apiserver

Commit Graph

Author	SHA1	Message	Date
Jordan Liggitt	1e62dc23aa	KEP-4601: AuthorizeNodeWithSelectors / AuthorizeWithSelectors to beta Kubernetes-commit: 9caca7312645b5ffba964cc8170484b4e7f7b602	2024-10-17 19:51:07 -04:00
Antonio Ojea	402e1cdd43	use same name as the folder for the package Kubernetes-commit: 62bdb27420bbc3c45b0232612acf9ecf3816c805	2024-10-16 09:55:10 +00:00
Sean Sullivan	15f8ad59da	Enable strict validation for ResourceQuotaConfiguration Kubernetes-commit: a95c0c5499c54c16d561d0ad4537d4b43d500184	2024-10-13 17:50:18 -07:00
Cici Huang	f79926bf43	Revert pr 127400 Kubernetes-commit: 95ec1637253c2458d0ed41f257df932907602ca4	2024-10-07 16:11:30 +00:00
Matthieu MOREL	e32a42cf11	fix: enable expected-actual rule from testifylint in module `k8s.io/apiserver` Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> Kubernetes-commit: fbd773ecb82aa0afef3c02274db901afe1788220	2024-09-27 07:49:07 +02:00
Dr. Stefan Schimanski	9a5bc0a561	apiserver/admission/webhook: construct static CEL compiler only once Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com> Kubernetes-commit: 26aeda3cc21db86b1440515f63cd09e2321d568e	2024-09-16 18:23:01 +02:00
liyuerich	535f09400e	drop deprecated json/yaml newSerializers, use json.NewSerializerWithOptions instead Signed-off-by: liyuerich <yue.li@daocloud.io> Kubernetes-commit: 3c9309db463679c348934429d8487d190ed5e64a	2024-05-29 19:00:00 +08:00
Jordan Liggitt	f014f4a768	Fix unit tests for filtering Kubernetes-commit: 6a4170607291288e9b01be8435b82537309c547d	2024-09-09 16:45:32 -04:00
cici37	e9e24680dc	Remove FG inspection from VAP plugin Kubernetes-commit: 72ad9c5fdf782f824281ecf9e18ec36caaa9472b	2024-08-22 17:52:21 +00:00
Cici Huang	fac4f5d2a0	Remove feature gate ValiatingAdmissionPolicy after stable. Kubernetes-commit: 0f19faf9be562f3d18880ed2ae12d6b9d059476c	2024-08-12 12:11:02 -07:00
piny940	2ed104b2e5	fix ValidatingAdmissionPolicy's Validate func to return decision with valid Evaluation Kubernetes-commit: 9f7ea45ea0ffc76be7793dbcb4730a98fa03bcf5	2024-08-22 13:33:17 +09:00
Richa Banker	f434fbf0c7	init a common apiserver for TestAuthorizationDecisionCaching testcases Kubernetes-commit: 4acedb5132b2c3a7d61bd9e088c964af3fcfee3d	2024-07-23 22:19:02 -07:00
Richa Banker	1d26753b4b	split Test_ValidateNamespace_NoParams into successes and failures tests, init a common apiserver for all testcases Kubernetes-commit: 9df04b7c782cccc5fb068554152b4dcd9baf408b	2024-07-23 21:41:32 -07:00
cici37	3d5977276b	Promote metrics for VAP and CRD validation rules to beta. Kubernetes-commit: 95dbfa1c3d2f62e5d0f52788a2dd19fc61ca0a36	2024-07-19 20:46:33 +00:00
Jordan Liggitt	6c5ca3dcf3	Fixup lint warning Kubernetes-commit: 9f8f36708a0eb1ad78e48beeaf15f2c6ae3e1552	2024-06-27 00:42:01 -04:00
Jordan Liggitt	f14fc0f445	Adjust CEL cost calculation and versioning for authorization library Kubernetes-commit: 83bd512861aa11ec00a90e4ac382daa788dccf87	2024-06-26 21:38:24 -04:00
David Eads	efe135c937	Add CEL fieldSelector / labelSelector support to authorizer library Kubernetes-commit: be2e32fa3ed0a06ac9cc59d9966be0b40617c2b2	2024-06-14 14:39:54 -04:00
Jordan Liggitt	b338834e91	Move CEL env initialization out of package init() This ensures compatibility version and feature gates can be initialized before cached CEL environments are created. Kubernetes-commit: 03d48b76831a3a02d503c3075d818a76afd83cd8	2024-06-29 21:45:55 -04:00
