kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,642 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

158 Commits

Author SHA1 Message Date
Jordan Liggitt f4d60f9c20 Plumb context to webhook calls 
Kubernetes-commit: b78edd86b8766b96278bcb46301f751d9e6e3631
 2019-09-24 11:07:33 -04:00
Jordan Liggitt 0ca78287c0 Propagate context to ExponentialBackoff 
Kubernetes-commit: 4c686ddc1c5f9bc5c28d711dd56551b1ac003faa
 2019-09-24 09:43:04 -04:00
Jordan Liggitt d1d66bda16 Propagate context to Authorize() calls 
Kubernetes-commit: 92eb072989eba22236d034b56cc2bf159dfb4915
 2019-09-24 10:06:32 -04:00
Jordan Liggitt a653e5ab1a Export UserInfo conversion, use authnv1.UserInfo in audit 
Kubernetes-commit: 0e787a4b78a849fa66a02126721dd185e7c00955
 2019-09-09 08:54:54 -04:00
Ted Yu 040a14fa55 Constant time password comparison 
Kubernetes-commit: 3d2bc6f6ae691d405e8d6bfce9d66af816454ff0
 2019-08-07 22:07:56 -07:00
Joe Betz f103fcda51 Replace string concatination with trace fields 
Kubernetes-commit: 46a04d50af78e01d06a9879d62cc71fbe892076f
 2019-08-02 23:47:24 -07:00
Joe Betz 81b56d7030 Add trace to webhook invocations 
Kubernetes-commit: 31799ebe88534272d45c2a33396e343a5083c773
 2019-05-31 16:50:54 -07:00
Jordan Liggitt 90d670a108 AdmissionReview: Allow webhook admission to dispatch v1 or v1beta1 
Kubernetes-commit: dda9bcb082be058c30c83d45e757edbaac8dc65f
 2019-07-12 08:44:24 -04:00
Xiang Dai ca6fc75dff delete all duplicate empty blanks 
Signed-off-by: Xiang Dai <764524258@qq.com>

Kubernetes-commit: 36065c6dd717c14e0a90131041e20345a7e5e324
 2019-02-22 09:43:51 +08:00
Tim Allclair d206d4fa00 Apply caching limits to authorized requests too 
Kubernetes-commit: d512173c86708ca83983c4307edd817a6bf109d5
 2019-01-24 13:37:30 -08:00
Tim Allclair ece17ec3d2 Only check caller-controlled attribute size for max cache key 
Kubernetes-commit: e23c15a0f348c87ee43e6e157731a69451f3db34
 2019-01-03 13:33:59 -08:00
Tim Allclair 8368b6dc06 Don't cache rediculous subject access reviews 
Kubernetes-commit: ea1b4eb2394a1ee5a3847f92382b30e32eee4d47
 2018-10-26 13:18:06 -07:00
Roy Lenferink 4c9524b9fb Updated OWNERS files to include link to docs 
Kubernetes-commit: b43c04452f3b563473b5c2a765d4ac18cc0ff58f
 2019-01-30 20:05:00 +01:00
Jordan Liggitt 4e95d8b8ee Return authentication webhook error message 
Kubernetes-commit: fe549a5a17884434c1a1eff7d5229fdffb9a9cf9
 2019-01-31 09:59:48 -05:00
danielqsj 8f8d23605e fix shellcheck in k8s.io/apiserver 
Kubernetes-commit: 481c2d8e03508dba2c28aeb4bba48ce48904183b
 2019-01-24 13:55:09 +08:00
Patrick Barker a89b4082d9 fix shutdown audit sink concurrently 
Kubernetes-commit: d81f7205637ab1fb83cab26edfae511014ac81cd
 2019-01-12 16:47:33 -07:00
Daniel Kłobuszewski 877329b0f3 Add option to k8s apiserver to reject incoming requests upon audit failure 
Kubernetes-commit: 7a10f4eda725f55bec9893eb1c03f2402dbcd32f
 2018-07-03 14:40:55 +02:00
Mike Danese ae00afc213 patch webhook authenticator to support token review with arbitrary audiences 
Kubernetes-commit: effad15ecc373beb46afd2915827247da51f399d
 2018-10-29 20:45:10 -07:00
Mike Danese 81c2dfc933 make oidc authenticator (more?) audience aware 
Part of https://github.com/kubernetes/kubernetes/issues/69893

