kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
834 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

42 Commits

Author SHA1 Message Date
CaoShufeng 5d22e67a97 enhance unit tests of advance audit feature 
This change does three things:
    1. use auditinternal for unit test in filter stage
    2. add a seperate unit test for Audit-ID http header
    3. add unit test for audit log backend

Kubernetes-commit: c030026b544da2dd7ef7201019bdc0ac255c2d23
 2017-09-09 21:44:30 +00:00
Eric Chiang 8a6b3f7f2e oidc auth: make the OIDC claims prefix configurable 
Add the following flags to control the prefixing of usernames and
groups authenticated using OpenID Connect tokens.

	--oidc-username-prefix
	--oidc-groups-prefix

Kubernetes-commit: 1f8ee7fe13490a8e8e0e7801492770caca9f9b5c
 2017-09-04 14:03:47 +00:00
Maciej Szulik 3c2866020c Switch audit output to v1beta1 
Kubernetes-commit: f3487f08c6c2444adde9ba110263c9132769332b
 2017-09-03 14:04:14 +00:00
Chen Rong b4c851a534 generated 
Kubernetes-commit: ed8adf6e51d76b3652be3b433b2dab590f1ff1f0
 2017-09-03 14:04:11 +00:00
xilabao a50d8a0b4f add selfsubjectrulesreview api 
Kubernetes-commit: f14c1384387ac196e87334b5a0e05e01d7581387
 2017-09-03 14:04:10 +00:00
Cao Shufeng cbc6b83455 remove dead code for cloner 
I found some dead code in audit webhook backend.
This change do some clean work for: 2bbe72d4e0

Kubernetes-commit: 7b5c7bb711e7f15a1bf216a7a51fd40148110fba
 2017-08-29 13:16:15 +00:00
Dr. Stefan Schimanski 24a3b34c79 audit: disable new v1beta1 types until incompatible changes are done 
Kubernetes-commit: 1dc251a1604b1576258f123ac8dd8390bba2e4a9
 2017-08-29 13:16:13 +00:00
Cao Shufeng 24b54db39e run hack/update-all.sh 
Kubernetes-commit: 0410221c3fec1a54cde05104b92e44e13cddc77a
 2017-08-29 13:16:13 +00:00
Cao Shufeng 3468d049a7 upgrade advanced audit to v1beta1 
Kubernetes-commit: f4e8b8f1464e588306d5c1c4ffdc1a6cb1e9313b
 2017-08-29 13:16:13 +00:00
Mik Vyatskov 04aa1e08ec Implement batching audit webhook graceful shutdown 
Kubernetes-commit: 7798d32fc787d79da617914259d9285e558054f7
 2017-08-29 13:16:12 +00:00
Dr. Stefan Schimanski 86ef841256 apiservers: add synchronous shutdown mechanism on SIGTERM+INT 
Kubernetes-commit: 11b25366bc7bfe2ad273c8bf9c332fd9d233bffc
 2017-08-29 13:16:11 +00:00
Jeff Grafton 6c539a43c6 Use buildozer to delete licenses() rules except under third_party/ 
Kubernetes-commit: a7f49c906df816123e7d4ccbd4cebab411519465
 2017-08-29 13:15:24 +00:00
Jeff Grafton 6caa2933ae Use buildozer to remove deprecated automanaged tags 
Kubernetes-commit: 33276f06be5e872bf53ca62a095fcf0a6b6c11a8
 2017-08-29 13:15:24 +00:00
Jeff Grafton 44942b068a Run hack/update-bazel.sh to generate BUILD files 
Kubernetes-commit: 3579017b865ddbc5449d6bba87346f086e4b93ff
 2017-08-29 13:13:51 +00:00
Davanum Srinivas 7d27fa3fec Add missing UID in SubjectAccessReviewSpec 
WebhookAuthorizer's Authorize should send *all* the information
present in the user.Info data structure. We are not sending the
UID currently.

Kubernetes-commit: 9a761b16c1558106800222dbc52f6ab03c40c64c
 2017-08-29 13:13:50 +00:00
Cao Shufeng 008d37c785 fix typo 
Kubernetes-commit: 6c7aef07cbdea73a9c7eabb48a668f9dfba0210b
 2017-07-28 13:56:11 +00:00
Eric Chiang 6fb062b0b3 *: remove --insecure-allow-any-token option 
e2e and integration tests have been switched over to the tokenfile
authenticator instead.

```release-note
The --insecure-allow-any-token flag has been removed from kube-apiserver. Users of the flag should use impersonation headers instead for debugging.
```

Kubernetes-commit: e2f2ab67f29d3e859e0b3e6668d8d770d93132fc
 2017-07-28 13:56:11 +00:00
Dr. Stefan Schimanski e24df9a2e5 Update generated code 
Kubernetes-commit: 8dd0989b395b29b872e1f5e06934721863e4a210
 2017-07-19 03:49:08 +00:00
Dr. Stefan Schimanski 42619eca71 deepcopy: misc fixes for static deepcopy compilation 
- port direct calls to deepcopy funcs
- apimachinery: fix types in unstructured converter test
- federation: fix deepcopy registration