David Eads	f26d4ed894	add field and label selectors to authorization attributes Co-authored-by: Jordan Liggitt <liggitt@google.com> Kubernetes-commit: 92e3445e9d7a587ddb56b3ff4b1445244fbf9abd	2024-05-23 15:12:26 -04:00
Cici Huang	cd492e8b91	Fix the error type, Add into observation, Fix tests. Kubernetes-commit: b7821078b36f1cb25d903774ddf37a97966c2eac	2024-07-16 08:27:36 -07:00
Jiahui Feng	8b22c5cc3d	make use of new error reporting in the dispatcher. Kubernetes-commit: d61edc51b84774c158b3866ab9a0678d4ddaba96	2024-04-26 11:49:44 -07:00
Jiahui Feng	8f577b916d	remove unused policy_definition_total metric and state label Kubernetes-commit: 8e9232ef46d5b08ab4f95ad6c1e93671ef1bd5ba	2024-04-25 18:30:26 -07:00
Jiahui Feng	2ae742ecb6	make Err wrap one or zero error. Kubernetes-commit: ce45a82346623d19168b0b85cbba5ba4ff164417	2024-04-25 17:59:32 -07:00
Jiahui Feng	8be90f624a	errors improvement. Kubernetes-commit: b846c39047289e69d932ea9d5d4dadc6856ad0c7	2024-04-23 16:54:47 -07:00
Matthieu MOREL	8705baa8b2	fix: enable empty and len rules from testifylint on pkg package Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> Co-authored-by: Patrick Ohly <patrick.ohly@intel.com> Kubernetes-commit: f014b754fb5925dfbca6e27a44d0c3968b157e14	2024-06-28 21:20:13 +02:00
yintong.huang	5a2cafd6ec	drop deprecated PollWithContext and adopt PollUntilContextTimeout instead Signed-off-by: yintong.huang <yintong.huang@daocloud.io> Kubernetes-commit: 2db1b321e0edf9e3c4e434353d505cec96bfb319	2024-06-21 19:23:31 +08:00
Stephen Kitt	942c16fb6a	Use canonical json-patch v4 import The canonical import for json-patch v4 is gopkg.in/evanphx/json-patch.v4 (see https://github.com/evanphx/json-patch/blob/master/README.md#get-it for reference). Using the v4-specific path should also reduce the risk of unwanted v5 upgrade attempts, because they won't be offered as automated upgrades by dependency upgrade management tools, and they won't happen through indirect dependencies (see https://github.com/kubernetes/kubernetes/pull/120327 for context). Signed-off-by: Stephen Kitt <skitt@redhat.com> Kubernetes-commit: 5300466a5c8988b479a151ceb77f49dd00065c83	2024-02-16 13:57:24 +01:00
Jeremy Shih	feabdb6d52	make test parallel in for loop Kubernetes-commit: 40a25463fa48ee49a713b80b2157c362438960e2	2024-03-25 09:39:01 +08:00
Cici Huang	d44012e895	Adding the feature gates to fix cost for VAP and webhook matchConditions. Kubernetes-commit: d6e4115ead6b93d2accf688876471231b365ceae	2024-05-01 16:26:41 -07:00
Alvaro Aleman	da88853b95	Use the generic/typed workqueue throughout This change makes us use the generic workqueue throughout the project in order to improve type safety and readability of the code. Kubernetes-commit: 6d0ac8c561a7ac66c21e4ee7bd1976c2ecedbf32	2024-04-28 18:26:18 +02:00
liyuerich	d8646c593d	drop deprecated workqueue NewNamed package Signed-off-by: liyuerich <yue.li@daocloud.io> Kubernetes-commit: 98dfaed4bec33b4995572685eb084d8202ac235b	2023-10-16 18:11:17 +08:00
Flavian Missi	20894ccdfa	resourcequota: use singleflight.Group to reduce apiserver load relates to #22422 and #123806 Kubernetes-commit: e13ff5ece2691988503d183b495cc7c39e899647	2024-04-03 09:58:27 +02:00
cici37	be9c733e9d	Promote ValidatingAdmissionPolicy to GA. Kubernetes-commit: de506ce7ac9981c8253b2f818478bb4093fb7bb6	2024-01-23 22:10:40 +00:00