Kubernetes-commit: a714d9cd044aab9c6f2d11c5bac0c6e60d3ba0b4
 2018-10-26 17:46:32 -07:00
Davanum Srinivas 5dfe5ac061 s/glog/klog/ - keep up with master 
Change-Id: I27ff0545bc456ed8c0900cfeb90555f9ab7ae235

Kubernetes-commit: e558e291d1a41728da23f517e51b71038e3ba93e
 2018-11-10 07:53:25 -05:00
Davanum Srinivas 2710b17b80 Move from glog to klog 
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135

Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c
 2018-11-09 13:49:10 -05:00
Patrick Barker f3b69c3f89 adds dynamic audit plugins 
Kubernetes-commit: 8eb2150689159bd011aec189cf77e5b15fbcb22b
 2018-10-18 21:34:02 -05:00
Jordan Liggitt c710b80254 authorizers subproject approvers/reviewers 
Kubernetes-commit: 9ae79f965395047ed46de110b2b45f0a91083f43
 2018-11-02 13:53:57 -04:00
Jordan Liggitt 6320ce44cc authenticators subproject approvers/reviewers 
Kubernetes-commit: 4fa2a0cc8a86a5d322e52c43eb7d5ffe36b7887f
 2018-11-02 13:36:47 -04:00
Jordan Liggitt e206313b1e audit subproject owners/reviewers 
Kubernetes-commit: 4fe30e92fa655b08f819bc449ca6002a7ccd3eea
 2018-11-02 12:46:56 -04:00
Mike Danese 0bf5dcd764 remove webhook cache implementation and replace with the token cache 
The striped cache used by the token cache is slightly more sophisticated
however the simple cache provides about the same exact behavior. I used
the striped cache rather than the simple cache because:

* It has been used without issue as the primary token cache.
* It preforms better under load.
* It is already exposed in the public API of the token cache package.

Kubernetes-commit: 0ec4d6d396f237ccb3ae0e96922a90600befb83d
 2018-10-30 12:41:46 -07:00
包梦江 368bcce487 chore(apiserver): nit fix 
Kubernetes-commit: c5e51dc2e44818aacaad9b99b14fae088c5f0ad1
 2018-11-03 02:32:04 +08:00
Mike Danese 2ced48ac6e rebase authenticators onto new interface. 
Kubernetes-commit: e5227216c0796d725c695e36cfc1d54e7631d3a6
 2018-10-15 15:17:36 -07:00
Christoph Blecker 92e87e143a Update gofmt for go1.11 
Kubernetes-commit: 97b2992dc191a357e2167eff5035ce26237a4799
 2018-10-05 12:59:38 -07:00
Mike Danese 62cccfa4e8 oidc: respect the legacy goog issuer 
Kubernetes-commit: 1873ad48d0ce626c9b8be21143cfcc8a608db21b
 2018-09-19 12:16:43 -07:00
Tim Allclair 8e1390d9d4 Synchronous & unbatched audit log writes 
Kubernetes-commit: c9670d0652f8d7da662f71caac6fca2044296ae6
 2018-03-15 00:44:46 -07:00
Cao Shufeng b40373204e use Audit v1 api and add it to some unit tests 
Kubernetes-commit: 716dc87a1095027f9ab08ee59abfffab1d15ec29
 2018-07-27 14:06:29 +08:00
xuzhonghu bc8364d7ab Add String method to audit.Backend interface 
Kubernetes-commit: 416a478cf6e4ea2aaecf5108aade563c9fc3fc53
 2018-07-18 17:35:08 +08:00
Mikhail Mazurskiy 0ba502e8f9 Handle errors 
Kubernetes-commit: 5cab7f9a57dbbd6e2a181018aae523235843f77d
 2018-07-17 20:29:55 +10:00
Marian Lobur 0da9a3f4a0 Fix truncating and buffering backends integration. 
Kubernetes-commit: 20fb0b5eb180fb4cb9be18ab3fc8cd259c7f7bf0
 2018-07-09 10:25:41 +02:00
David Eads c41d1d0993 simplify api registration 
Kubernetes-commit: c5445d3c56e06ab366b9cca34bd69c5cc386ec47
 2018-05-07 08:32:20 -04:00
Filip Filmar fad0fdecfa Implements distributed OIDC claims. 
A distributed claim allows the OIDC provider to delegate a claim to a
separate URL.  Distributed claims are of the form as seen below, and are
defined in the OIDC Connect Core 1.0, section 5.6.2.

