Commit Graph

108 Commits

Author SHA1 Message Date
Tim Allclair
9d3670f358 Ensure testing credentials are labeled as such 2020-02-04 10:36:05 -08:00
Di Xu
5056161d4d auto-generated 2019-06-20 17:06:26 +08:00
Di Xu
af9ae4c11a refactor bootstrap token utils 2019-06-20 15:43:44 +08:00
Davanum Srinivas
954996e231
Move from glog to klog
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
2018-11-10 07:50:31 -05:00
zuoxiu.jm
e3b61ea9cf switch informer in token authn 2018-10-24 15:46:55 +08:00
Mike Danese
e5227216c0 rebase authenticators onto new interface. 2018-10-22 10:16:59 -07:00
Yu Liao
fc21115c3f Moved staging/src/k8s.io/client-go/tools/bootstrap to staging/src/k8s.io/cluster-bootstrap 2018-10-02 09:46:13 -07:00
Jeff Grafton
23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
Kubernetes Submit Queue
2716de27b1
Merge pull request #56568 from zouyee/sync
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

sync code from copy destination

**What this PR does / why we need it**:
sync code from copy destination

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:


**Special notes for your reviewer**:

**Release note**:

```
NONE

```
2018-04-28 18:26:38 -07:00
Jeff Grafton
ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
zouyee
eedf638072 sync code from copy destination 2018-01-20 14:38:16 +08:00
Gavin
f653d02b05 create auto-gen files 2018-01-17 16:23:03 +08:00
Gavin
bb5e156aba Add generic Bootstrap Token constants and helpers to client-go 2018-01-17 16:22:37 +08:00
Jeff Grafton
efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Dr. Stefan Schimanski
bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski
012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Jeff Grafton
aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Matt Moyer
fd5c00b38d Implement auth-extra-groups in bootstrap token authenticator.
This implements support for the new `auth-extra-groups` key in `bootstrap.kubernetes.io/token` secrets by adding extra groups to the user info returned for valid bootstrap tokens.
2017-08-25 16:23:01 -05:00
Matt Moyer
33e02aff60 Add extra group constants and validation to pkg/bootstrap/api.
This adds constants and validation for a new `auth-extra-groups` key on `bootstrap.kubernetes.io/token` secrets. This key allows a bootstrap token to authenticate to extra groups in addition to the `system:bootstrappers` group.

Extra groups are always applied in addition to the `system:bootstrappers` group, must begin with a `system:bootstrappers:` prefix, are limited in length, and are limited to a restricted set of characters (alphanumeric, colons, and dashes without a trailing colon/dash).
2017-08-25 16:04:53 -05:00
Jeff Grafton
a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton
33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Eric Chiang
f719b2670c bootstrap token auth: don't accept deleted tokens 2017-07-17 15:22:18 -07:00
Eric Chiang
f5fa115536 kube-apiserver: improve bootstrap token authentication error messages 2017-04-25 12:59:48 -07:00
Mike Danese
a05c3c0efd autogenerated 2017-04-14 10:40:57 -07:00
Joe Beda
c46d6bb825
Use constant time compare for bootstrap tokens
Signed-off-by: Joe Beda <joe.github@bedafamily.com>
2017-03-14 14:06:33 +00:00
Eric Chiang
a0df658b20 kube-apiserver: add a bootstrap token authenticator for TLS bootstrapping 2017-02-21 08:43:55 -08:00
Dr. Stefan Schimanski
4077e0bba7 genericapiserver: move authn plugins into k8s.io/apiserver 2017-01-24 20:56:03 +01:00
deads2k
5a8f075197 move authoritative client-go utils out of pkg 2017-01-24 08:59:18 -05:00
Antoine Pelisse
62af7dd33d OWNERS: Update latest OWNERS files
These files have been created lately, so we don't have much information
about them anyway, so let's just:
- Remove assignees and make them approvers
- Copy approves as reviewers
2017-01-23 10:05:48 -08:00
deads2k
ee6752ef20 find and replace 2017-01-20 08:04:53 -05:00
Kubernetes Submit Queue
ac857a5ade Merge pull request #40106 from deads2k/client-09-switch
Automatic merge from submit-queue

make client-go more authoritative

Builds on https://github.com/kubernetes/kubernetes/pull/40103

This moves a few more support package to client-go for origination.  
 1. restclient/watch - nodep
 1. util/flowcontrol - used interface
 1. util/integer, util/clock - used in controllers and in support of util/flowcontrol
2017-01-19 06:34:49 -08:00
deads2k
cdb2934bbc remove kubernetes copy of clientcmd types 2017-01-19 07:39:19 -05:00
Dr. Stefan Schimanski
3d9449a353 genericapiserver: fix imports 2017-01-19 13:06:47 +01:00
deads2k
31b6ba4e94 mechanicals 2017-01-13 16:33:09 -05:00
deads2k
633e9d98fc use apimachinery packages instead of client-go packages 2017-01-13 14:04:54 -05:00
deads2k
f1176d9c5c mechanical repercussions 2017-01-13 08:27:14 -05:00
deads2k
c4fae4e690 mechanical repercussions 2017-01-11 15:20:36 -05:00
deads2k
5280c8d3ac moves of genericapiserver packages without dependencies 2017-01-11 15:06:38 -05:00
deads2k
6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
deads2k
1df5b658f2 switch webhook to clientgo 2017-01-09 16:53:24 -05:00
Jeff Grafton
20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
deads2k
4d7fcae85a mechanicals 2017-01-05 11:14:27 -05:00
deads2k
ca58ec0237 mechanical changes for move 2017-01-04 10:27:05 -05:00
Kubernetes Submit Queue
016133cf7d Merge pull request #36087 from ericchiang/plugin-auth-oidc-verify-email
Automatic merge from submit-queue

oidc auth-n plugin: enforce email_verified claim

This change causes the OpenID Connect authenticator to start
enforcing the 'email_verified' claim.

https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims

If the OIDC authenticator uses the 'email' claim as a user's username
and the 'email_verified' is not set to `true`, reject that authentication attempt.

cc @erictune @kubernetes/sig-auth @mlbiam

```release-note
When using OIDC authentication and specifying --oidc-username-claim=email, an `"email_verified":true` claim must be returned from the identity provider.
```
2017-01-04 00:50:31 -08:00
Mike Danese
161c391f44 autogenerated 2016-12-29 13:04:10 -08:00
Chao Xu
03d8820edc rename /release_1_5 to /clientset 2016-12-14 12:39:48 -08:00
Mike Danese
c87de85347 autoupdate BUILD files 2016-12-12 13:30:07 -08:00
Eric Chiang
778812f63b oidc auth-n plugin: enforce email_verified claim
This change causes the OpenID Connect authenticator to start
enforcing the 'email_verified' claim.

https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims

If the OIDC authenticator uses the 'email' claim as a user's password
and the 'email_verified' holds the value false, reject that
authentication attempt.

If 'email_verified' is true or not present, continue as before.
2016-12-09 14:22:17 -08:00
xilabao
79b525e5a4 auth duplicate detect, add warning message 2016-12-07 09:06:39 +08:00
Clayton Coleman
3454a8d52c
refactor: update bazel, codec, and gofmt 2016-12-03 19:10:53 -05:00