Tables should be a mapping from lists, so if the incoming object has
these add them to the table. Allows paging over server side tables.
Add tests on the generic creater and on the resttest compatibility.
Kubernetes-commit: d2a62fd42234a96cbab2dbcf402c168c59b41784
Scheme conversion should support unstructured conversion natively to
allow going from unstructured to typed and back. It is not a higher
level responsibility to do that conversion because the scheme is the
only one who knows what types it supports.
Kubernetes-commit: 557f9ddfe6300ecdbdd70ea67dca63bf6b710ea7
Some errors are invoked outside of negotiation. These errors should
still have a kind and apiVersion (which is only set by structured
encoders, not always availabe). Ensure that all errors by default get a
status kind and version set.
Kubernetes-commit: a1e44fc69bf0faeb47e6d2ebfc2709bbc3f17221
We need the go struct tags `patchMergeKey` and `patchStrategy`
for fields that support a strategic merge patch. For native
resources, we can easily figure out these tags since we know
the fields.
Because custom resources are decoded as Unstructured and
because we're missing the metadata about how to handle
each field in a strategic merge patch, we can't find the
go struct tags. Hence, we can't easily do a strategic merge
for custom resources.
So we should fail fast and return an error.
Kubernetes-commit: 79349c93bddcc1125a9d6ea4528c6d63b172f083
Add interpretPatchError to return appropriate http code
(400 or 422) according to the error type.
We add this function in apiserver because we don't want
to mention the http code in apimachinery. The apimachinery
code is also used in kubectl. The client should not return
a server error.
Add a test to validate the http error code and error message.
Kubernetes-commit: e0a2168ecbf8b4e43f932a32fa55cd55215123cc
optionsExternalVersion is being used for shared types (meta.k8s.io). The
installer should first look in the current API group for GET and CONNECT
options objects before checking in `v1`.
Kubernetes-commit: 0e4b20fbf9ff299c37a5055e082fa27dbf2b49c0
Allows a caller to know how many exec, log, proxy, and watch calls are
running at the current moment.
Kubernetes-commit: fabce1b893f96bdf466c1fdb1fcf825210c008ae
Remove the MonitorRequest method and replace with a method that takes
request.RequestInfo, which is our default way to talk about API objects.
Preserves existing semantics for calls.
Kubernetes-commit: 10e6dc5ed3573118c56fa8823b387e47c8e8ae06
This change does three things:
1. use auditinternal for unit test in filter stage
2. add a seperate unit test for Audit-ID http header
3. add unit test for audit log backend
Kubernetes-commit: c030026b544da2dd7ef7201019bdc0ac255c2d23
Updates https://github.com/kubernetes/kubernetes/issues/48561
This provide a way to omit some stages for each audit policy rule.
For example:
apiVersion: audit.k8s.io/v1beta1
kind: Policy
- level: Metadata
resources:
- group: "rbac.authorization.k8s.io"
resources: ["roles"]
omitStages:
- "RequestReceived"
RequestReceived stage will not be emitted to audit backends with
previous config.
Kubernetes-commit: 47ba91450fbe7d9002bfc9d4a48a73256252821f
Log the newest impersonated user info in the second audit event. This
will help users to debug rbac problems.
Kubernetes-commit: 1c3dc52531b7761921c8855cafc58b669da111f1
audit.Event.ObjectRef.APIVersion currently holds both the the API group and
version, separated by a /. This change break these out into separate fields.
This is part of:
https://github.com/kubernetes/kubernetes/issues/48561
Kubernetes-commit: c57eebfe2f8d36361d510f0afd926777a44cccd2
Before this change:
# kubectl get pods --as=tom
Error from server (Forbidden): pods "" is forbidden: User "tom" cannot list pods in the namespace "default".
After this change:
# kubectl get pods --as=tom
Error from server (Forbidden): pods is forbidden: User "tom" cannot list pods in the namespace "default".
Kubernetes-commit: ab0918673728fc50fc539017c86bbc03fceb0adc
yanxuean
Shiyang Wang
Maciej Szulik
Clayton Coleman
Dr. Stefan Schimanski
Mike Danese
Cao Shufeng
David Eads
Nikhita Raghunath
Jordan Liggitt
Jeff Grafton
Brendan Burns
Shyam Jeedigunta
Jim Minter
Kubernetes Publisher
Di Xu
Tim Hockin
Chenxingyu