See: https://openid.net/specs/openid-connect-core-1_0.html#AggregatedDistributedClaims

Example claim:

```
{
  ... (other normal claims)...
  "_claim_names": {
    "groups": "src1"
  },
  "_claim_sources": {
    "src1": {
      "endpoint": "https://www.example.com",
      "access_token": "f005ba11"
    },
  },
}
```

Example response to a followup request to https://www.example.com is a
JWT-encoded claim token:

```
{
  "iss": "https://www.example.com",
  "aud": "my-client",
  "groups": ["team1", "team2"],
  "exp": 9876543210
}
```

Apart from the indirection, the distributed claim behaves exactly
the same as a standard claim.  For Kubernetes, this means that the
token must be verified using the same approach as for the original OIDC
token.  This requires the presence of "iss", "aud" and "exp" claims in
addition to "groups".

All existing OIDC options (e.g. groups prefix) apply.

Any claim can be made distributed, even though the "groups" claim is
the primary use case.

Allows groups to be a single string due to
https://github.com/kubernetes/kubernetes/issues/33290, even though
OIDC defines "groups" claim to be an array of strings. So, this will
be parsed correctly:

```
{
  "iss": "https://www.example.com",
  "aud": "my-client",
  "groups": "team1",
  "exp": 9876543210
}
```

Expects that distributed claims endpoints return JWT, per OIDC specs.

In case both a standard and a distributed claim with the same name
exist, standard claim wins.  The specs seem undecided about the correct
approach here.

Distributed claims are resolved serially.  This could be parallelized
for performance if needed.

Aggregated claims are silently skipped.  Support could be added if
needed.

Kubernetes-commit: dfb527843ca1720ad64383fa5d6baea4113daa3e
 2018-02-22 02:14:50 -08:00
Matthias Bertschy 0203b2aa93 Update all script to use /usr/bin/env bash in shebang 
Kubernetes-commit: 9b15af19b22e91284eeb89827b2091caaec25bf6
 2018-04-16 18:31:44 +02:00
David Eads bf8532c54e remove KUBE_API_VERSIONS 
Kubernetes-commit: a68c57155e728b2782408cbab88ecee0444a4ba8
 2018-04-25 16:07:15 -04:00
David Eads 88d943c0e6 eliminate indirection from type registration 
Kubernetes-commit: e7fbbe0e3c91f34836b999e695aa133503cfdae5
 2018-04-24 08:21:23 -04:00
Mik Vyatskov 53e0783ab7 Implemented truncating audit backend 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 52fae991305e3252ccc5c9c86a9b7abc04c149af
 2018-03-23 16:13:34 +01:00
Jordan Liggitt be5dc4d760 Log webhook request error 
Kubernetes-commit: 55c66f79a6ab71fd2eaa5574bb13a2632236e640
 2018-04-17 11:25:26 -04:00
rithu john 6f00834df1 oidc authentication: Required claims support 
Kubernetes-commit: dd433b595f5f0b1d9a5195b3dbefe0fd2afc425d
 2018-04-03 10:54:09 -07:00
rithu john 2c968342df oidc authentication: email_verified claim is not required for JWT validation 
Kubernetes-commit: 1f25319077f9b371440a66eebbd3d1e0edcbfda9
 2018-03-21 16:15:17 -07:00
hangaoshuai f5c57057ab remove unused code authenticator/password/allow 
Kubernetes-commit: bf44c29932711c27d4b64e2443627fd16e809119
 2018-03-15 17:14:28 +08:00
Cao Shufeng 0e5b010b14 [advanced audit]fix comment about throttle burst 
Kubernetes-commit: c6f72c20d121a8f4e161d490af0aa2db48e05caf
 2018-03-09 18:07:04 +08:00
Kubernetes Publisher 627fa76a8b sync: initially remove files BUILD */BUILD BUILD.bazel */BUILD.bazel 2018-03-15 09:38:17 +00:00
Tim Allclair d89e8e9460 Fix default auditing options. 
- Log backend defaults to blocking mode (backwards compatability)
- Fix webhook validation
- Add options test

Kubernetes-commit: e004257919d779d56f27ad84c7f33799cc7ab580
 2018-03-02 15:16:37 -08:00
Cao Shufeng 6466b038b4 fix option --audit-webhook-initial-backoff 
Before this change, --audit-webhook-initial-backoff has no effect

