kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,013 Commits 29 Branches 1,436 Tags 31 MiB
Commit Graph

63 Commits

Author SHA1 Message Date
Ibrahim AshShohail 47845b88c3 Update usages of http.ResponseWriter.WriteHeader to use http.Error 
Signed-off-by: Ibrahim AshShohail <me@ibrasho.com>

Kubernetes-commit: 2fb3ba71f196031e9b36095d64c921cacc54f44e
 2018-10-08 22:20:52 +03:00
Mike Danese 2ced48ac6e rebase authenticators onto new interface. 
Kubernetes-commit: e5227216c0796d725c695e36cfc1d54e7631d3a6
 2018-10-15 15:17:36 -07:00
xichengliudui 21f232e065 Remove duplicate words 
Kubernetes-commit: e39448237370df37d2f77bf98cf951a19b1e5b6c
 2018-10-15 15:55:49 -04:00
Mike Danese 37ab80320b tokenreview: add APIAudiences config to generic API server and augment context 
Kubernetes-commit: 21fd8f204128a7847786927b460d95be34a6dbde
 2018-10-09 22:04:52 -07:00
Marian Lobur 7dbcbd39e2 Remove deprecated legacy audit logging code. 
Kubernetes-commit: 3f730d4c255e7c8ee67a020eed0b8f0a8f634750
 2018-07-05 13:57:17 +02:00
Jordan Liggitt 3dc9519ac3 limit forbidden error to details of what was forbidden 
Kubernetes-commit: ecbd0137957b4afd4cdd94c0209998228fd70e99
 2018-08-20 15:36:39 -04:00
Jake Sanders 41bff9cd5e Escape illegal characters in remote extra keys 
Signed-off-by: Jake Sanders <jsand@google.com>

Kubernetes-commit: f35e3d07c9898f8ec156209a868fa4451eb9afe2
 2018-07-03 21:19:15 -07:00
Mike Danese cd0258b4d7 replace request.Context with context.Context 
Kubernetes-commit: 54fd2aaefd11e12a3ecb6d1a1326f04cdc8ea1a3
 2018-04-24 08:10:34 -07:00
Jordan Liggitt 25758bf0f8 Remove request context mapper 
Kubernetes-commit: 8ea88a5092c767fc3141512db924fd0435f7670e
 2018-04-18 11:12:15 -04:00
Cao Shufeng e8101c4ca7 Log rbac info into advanced audit event 
Kubernetes-commit: e87c2c9f27f7f9756a8b664d118d357b166bbd14
 2018-01-22 15:19:15 +08:00
Kubernetes Publisher 627fa76a8b sync: initially remove files BUILD */BUILD BUILD.bazel */BUILD.bazel 2018-03-15 09:38:17 +00:00
Wang Guoliang 32fe314a1e fix some syntax related errors 
Kubernetes-commit: d065157dd74fa02eec87f5849528b079a3736c3d
 2018-02-11 19:50:49 +08:00
Jeff Grafton 1ab12b2dc8 Autogenerated: hack/update-bazel.sh 
Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e
 2018-02-16 13:43:01 -08:00
halfcrazy 6f8c3a80da fix typo in package apiserver 
Kubernetes-commit: 0da91a8577ddfdeaff985cbb6c0da69d5a2ffc81
 2018-02-01 03:04:33 +08:00
WanLinghao 2eee1977e7 modified: staging/src/k8s.io/apiserver/pkg/endpoints/filters/authorization.go 
Kubernetes-commit: 983435bdcec2aa130243108820c5c928ed2f8bf3
 2018-01-31 14:21:42 +08:00
Cao Shufeng 2a2505e824 remove duplicated import 
Kubernetes-commit: 4e7398b67b12390486012dd6f9d708dd64f961f3
 2018-01-11 19:15:11 +08:00
Jeff Grafton c8a97ee31a Autogenerate BUILD files 
Kubernetes-commit: efee0704c60a2ee3049268a41535aaee7f661f6c
 2017-12-23 13:06:26 -08:00
Mike Danese 06a5d25846 move authorizers over to new interface 
Kubernetes-commit: 12125455d84c75562e6dd6a183762549adff747f
 2017-09-29 14:21:40 -07:00
Jeff Grafton f4dbe23125 update BUILD files 
Kubernetes-commit: aee5f457dbfd70c2d15c33e392dce6a3ca710116
 2017-10-12 13:52:10 -07:00
Cao Shufeng f7e881914a support micro time for advanced audit 
Kubernetes-commit: 817bc6954ca9af02013fd8f492f8ef865c217b0d
 2017-09-25 11:56:30 +08:00
Maciej Szulik 6959d4a79a Fill in creationtimestamp in audit events 
Kubernetes-commit: 3dd3e7aa5243228b49211f4bb40022a719cc57ac
 2017-09-09 21:44:33 +00:00
CaoShufeng 5d22e67a97 enhance unit tests of advance audit feature 
This change does three things:
    1. use auditinternal for unit test in filter stage
    2. add a seperate unit test for Audit-ID http header
    3. add unit test for audit log backend

