kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,752 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

73 Commits

Author SHA1 Message Date
Eric Chiang 1fa829c7c8 Audit policy v1beta1 now supports matching subresources and resource names. 
policy:
	- level: Metadata
	  resources:
	  - group: ""
	    resources ["pods/logs"]
	- level: None
	  resources:
	  - group: ""
	    resources: ["configmaps"]
	    resourceNames: ["controller-leader"]

The top level resource no longer matches the subresource. For example "pods"
no longer matches requests to the logs subresource on pods.

```release-note
Audit policy supports matching subresources and resource names, but the top level resource no longer matches the subresouce. For example "pods" no longer matches requests to the logs subresource of pods. Use "pods/logs" to match subresources.
```

Kubernetes-commit: 85491f1578b9b97751a332d3b957d874cecf27b3
 2017-09-01 16:38:01 +00:00
Cao Shufeng 24b54db39e run hack/update-all.sh 
Kubernetes-commit: 0410221c3fec1a54cde05104b92e44e13cddc77a
 2017-08-29 13:16:13 +00:00
Cao Shufeng 3468d049a7 upgrade advanced audit to v1beta1 
Kubernetes-commit: f4e8b8f1464e588306d5c1c4ffdc1a6cb1e9313b
 2017-08-29 13:16:13 +00:00
Mik Vyatskov 04aa1e08ec Implement batching audit webhook graceful shutdown 
Kubernetes-commit: 7798d32fc787d79da617914259d9285e558054f7
 2017-08-29 13:16:12 +00:00
Dr. Stefan Schimanski 86ef841256 apiservers: add synchronous shutdown mechanism on SIGTERM+INT 
Kubernetes-commit: 11b25366bc7bfe2ad273c8bf9c332fd9d233bffc
 2017-08-29 13:16:11 +00:00
Jeff Grafton 6c539a43c6 Use buildozer to delete licenses() rules except under third_party/ 
Kubernetes-commit: a7f49c906df816123e7d4ccbd4cebab411519465
 2017-08-29 13:15:24 +00:00
Jeff Grafton 6caa2933ae Use buildozer to remove deprecated automanaged tags 
Kubernetes-commit: 33276f06be5e872bf53ca62a095fcf0a6b6c11a8
 2017-08-29 13:15:24 +00:00
Jeff Grafton 44942b068a Run hack/update-bazel.sh to generate BUILD files 
Kubernetes-commit: 3579017b865ddbc5449d6bba87346f086e4b93ff
 2017-08-29 13:13:51 +00:00
Cao Shufeng d248b52a81 Fix Audit-ID header key 
Now http header key "Audit-ID" doesn't have effect, because golang
automaticly transforms "Audit-ID" into "Audit-Id". This change use
http.Header.Get() function to canonicalize "Audit-ID" to "Audit-Id".

Kubernetes-commit: f21bc7bb9a82378e8b24f72c66dfd23bc8113f20
 2017-07-06 23:56:07 +00:00
Cao Shufeng af4570c690 update events' ResponseStatus at Metadata level 
ResponseStatus is populated in MetadataLevel, so we also update it in
MetadataLevel.

Kubernetes-commit: b6abcacb38d5da7c70ea9f3e6f673c8beeb90092
 2017-07-04 08:39:44 +00:00
Tim St. Clair dc4be7ced9 s/count/total/ in audit prometheus metrics 
Kubernetes-commit: b34d6ab890d3d73b391a876125d1ea3141c54f1d
 2017-06-28 00:14:32 +00:00
Chao Xu 8be42ee0d0 run hack/update-all 
Kubernetes-commit: 60604f8818aecbc9c3736fbc32747cc0a535bc80
 2017-06-28 00:14:31 +00:00
Chao Xu 81b7aaaa7d run root-rewrite-import-client-go-api-types 
Kubernetes-commit: f2d3220a11111f86b2f481e70e3c1ca4f5896f44
 2017-06-28 00:14:31 +00:00
Tim St. Clair 64014c6e25 audit: Fill in full ObjectRef, include in LevelMetadata 
Kubernetes-commit: 28beb4572e676b9073f400fb6ccf2720381a41d0
 2017-06-14 20:44:08 +00:00
Cao Shufeng 9b573e7060 Remove extra empty lines from log 
remove extra "\n" from Everything()

Kubernetes-commit: 3816b6fde565720ac09177d30fb63d718dca8692
 2017-06-13 20:47:33 +00:00
Tim St. Clair 91a3addb8d Instrument advanced auditing 
Kubernetes-commit: b77c8198f002f9a9c7bdca11d28cac1710bbb185
 2017-06-13 20:47:30 +00:00
Cao Shufeng df4801fa4e empty audit policy file is legal configuration 
Empty audit policy file or policy file contains only comments means
using default audit level for all requests.

Kubernetes-commit: b6b2a30e830cc362c41ec1014ed9f3ef3535f93b
 2017-06-13 20:47:30 +00:00
Eric Chiang be1a712a68 apiserver: add a webhook implementation of the audit backend 
Kubernetes-commit: a88e0187f9f6083ed68d18e939a776c44c728e4b
 2017-06-13 20:47:30 +00:00
Dr. Stefan Schimanski 8b776edc46 audit: fill in sub-resource 
Kubernetes-commit: 019003b9266872f912b188708583141a34561007
 2017-06-13 20:47:29 +00:00
Tim St. Clair 8ff532a4cb Implement audit policy logic 
Kubernetes-commit: a5de309ee261aea15bb1cc12647b32640c2ac196
 2017-06-13 20:47:28 +00:00
Tim St. Clair dac438aa53 Update existing code for audit API changes 
Kubernetes-commit: 4c54970d31f0e35f21247514fb946081e6ee0be5
 2017-06-13 20:47:28 +00:00
Dr. Stefan Schimanski 94ea219615 Update bazel 
Kubernetes-commit: 9fdc36a47ada0bc34ee53b68edd085d368ed9012
 2017-06-13 20:47:28 +00:00
Dr. Stefan Schimanski f7d766d92d audit: add audit event to the context and fill in handlers 
Kubernetes-commit: 0b5bcb021932355b3ff7c2b45fb579f4adad84bf
 2017-06-13 20:47:28 +00:00