a54644fbe
2017-07-19 03:49:08 +00:00
Dr. Stefan Schimanski 8304eb8a20 audit: fix deepcopy registration
Kubernetes-commit: ad23081273785668ee2520e5349cf0b05f64e41f
2017-07-16 04:08:41 +00:00
Cao Shufeng 8bc6800aeb support json output for log backend of advanced audit
Kubernetes-commit: bc94370e9cbf3e54dc7dab1dbfc7404815eafb4c
2017-07-16 04:08:41 +00:00
Cao Shufeng d0c809bf05 remove unused function and variable from audit backend
Kubernetes-commit: 00e871a84623c3e2565270604255e5467eaada8d
2017-07-05 08:39:50 +00:00
Chao Xu 8be42ee0d0 run hack/update-all
Kubernetes-commit: 60604f8818aecbc9c3736fbc32747cc0a535bc80
2017-06-28 00:14:31 +00:00
Chao Xu 81b7aaaa7d run root-rewrite-import-client-go-api-types
Kubernetes-commit: f2d3220a11111f86b2f481e70e3c1ca4f5896f44
2017-06-28 00:14:31 +00:00
Cao Shufeng 9b573e7060 Remove extra empty lines from log
remove extra "\n" from Everything()

Kubernetes-commit: 3816b6fde565720ac09177d30fb63d718dca8692
2017-06-13 20:47:33 +00:00
Tim St. Clair 91a3addb8d Instrument advanced auditing
Kubernetes-commit: b77c8198f002f9a9c7bdca11d28cac1710bbb185
2017-06-13 20:47:30 +00:00
Eric Chiang be1a712a68 apiserver: add a webhook implementation of the audit backend
Kubernetes-commit: a88e0187f9f6083ed68d18e939a776c44c728e4b
2017-06-13 20:47:30 +00:00
Dr. Stefan Schimanski a177d01bf0 audit: uniform 2 or 3 events for short/long running requests
Kubernetes-commit: 548f7be8fa10b6cbedcf179af088536e76a6c0e3
2017-06-13 20:47:29 +00:00
Dr. Stefan Schimanski 94ea219615 Update bazel
Kubernetes-commit: 9fdc36a47ada0bc34ee53b68edd085d368ed9012
2017-06-13 20:47:28 +00:00
Dr. Stefan Schimanski f7d766d92d audit: add audit event to the context and fill in handlers
Kubernetes-commit: 0b5bcb021932355b3ff7c2b45fb579f4adad84bf
2017-06-13 20:47:28 +00:00
Clayton Coleman 3cbbcf996a Move pkg/util/cache to apimachinery
Will be used by client-go as well

Kubernetes-commit: 529e627c8a4338d48cd2bf658303bac6fef6aaaa
2017-05-21 17:28:01 +00:00
Chao Xu 3ffeae2ff7 hack/update-bazel.sh
Kubernetes-commit: 14045d253d11c801ad94f0928cb9b13a224ee18f
2017-05-13 17:27:43 +00:00
Chao Xu e46eb82a82 remove invocation of k8s.io/client-go/pkg/api/install
change import of client-go/api/helper to kubernetes/api/helper

remove unnecessary use of client-go/api.registry

change use of client-go/pkg/util to kubernetes/pkg/util

remove dependency on client-go/pkg/apis/extensions

remove unnecessary invocation of k8s.io/client-go/extension/intsall

change use of k8s.io/client-go/pkg/apis/authentication to v1

Kubernetes-commit: c354076aa41e3cf417b291d5f0eff2b70395ac30
2017-05-13 17:27:42 +00:00
Chao Xu e84e32eaa5 remove references to client-go/pkg/api
Kubernetes-commit: d978f22e04519f6eecfde839110c398dc28d4e8e
2017-05-03 20:36:26 +00:00
Mike Danese 2aab760a2a autogenerated
Kubernetes-commit: a05c3c0efdc5822049e34b1a5a1ee259c5fb1906
2017-04-15 20:35:23 +00:00
Cao Shufeng bf70084dea Ensure invalid username/password returns 401 error, not 403
If a user attempts to use basic auth, and the username/password combination
is rejected, the authenticator should return an error. This distinguishes
requests that did not provide username/passwrod (and are unauthenticated
without error) from ones that attempted to, and failed.

Kubernetes-commit: 0ec585c1395a6e380ca36fb33c6842b7aca0ea4b
2017-04-08 20:35:19 +00:00
linyouchong 82c37fb374 update kubeconfig document url in comments
Kubernetes-commit: 506b88e07064efb2cd85361b9ffb26b96f8ad010
2017-03-31 20:37:15 +00:00
Angus Lees 8c88b249db Migrate rackspace/gophercloud -> gophercloud/gophercloud
This change migrates the 'openstack' provider and 'keystone'
authenticator plugin to the newer gophercloud/gophercloud library.

Note the 'rackspace' provider still uses rackspace/gophercloud.

Fixes #30404
2017-02-23 09:48:09 -05:00
deads2k 2770a87575 stop hardcoding api registry and codecs in webhook 2017-01-27 08:47:01 -05:00
Dr. Stefan Schimanski 01994f3f6a Update generated files 2017-01-25 07:42:18 -05:00
Dr. Stefan Schimanski 0d74915b2b genericapiserver: move authz webhook plugins into k8s.io/apiserver 2017-01-25 07:42:18 -05:00
Dr. Stefan Schimanski 7442d5eaaa genericapiserver: move authn plugins into k8s.io/apiserver 2017-01-25 07:42:18 -05:00