Kubernetes-commit: c030026b544da2dd7ef7201019bdc0ac255c2d23
 2017-09-09 21:44:30 +00:00
Cao Shufeng 4905dd9b0c Provide a way to omit Event stages in audit policy 
Updates https://github.com/kubernetes/kubernetes/issues/48561
This provide a way to omit some stages for each audit policy rule.

For example:
  apiVersion: audit.k8s.io/v1beta1
  kind: Policy
  - level: Metadata
    resources:
       - group: "rbac.authorization.k8s.io"
         resources: ["roles"]
    omitStages:
      - "RequestReceived"

RequestReceived stage will not be emitted to audit backends with
previous config.

Kubernetes-commit: 47ba91450fbe7d9002bfc9d4a48a73256252821f
 2017-09-04 14:03:48 +00:00
David Eads 9f885389e9 make url parsing in apiserver configurable 
Kubernetes-commit: ccc7c9bdfa80caee93953a96dec0d689d93f08e5
 2017-09-04 14:03:48 +00:00
Maciej Szulik 3c2866020c Switch audit output to v1beta1 
Kubernetes-commit: f3487f08c6c2444adde9ba110263c9132769332b
 2017-09-03 14:04:14 +00:00
Cao Shufeng d781318aca audit real impersonated user info 
Log the newest impersonated user info in the second audit event. This
will help users to debug rbac problems.

Kubernetes-commit: 1c3dc52531b7761921c8855cafc58b669da111f1
 2017-09-03 14:04:13 +00:00
Maciej Szulik 677d724b3a Allow audit to log authorization failures 
Kubernetes-commit: 9fef244d4ccce0ea8daf37ab86a7af4892d000cf
 2017-09-03 14:04:12 +00:00
Cao Shufeng 9ab155429e Split APIVersion into APIGroup and APIVersion in audit events 
audit.Event.ObjectRef.APIVersion currently holds both the the API group and
version, separated by a /. This change break these out into separate fields.

This is part of:
https://github.com/kubernetes/kubernetes/issues/48561

Kubernetes-commit: c57eebfe2f8d36361d510f0afd926777a44cccd2
 2017-09-01 16:38:54 +00:00
Cao Shufeng 81eb3429e7 remove useless argument "name" 
Kubernetes-commit: 2e97611bc62b88c48777d6209a0ed28d17d0e52d
 2017-08-29 13:16:16 +00:00
Cao Shufeng 24b54db39e run hack/update-all.sh 
Kubernetes-commit: 0410221c3fec1a54cde05104b92e44e13cddc77a
 2017-08-29 13:16:13 +00:00
Cao Shufeng 3468d049a7 upgrade advanced audit to v1beta1 
Kubernetes-commit: f4e8b8f1464e588306d5c1c4ffdc1a6cb1e9313b
 2017-08-29 13:16:13 +00:00
Jeff Grafton 6c539a43c6 Use buildozer to delete licenses() rules except under third_party/ 
Kubernetes-commit: a7f49c906df816123e7d4ccbd4cebab411519465
 2017-08-29 13:15:24 +00:00
Jeff Grafton 6caa2933ae Use buildozer to remove deprecated automanaged tags 
Kubernetes-commit: 33276f06be5e872bf53ca62a095fcf0a6b6c11a8
 2017-08-29 13:15:24 +00:00
Cao Shufeng 4ace90bfb4 Return Audit-Id http header for trouble shooting 
Kubernetes-commit: 4a1e7ddaa6e0d2e92ce27d9846cfc8407e1fcb60
 2017-08-29 13:14:38 +00:00
Jeff Grafton 44942b068a Run hack/update-bazel.sh to generate BUILD files 
Kubernetes-commit: 3579017b865ddbc5449d6bba87346f086e4b93ff
 2017-08-29 13:13:51 +00:00
Cao Shufeng aeff5f2a0a add a regression test for Audit-ID http header 
This change add a test for: https://github.com/kubernetes/kubernetes/pull/48492