Kubernetes-commit: 2bbe72d4e09f7c95e1ad851187d4733a54644fbe
 2017-07-19 03:49:08 +00:00
Dr. Stefan Schimanski 8304eb8a20 audit: fix deepcopy registration 
Kubernetes-commit: ad23081273785668ee2520e5349cf0b05f64e41f
 2017-07-16 04:08:41 +00:00
Cao Shufeng 8bc6800aeb support json output for log backend of advanced audit 
Kubernetes-commit: bc94370e9cbf3e54dc7dab1dbfc7404815eafb4c
 2017-07-16 04:08:41 +00:00
Cao Shufeng d0c809bf05 remove unused function and variable from audit backend 
Kubernetes-commit: 00e871a84623c3e2565270604255e5467eaada8d
 2017-07-05 08:39:50 +00:00
Chao Xu 8be42ee0d0 run hack/update-all 
Kubernetes-commit: 60604f8818aecbc9c3736fbc32747cc0a535bc80
 2017-06-28 00:14:31 +00:00
Chao Xu 81b7aaaa7d run root-rewrite-import-client-go-api-types 
Kubernetes-commit: f2d3220a11111f86b2f481e70e3c1ca4f5896f44
 2017-06-28 00:14:31 +00:00
Cao Shufeng 9b573e7060 Remove extra empty lines from log 
remove extra "\n" from Everything()

Kubernetes-commit: 3816b6fde565720ac09177d30fb63d718dca8692
 2017-06-13 20:47:33 +00:00
Tim St. Clair 91a3addb8d Instrument advanced auditing 
Kubernetes-commit: b77c8198f002f9a9c7bdca11d28cac1710bbb185
 2017-06-13 20:47:30 +00:00
Eric Chiang be1a712a68 apiserver: add a webhook implementation of the audit backend 
Kubernetes-commit: a88e0187f9f6083ed68d18e939a776c44c728e4b
 2017-06-13 20:47:30 +00:00
Dr. Stefan Schimanski a177d01bf0 audit: uniform 2 or 3 events for short/long running requests 
Kubernetes-commit: 548f7be8fa10b6cbedcf179af088536e76a6c0e3
 2017-06-13 20:47:29 +00:00
Dr. Stefan Schimanski 94ea219615 Update bazel 
Kubernetes-commit: 9fdc36a47ada0bc34ee53b68edd085d368ed9012
 2017-06-13 20:47:28 +00:00
Dr. Stefan Schimanski f7d766d92d audit: add audit event to the context and fill in handlers 
Kubernetes-commit: 0b5bcb021932355b3ff7c2b45fb579f4adad84bf
 2017-06-13 20:47:28 +00:00
Clayton Coleman 3cbbcf996a Move pkg/util/cache to apimachinery 
Will be used by client-go as well

Kubernetes-commit: 529e627c8a4338d48cd2bf658303bac6fef6aaaa
 2017-05-21 17:28:01 +00:00
Chao Xu 3ffeae2ff7 hack/update-bazel.sh 
Kubernetes-commit: 14045d253d11c801ad94f0928cb9b13a224ee18f
 2017-05-13 17:27:43 +00:00
Chao Xu e46eb82a82 remove invocation of k8s.io/client-go/pkg/api/install 
change import of client-go/api/helper to kubernetes/api/helper

remove unnecessary use of client-go/api.registry

change use of client-go/pkg/util to kubernetes/pkg/util

remove dependency on client-go/pkg/apis/extensions

remove unnecessary invocation of k8s.io/client-go/extension/intsall

change use of k8s.io/client-go/pkg/apis/authentication to v1

Kubernetes-commit: c354076aa41e3cf417b291d5f0eff2b70395ac30
 2017-05-13 17:27:42 +00:00
Chao Xu e84e32eaa5 remove references to client-go/pkg/api 
Kubernetes-commit: d978f22e04519f6eecfde839110c398dc28d4e8e
 2017-05-03 20:36:26 +00:00
Mike Danese 2aab760a2a autogenerated 
Kubernetes-commit: a05c3c0efdc5822049e34b1a5a1ee259c5fb1906
 2017-04-15 20:35:23 +00:00
Cao Shufeng bf70084dea Ensure invalid username/password returns 401 error, not 403 
If a user attempts to use basic auth, and the username/password combination
is rejected, the authenticator should return an error. This distinguishes
requests that did not provide username/passwrod (and are unauthenticated
without error) from ones that attempted to, and failed.

Kubernetes-commit: 0ec585c1395a6e380ca36fb33c6842b7aca0ea4b
 2017-04-08 20:35:19 +00:00
linyouchong 82c37fb374 update kubeconfig document url in comments 
Kubernetes-commit: 506b88e07064efb2cd85361b9ffb26b96f8ad010
 2017-03-31 20:37:15 +00:00
Angus Lees 8c88b249db Migrate rackspace/gophercloud -> gophercloud/gophercloud 
This change migrates the 'openstack' provider and 'keystone'
authenticator plugin to the newer gophercloud/gophercloud library.

Note the 'rackspace' provider still uses rackspace/gophercloud.

Fixes #30404
 2017-02-23 09:48:09 -05:00
deads2k 2770a87575 stop hardcoding api registry and codecs in webhook 2017-01-27 08:47:01 -05:00
Dr. Stefan Schimanski 01994f3f6a Update generated files 2017-01-25 07:42:18 -05:00
Dr. Stefan Schimanski 0d74915b2b genericapiserver: move authz webhook plugins into k8s.io/apiserver 2017-01-25 07:42:18 -05:00
Dr. Stefan Schimanski 7442d5eaaa genericapiserver: move authn plugins into k8s.io/apiserver 2017-01-25 07:42:18 -05:00