Jiahui Feng	8f8266ef89	update to inject only the list of excluded resources. Kubernetes-commit: 6b03166beda6e550ebcbed1bb7d9ca2cc1d94df4	2024-03-05 10:27:35 -08:00
Jiahui Feng	a86b013fb6	make ValidatingAdmissionPolicy ignore excluded resources. Kubernetes-commit: 64ee859aa82c17daa8037e4e90e066ae4582d653	2024-02-28 15:31:44 -08:00
Tim Hockin	5624a05672	Remove defunct references to "vendor" Kubernetes-commit: d772f7719dc55ebfec2e9461b6e14bf17f5301df	2024-01-15 15:56:21 -08:00
Alexander Zielenski	dd139db676	refactor: use shared CollectParams from VAP Kubernetes-commit: 4760e0cc44fb0ee2a92d12ee2b17f094e7ea94ec	2024-02-15 17:00:45 -08:00
Alexander Zielenski	9a4b2b3543	refactor: use match from generic pkg in vap It is same exact code, but uses accessors now Kubernetes-commit: 64cd09f7208e7a45d87ab6436c833c984fa6e594	2024-02-20 09:22:18 -08:00
Alexander Zielenski	ed64edd4e0	add generic policy dispatcher similar to the generic policy source, applies common match logic for code sharing with validating/mutating Kubernetes-commit: 96c418a7b73f2f85be530ad9b987d70eeeab14b0	2024-02-21 13:09:49 -08:00
Alexander Zielenski	48e4f369ee	test: infer gvk of objects avoids relying on the GVK to be written to the object Kubernetes-commit: 11ed3032c091bab4c56d471c8d0049ccb9c20efb	2024-02-16 10:43:05 -08:00
Alexander Zielenski	eed515aa23	refactor: handle paramKind directly remove hacks that might conceal errors Kubernetes-commit: acf1d850c6153aae10f26ef3d3e21fa8a63b20e0	2024-02-20 09:22:35 -08:00
Alexander Zielenski	223ffcc3b0	add functions to policy accessors for getting match information and params Kubernetes-commit: 6d5133f3ecd4ddb38a29dac69641fb56576491a2	2024-02-15 16:33:41 -08:00
Alexander Zielenski	8e917a7cef	flake: avoid flake by ensuring params appear in the initial list sometimes they would not appear in the initial list if they were added while the informer was starting up due to ObjectTracker race Kubernetes-commit: def05a20e22f069a60f4190755e8c7244d18781c	2024-02-15 13:58:29 -08:00
Alexander Zielenski	7e9e7fe668	move OWNERS from validating to all new parent policy folder meant to do this in refactor PR Kubernetes-commit: bd27c99262e73955af6af19a1d6d72fce6739522	2024-02-14 16:32:08 -08:00
Alexander Zielenski	1672796601	bugfix: avoid NPE possibility by making composition environment global Kubernetes-commit: 3094395fa76210f33118d10d6a7c8214c50a7f33	2024-01-29 13:45:27 -08:00
Alexander Zielenski	9fd47abbb1	refactor: implement VAP off of policy plugin fw Kubernetes-commit: 18fbc48b0155485cd78ec4d0e6050ccbb7d8e058	2024-01-22 17:31:52 -08:00
Alexander Zielenski	f8d65cf3a6	refactor: create generic policy plugin type similar to webhook Kubernetes-commit: a6366573d5ca328438b80d72d0ae5a5bf6b178be	2024-01-22 17:31:34 -08:00
Alexander Zielenski	06be9d025c	refactor: move matching logic into parent policy folder Kubernetes-commit: d697f43d73870679ad4cd46939ad28e06926b6d3	2024-01-17 18:12:41 -08:00
Alexander Zielenski	57e06e43f7	refactor: move vap into parent `policy` folder also renames to remove stutter comment Kubernetes-commit: 8b14116509ac19234924878ab08f7e9e8f03549a	2024-01-17 18:09:30 -08:00
Alexander Zielenski	3769e5c054	refactor: move celmetrics close to its usage in vap does not need to be accessed from anywhere else, and removed an excessive lonesome `cel` pkg with just the metrics Kubernetes-commit: 8b26b6eec1b0d99518e7c53879e1d44ade2eebc7	2024-01-17 17:05:53 -08:00

1 2 3 4 5 ...

321 Commits