github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
93,054 Commits 1 Branch 31 Tags 1,019 MiB
479249b3a3
Commit Graph

23 Commits

Author SHA1 Message Date
Jordan Liggitt
92eb072989 Propagate context to Authorize() calls 2019-09-24 11:14:54 -04:00
David Eads
092714ea0f switch rbac to external 2018-05-22 08:17:05 -04:00
Mike Danese
12125455d8 move authorizers over to new interface 2017-11-03 13:46:28 -07:00
David Eads
e8a703b651 allow */subresource in rbac policy rules 2017-10-16 16:17:51 -04:00
Jordan Liggitt
67360883bc
Switch to pointer to policy rule, visit and short circuit during authorization 2017-04-20 10:52:53 -04:00
Jordan Liggitt
2a76fa1c8f
Switch RBAC subject apiVersion to apiGroup in v1beta1 2017-02-13 15:33:09 -05:00
Clayton Coleman
9a2a50cda7
refactor: use metav1.ObjectMeta in other types 2017-01-17 16:17:19 -05:00
Dr. Stefan Schimanski
cf60bec396 Split out server side code from pkg/apis/rbac/validation 2017-01-11 18:31:58 +01:00
deads2k
4d7fcae85a mechanicals 2017-01-05 11:14:27 -05:00
deads2k
ca58ec0237 mechanical changes for move 2017-01-04 10:27:05 -05:00
deads2k
2923d09091 remove rbac super user 2016-12-05 13:49:54 -05:00
deads2k
252d8b7066 add rbac action to subjects type 2016-11-08 07:47:11 -05:00
deads2k
ceaf026881 slim down authorization listing interfaces 2016-10-13 07:50:01 -04:00
deads2k
4e2f819695 add tests proving rbac rule matches 2016-09-26 11:27:24 -04:00
deads2k
8c788233e7 change rbac roleref type 2016-09-09 09:55:51 -04:00
deads2k
1e7adaa5c0 allow restricting subresource access 2016-08-03 08:19:57 -04:00
Michal Rostecki
fa0dd46ab7 Return (bool, error) in Authorizer.Authorize() 
Before this change, Authorize() method was just returning an error,
regardless of whether the user is unauthorized or whether there
is some other unrelated error. Returning boolean with information
about user authorization and error (which should be unrelated to
the authorization) separately will make it easier to debug.

Fixes #27974
 2016-07-18 12:06:54 +02:00
deads2k
f6f1ab34aa authorize based on user.Info 2016-07-14 07:48:42 -04:00
Eric Chiang
addc4b166c rbac authorizer: support non-resource urls with stars ("/apis/*") 2016-07-12 10:01:53 -07:00
Eric Chiang
411922f66c rbac authorizer: include verb in non-resource url requests 2016-07-12 10:01:53 -07:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Eric Chiang
d13e351028 add unit and integration tests for rbac authorizer 2016-06-14 11:07:48 -07:00
Eric Chiang
ef40aa9572 pkg/master: enable certificates API and add rbac authorizer 2016-05-25 14:24:47 -07:00