Kubernetes-commit: 5bc5cd1b2ccb0b9fb5e652b579b4fb379428cb56
 2018-03-10 17:44:20 +08:00
Eric Chiang d75d797054 oidc: add rithujohn191 as a reviewer 
Kubernetes-commit: 3561f23128a35a53256e541776eea1a7c3437c11
 2018-03-05 10:44:33 -08:00
Mik Vyatskov 9169f6d300 Add buffering to the log audit backend 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 881e6d4f6f905079b2c27299e7b631b6903b6815
 2018-02-22 19:52:33 +01:00
Mik Vyatskov 054769c183 Introduce buffered audit backend 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 3f0e49aea430c30f4539d34c0f93486fd451d073
 2018-02-20 15:25:46 +01:00
Eric Chiang ee1578474d bump(github.com/coreos/go-oidc): 065b426bd41667456c1a924468f507673629c46b 
Kubernetes-commit: 379af0405c318de9a009e339ee03a1d8ab0cde2f
 2018-01-19 11:18:27 -08:00
Eric Chiang 94fd51cf3a oidc authentication: generate testdata and delete old test packages 
Kubernetes-commit: 2d8cb9c4ad9a792ccfe5066f55e725ca50c77330
 2018-01-19 11:15:38 -08:00
Eric Chiang 1acdd69460 oidc authentication: switch to v2 of coreos/go-oidc 
Kubernetes-commit: 48c6d1abf5de6ac8167bbe3af07963ceb91a6716
 2018-01-19 11:14:05 -08:00
Jeff Grafton 1ab12b2dc8 Autogenerated: hack/update-bazel.sh 
Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e
 2018-02-16 13:43:01 -08:00
Davanum Srinivas 650e119954 Remove experimental keystone authenticator 
experimental-keystone-url and experimental-keystone-ca-file were always
experimental. So we don't need a deprecation period.
KeystoneAuthenticator was on the server side and needed userid/password
to be passed in and used that to authenticate with Keystone. We now
have authentication and authorization web hooks that can be used. There
is a external repo with a webook for keystone which works fine along
with the kubectl auth provider that was added in:
a0cebcb559c5c0ab8a2e50b1ee11cc62f9ebb3a8

So we don't need this older style / hard coded / experimental code
anymore.

Kubernetes-commit: 18590378c4491eacdea5cd05f98c92fe84020263
 2018-02-07 13:17:29 -05:00
halfcrazy 6f8c3a80da fix typo in package apiserver 
Kubernetes-commit: 0da91a8577ddfdeaff985cbb6c0da69d5a2ffc81
 2018-02-01 03:04:33 +08:00
Jeff Grafton c8a97ee31a Autogenerate BUILD files 
Kubernetes-commit: efee0704c60a2ee3049268a41535aaee7f661f6c
 2017-12-23 13:06:26 -08:00
Mik Vyatskov 8977dcee4a Make audit batch webhook backend configurable 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 7e717ef3a6a57d31251ccee94d9e2dd29a70c27b
 2017-11-30 18:47:48 +01:00
Mike Danese c7a7912588 add deny to SAR API 
Kubernetes-commit: 096da12fc4bf3c8b4003679d22f7228d3d178e54
 2017-10-13 13:51:38 -07:00
Mike Danese 06a5d25846 move authorizers over to new interface 
Kubernetes-commit: 12125455d84c75562e6dd6a183762549adff747f
 2017-09-29 14:21:40 -07:00
Jeff Grafton f4dbe23125 update BUILD files 
Kubernetes-commit: aee5f457dbfd70c2d15c33e392dce6a3ca710116
 2017-10-12 13:52:10 -07:00
Cao Shufeng f7e881914a support micro time for advanced audit 
Kubernetes-commit: 817bc6954ca9af02013fd8f492f8ef865c217b0d
 2017-09-25 11:56:30 +08:00
Mik Vyatskov 29522c33dc Add throttling to the batching audit webhook 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 6bce120a11782caad7ea477aaaafe3ba31f797d1
 2017-10-05 23:19:45 +02:00
Mik Vyatskov bddf432ba6 Adjust defaults of audit webhook backends 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 5f4ff9f28341d58a4a905a0e86742aa6c90e81bf
 2017-10-05 23:18:55 +02:00
CaoShufeng 5d22e67a97 enhance unit tests of advance audit feature 
This change does three things:
    1. use auditinternal for unit test in filter stage
    2. add a seperate unit test for Audit-ID http header
    3. add unit test for audit log backend

Kubernetes-commit: c030026b544da2dd7ef7201019bdc0ac255c2d23
 2017-09-09 21:44:30 +00:00
Eric Chiang 8a6b3f7f2e oidc auth: make the OIDC claims prefix configurable 
Add the following flags to control the prefixing of usernames and
groups authenticated using OpenID Connect tokens.