Kubernetes-commit: a5df09ba89f4c010eed76ffd985895aa80de9845
 2017-07-16 04:08:42 +00:00
Cao Shufeng 8bc6800aeb support json output for log backend of advanced audit 
Kubernetes-commit: bc94370e9cbf3e54dc7dab1dbfc7404815eafb4c
 2017-07-16 04:08:41 +00:00
Shiyang Wang 276c240fae Fix 401/403 apiserver errors do not return 'Status' objects 
Kubernetes-commit: 3d6479f7216dcb61e56ab6dd53fad7176930645d
 2017-07-05 23:59:23 +00:00
Cao Shufeng 755b51396c remove useless check from impersonation filter 
When groupsSpecified is false, that means no other groups are added
rather than the service account groups. So this check doesn't make
any sense.

Kubernetes-commit: 0a1e24f31e5dc1a4f193a6d564ed06e2535b2830
 2017-07-01 08:39:43 +00:00
Chao Xu 8be42ee0d0 run hack/update-all 
Kubernetes-commit: 60604f8818aecbc9c3736fbc32747cc0a535bc80
 2017-06-28 00:14:31 +00:00
Chao Xu 81b7aaaa7d run root-rewrite-import-client-go-api-types 
Kubernetes-commit: f2d3220a11111f86b2f481e70e3c1ca4f5896f44
 2017-06-28 00:14:31 +00:00
Cao Shufeng c396142d93 [legacy audit] add response audit for hijack 
Kubernetes-commit: 9212b0240de33344034c829f78a0f5c86aea6a0d
 2017-06-13 20:47:32 +00:00
deads2k 7e0854d484 test header removal for impersonation 
Kubernetes-commit: 38c25393df7bddd8356126634d70aa333ca1ac3b
 2017-06-13 20:47:32 +00:00
Cao Shufeng 42b5738617 fix invalid status code for hijacker 
When using hijacker to take over the connection, the http status code
should be 101 not 200.

PS:
Use "kubectl exec" as an example to review this change.

Kubernetes-commit: 541935b13f87e55199840a73cd3f158e7f0d7b63
 2017-06-13 20:47:31 +00:00
Cao Shufeng 89caee803d update copyed doc for advanced audit 
doc for WithAudit is copyed from WithLegacyAudit, it's out of date.
This change update doc for these two functions.

Kubernetes-commit: 82390af25083031e244107527fe5d9491ade937b
 2017-06-13 20:47:30 +00:00
Tim St. Clair 91a3addb8d Instrument advanced auditing 
Kubernetes-commit: b77c8198f002f9a9c7bdca11d28cac1710bbb185
 2017-06-13 20:47:30 +00:00
Dr. Stefan Schimanski a177d01bf0 audit: uniform 2 or 3 events for short/long running requests 
Kubernetes-commit: 548f7be8fa10b6cbedcf179af088536e76a6c0e3
 2017-06-13 20:47:29 +00:00
Dr. Stefan Schimanski 636c532e31 audit: fill in stage 
Kubernetes-commit: 1e94185f4425551f1c81ba7bbdbae110bc317abd
 2017-06-13 20:47:29 +00:00
Tim St. Clair a54d901fa7 Fix audit level none 
Kubernetes-commit: 93e1e54e290325d82e41d50f64057323879bdef2
 2017-06-13 20:47:29 +00:00
Tim St. Clair 8ff532a4cb Implement audit policy logic 
Kubernetes-commit: a5de309ee261aea15bb1cc12647b32640c2ac196
 2017-06-13 20:47:28 +00:00