deads2k
467b7d928f
add clusterrolebindings to bootstrapping
2016-10-10 15:00:35 -04:00
deads2k
4e2f819695
add tests proving rbac rule matches
2016-09-26 11:27:24 -04:00
deads2k
87ff84a7b0
add system:discovery role
2016-09-26 11:27:24 -04:00
deads2k
b330b0a220
start creating controller SA roles. start with just one
2016-09-26 09:31:36 -04:00
deads2k
a2a6423574
separate RESTStorage by API group
2016-09-20 08:00:50 -04:00
deads2k
7d1f13d3e0
add GenericAPIServer posthooks for initialization
2016-09-19 14:58:27 -04:00
deads2k
1943d256d2
make rbac authorizer use rule comparison, not covers
2016-09-16 15:53:42 -04:00
deads2k
8c788233e7
change rbac roleref type
2016-09-09 09:55:51 -04:00
deads2k
1e7adaa5c0
allow restricting subresource access
2016-08-03 08:19:57 -04:00
Michal Rostecki
fa0dd46ab7
Return (bool, error) in Authorizer.Authorize()
...
Before this change, Authorize() method was just returning an error,
regardless of whether the user is unauthorized or whether there
is some other unrelated error. Returning boolean with information
about user authorization and error (which should be unrelated to
the authorization) separately will make it easier to debug.
Fixes #27974
2016-07-18 12:06:54 +02:00
deads2k
f6f1ab34aa
authorize based on user.Info
2016-07-14 07:48:42 -04:00
Eric Chiang
addc4b166c
rbac authorizer: support non-resource urls with stars ("/apis/*")
2016-07-12 10:01:53 -07:00
Eric Chiang
411922f66c
rbac authorizer: include verb in non-resource url requests
2016-07-12 10:01:53 -07:00
David McMahon
ef0c9f0c5b
Remove "All rights reserved" from all the headers.
2016-06-29 17:47:36 -07:00
Eric Chiang
d13e351028
add unit and integration tests for rbac authorizer
2016-06-14 11:07:48 -07:00
Eric Chiang
ef40aa9572
pkg/master: enable certificates API and add rbac authorizer
2016-05-25 14:24:47 -07:00