	--oidc-username-prefix
	--oidc-groups-prefix

Kubernetes-commit: 1f8ee7fe13490a8e8e0e7801492770caca9f9b5c
 2017-09-04 14:03:47 +00:00
Maciej Szulik 3c2866020c Switch audit output to v1beta1 
Kubernetes-commit: f3487f08c6c2444adde9ba110263c9132769332b
 2017-09-03 14:04:14 +00:00
Chen Rong b4c851a534 generated 
Kubernetes-commit: ed8adf6e51d76b3652be3b433b2dab590f1ff1f0
 2017-09-03 14:04:11 +00:00
xilabao a50d8a0b4f add selfsubjectrulesreview api 
Kubernetes-commit: f14c1384387ac196e87334b5a0e05e01d7581387
 2017-09-03 14:04:10 +00:00
Cao Shufeng cbc6b83455 remove dead code for cloner 
I found some dead code in audit webhook backend.
This change do some clean work for: 2bbe72d4e0

Kubernetes-commit: 7b5c7bb711e7f15a1bf216a7a51fd40148110fba
 2017-08-29 13:16:15 +00:00
Dr. Stefan Schimanski 24a3b34c79 audit: disable new v1beta1 types until incompatible changes are done 
Kubernetes-commit: 1dc251a1604b1576258f123ac8dd8390bba2e4a9
 2017-08-29 13:16:13 +00:00
Cao Shufeng 24b54db39e run hack/update-all.sh 
Kubernetes-commit: 0410221c3fec1a54cde05104b92e44e13cddc77a
 2017-08-29 13:16:13 +00:00
Cao Shufeng 3468d049a7 upgrade advanced audit to v1beta1 
Kubernetes-commit: f4e8b8f1464e588306d5c1c4ffdc1a6cb1e9313b
 2017-08-29 13:16:13 +00:00
Mik Vyatskov 04aa1e08ec Implement batching audit webhook graceful shutdown 
Kubernetes-commit: 7798d32fc787d79da617914259d9285e558054f7
 2017-08-29 13:16:12 +00:00
Dr. Stefan Schimanski 86ef841256 apiservers: add synchronous shutdown mechanism on SIGTERM+INT 
Kubernetes-commit: 11b25366bc7bfe2ad273c8bf9c332fd9d233bffc
 2017-08-29 13:16:11 +00:00
Jeff Grafton 6c539a43c6 Use buildozer to delete licenses() rules except under third_party/ 
Kubernetes-commit: a7f49c906df816123e7d4ccbd4cebab411519465
 2017-08-29 13:15:24 +00:00
Jeff Grafton 6caa2933ae Use buildozer to remove deprecated automanaged tags 
Kubernetes-commit: 33276f06be5e872bf53ca62a095fcf0a6b6c11a8
 2017-08-29 13:15:24 +00:00
Jeff Grafton 44942b068a Run hack/update-bazel.sh to generate BUILD files 
Kubernetes-commit: 3579017b865ddbc5449d6bba87346f086e4b93ff
 2017-08-29 13:13:51 +00:00
Davanum Srinivas 7d27fa3fec Add missing UID in SubjectAccessReviewSpec 
WebhookAuthorizer's Authorize should send *all* the information
present in the user.Info data structure. We are not sending the
UID currently.

Kubernetes-commit: 9a761b16c1558106800222dbc52f6ab03c40c64c
 2017-08-29 13:13:50 +00:00
Cao Shufeng 008d37c785 fix typo 
Kubernetes-commit: 6c7aef07cbdea73a9c7eabb48a668f9dfba0210b
 2017-07-28 13:56:11 +00:00
Eric Chiang 6fb062b0b3 *: remove --insecure-allow-any-token option 
e2e and integration tests have been switched over to the tokenfile
authenticator instead.

```release-note
The --insecure-allow-any-token flag has been removed from kube-apiserver. Users of the flag should use impersonation headers instead for debugging.
```

Kubernetes-commit: e2f2ab67f29d3e859e0b3e6668d8d770d93132fc
 2017-07-28 13:56:11 +00:00
Dr. Stefan Schimanski e24df9a2e5 Update generated code 
Kubernetes-commit: 8dd0989b395b29b872e1f5e06934721863e4a210
 2017-07-19 03:49:08 +00:00
Dr. Stefan Schimanski 42619eca71 deepcopy: misc fixes for static deepcopy compilation 
- port direct calls to deepcopy funcs
- apimachinery: fix types in unstructured converter test
- federation: fix deepcopy registration

Kubernetes-commit: 2bbe72d4e09f7c95e1ad851187d4733a54644fbe
 2017-07-19 03:49:08 +00:00
Dr. Stefan Schimanski 8304eb8a20 audit: fix deepcopy registration 
Kubernetes-commit: ad23081273785668ee2520e5349cf0b05f64e41f
 2017-07-16 04:08:41 +00:00
Cao Shufeng 8bc6800aeb support json output for log backend of advanced audit 
Kubernetes-commit: bc94370e9cbf3e54dc7dab1dbfc7404815eafb4c
 2017-07-16 04:08:41 +00:00
Cao Shufeng d0c809bf05 remove unused function and variable from audit backend 
Kubernetes-commit: 00e871a84623c3e2565270604255e5467eaada8d
 2017-07-05 08:39:50 +00:00
Chao Xu 8be42ee0d0 run hack/update-all 
Kubernetes-commit: 60604f8818aecbc9c3736fbc32747cc0a535bc80
 2017-06-28 00:14:31 +00:00
Chao Xu 81b7aaaa7d run root-rewrite-import-client-go-api-types 
Kubernetes-commit: f2d3220a11111f86b2f481e70e3c1ca4f5896f44
 2017-06-28 00:14:31 +00:00
Cao Shufeng 9b573e7060 Remove extra empty lines from log 
remove extra "\n" from Everything()

Kubernetes-commit: 3816b6fde565720ac09177d30fb63d718dca8692
 2017-06-13 20:47:33 +00:00
Tim St. Clair 91a3addb8d Instrument advanced auditing 
Kubernetes-commit: b77c8198f002f9a9c7bdca11d28cac1710bbb185
 2017-06-13 20:47:30 +00:00
Eric Chiang be1a712a68 apiserver: add a webhook implementation of the audit backend 
Kubernetes-commit: a88e0187f9f6083ed68d18e939a776c44c728e4b
 2017-06-13 20:47:30 +00:00
Dr. Stefan Schimanski a177d01bf0 audit: uniform 2 or 3 events for short/long running requests 
Kubernetes-commit: 548f7be8fa10b6cbedcf179af088536e76a6c0e3
 2017-06-13 20:47:29 +00:00
Dr. Stefan Schimanski 94ea219615 Update bazel 
Kubernetes-commit: 9fdc36a47ada0bc34ee53b68edd085d368ed9012
 2017-06-13 20:47:28 +00:00
Dr. Stefan Schimanski f7d766d92d audit: add audit event to the context and fill in handlers 
Kubernetes-commit: 0b5bcb021932355b3ff7c2b45fb579f4adad84bf
 2017-06-13 20:47:28 +00:00
Clayton Coleman 3cbbcf996a Move pkg/util/cache to apimachinery 
Will be used by client-go as well

Kubernetes-commit: 529e627c8a4338d48cd2bf658303bac6fef6aaaa
 2017-05-21 17:28:01 +00:00
Chao Xu 3ffeae2ff7 hack/update-bazel.sh 
Kubernetes-commit: 14045d253d11c801ad94f0928cb9b13a224ee18f
 2017-05-13 17:27:43 +00:00
Chao Xu e46eb82a82 remove invocation of k8s.io/client-go/pkg/api/install 
change import of client-go/api/helper to kubernetes/api/helper

remove unnecessary use of client-go/api.registry

change use of client-go/pkg/util to kubernetes/pkg/util

remove dependency on client-go/pkg/apis/extensions

remove unnecessary invocation of k8s.io/client-go/extension/intsall

change use of k8s.io/client-go/pkg/apis/authentication to v1

Kubernetes-commit: c354076aa41e3cf417b291d5f0eff2b70395ac30
 2017-05-13 17:27:42 +00:00
Chao Xu e84e32eaa5 remove references to client-go/pkg/api 
Kubernetes-commit: d978f22e04519f6eecfde839110c398dc28d4e8e
 2017-05-03 20:36:26 +00:00