kubernetes

Author	SHA1	Message	Date
Jordan Liggitt	7f4e5c5676	Use namespace from context	2017-03-07 14:02:13 -05:00
Jordan Liggitt	2a76fa1c8f	Switch RBAC subject apiVersion to apiGroup in v1beta1	2017-02-13 15:33:09 -05:00
Dr. Stefan Schimanski	536460e1d9	Mechanical fixup imports: pkg/genericapiserver	2017-02-03 08:15:45 +01:00
deads2k	0d8e6b8500	move genericapiserver authenticator and authorizer factories	2017-01-26 08:50:47 -05:00
Dr. Stefan Schimanski	4077e0bba7	genericapiserver: move authn plugins into k8s.io/apiserver	2017-01-24 20:56:03 +01:00
Clayton Coleman	469df12038	refactor: move ListOptions references to metav1	2017-01-23 17:52:46 -05:00
deads2k	ee6752ef20	find and replace	2017-01-20 08:04:53 -05:00
Kubernetes Submit Queue	ac857a5ade	Merge pull request #40106 from deads2k/client-09-switch Automatic merge from submit-queue make client-go more authoritative Builds on https://github.com/kubernetes/kubernetes/pull/40103 This moves a few more support package to client-go for origination. 1. restclient/watch - nodep 1. util/flowcontrol - used interface 1. util/integer, util/clock - used in controllers and in support of util/flowcontrol	2017-01-19 06:34:49 -08:00
deads2k	cdb2934bbc	remove kubernetes copy of clientcmd types	2017-01-19 07:39:19 -05:00
Dr. Stefan Schimanski	3d9449a353	genericapiserver: fix imports	2017-01-19 13:06:47 +01:00
Kubernetes Submit Queue	302d3ab1d7	Merge pull request #39625 from deads2k/rbac-36-beta Automatic merge from submit-queue (batch tested with PRs 39625, 39842) Add RBAC v1beta1 Add `rbac.authorization.k8s.io/v1beta1`. This scrubs `v1alpha1` to remove cruft, then add `v1beta1`. We'll update other bits of infrastructure to code to `v1beta1` as a separate step. ```release-note The `attributeRestrictions` field has been removed from the PolicyRule type in the rbac.authorization.k8s.io/v1alpha1 API. The field was not used by the RBAC authorizer. ``` @kubernetes/sig-auth-misc @liggitt @erictune	2017-01-18 10:19:11 -08:00
deads2k	e74efe41a0	add rbac v1beta1	2017-01-18 09:49:33 -05:00
deads2k	4f915039e4	move pkg/client/transport to client-go	2017-01-18 07:56:01 -05:00
Clayton Coleman	9a2a50cda7	refactor: use metav1.ObjectMeta in other types	2017-01-17 16:17:19 -05:00
Dr. Stefan Schimanski	bf307d9948	genericapiserver: cut off pkg/serviceaccount dependency	2017-01-17 09:36:10 +01:00
deads2k	f1176d9c5c	mechanical repercussions	2017-01-13 08:27:14 -05:00
Timothy St. Clair	fbc5323dad	Refactor registry to use store vs. etcd	2017-01-12 09:23:38 -06:00
deads2k	c4fae4e690	mechanical repercussions	2017-01-11 15:20:36 -05:00
deads2k	6a4d5cd7cc	start the apimachinery repo	2017-01-11 09:09:48 -05:00
Jordan Liggitt	a2670d3b9d	Allow rolebinding/clusterrolebinding with explicit bind permission check	2017-01-10 14:34:33 -05:00
deads2k	4d7fcae85a	mechanicals	2017-01-05 11:14:27 -05:00
deads2k	ca58ec0237	mechanical changes for move	2017-01-04 10:27:05 -05:00
Jordan Liggitt	742ef34484	Convert user/group * to match authenticated users only in ABAC	2016-12-19 13:41:35 -05:00
Monis Khan	a6bafbacbf	Refactor REST storage to use generic defaults Signed-off-by: Monis Khan <mkhan@redhat.com>	2016-12-08 17:24:21 -05:00
deads2k	2923d09091	remove rbac super user	2016-12-05 13:49:54 -05:00
Jordan Liggitt	d3991aa7c6	Cleanup auth logging, allow starting secured kubelet in local-up-cluster.sh	2016-11-03 16:17:11 -04:00
deads2k	f56cbfa8d5	add healthz to genericapiserver	2016-11-01 14:39:33 -04:00
deads2k	ceaf026881	slim down authorization listing interfaces	2016-10-13 07:50:01 -04:00
deads2k	518d5500c7	remove testapi.Default.GroupVersion	2016-10-07 10:10:54 -04:00
deads2k	9f4f6a1cba	fix integration tests for loopback client	2016-10-04 08:40:59 -04:00
Dr. Stefan Schimanski	61409c821b	Turn embedding into composition: master.Config.{Config -> GenericConfig}	2016-09-29 08:09:39 +02:00
Dr. Stefan Schimanski	b4c6a68036	Unify genericapiserver Config.New() and master Config.New()	2016-09-28 19:19:54 +02:00
deads2k	b330b0a220	start creating controller SA roles. start with just one	2016-09-26 09:31:36 -04:00
deads2k	a2a6423574	separate RESTStorage by API group	2016-09-20 08:00:50 -04:00
deads2k	7d1f13d3e0	add GenericAPIServer posthooks for initialization	2016-09-19 14:58:27 -04:00
deads2k	8fac64b43f	add localSAR	2016-09-13 08:54:23 -04:00
deads2k	8c788233e7	change rbac roleref type	2016-09-09 09:55:51 -04:00
deads2k	97529e3687	add selfsubjectaccessreview API	2016-08-29 09:51:54 -04:00
Eric Chiang	b4eaf625a0	pkg/genericapiserver/options: don't import pkg/apiserver Refactor the authorization options for the API server so pkg/apiserver isn't directly imported by the options package.	2016-08-18 13:01:50 -07:00
Hongchao Deng	d0938094d9	move new etcd storage into cacher	2016-08-12 18:40:20 -07:00
deads2k	32920b5617	add subjectaccessreviews resource	2016-08-05 11:20:56 -04:00
deads2k	60dd4a5d26	interesting changes to add tokenreviews endpoint to implement webhook	2016-08-03 08:37:45 -04:00
deads2k	aa3db4d995	make the resource prefix in etcd configurable for cohabitation	2016-07-27 07:51:40 -04:00
Wojciech Tyczynski	4d0d115690	Revert "add tokenreviews endpoint to implement webhook"	2016-07-21 09:40:35 +02:00
deads2k	2c4a9f2e8d	interesting changes to add tokenreviews endpoint to implement webhook	2016-07-20 15:11:56 -04:00
Michal Rostecki	fa0dd46ab7	Return (bool, error) in Authorizer.Authorize() Before this change, Authorize() method was just returning an error, regardless of whether the user is unauthorized or whether there is some other unrelated error. Returning boolean with information about user authorization and error (which should be unrelated to the authorization) separately will make it easier to debug. Fixes #27974	2016-07-18 12:06:54 +02:00
deads2k	f6f1ab34aa	authorize based on user.Info	2016-07-14 07:48:42 -04:00
Mike Danese	f3de21bdf0	move integration tests into individual pacakges Signed-off-by: Mike Danese <mikedanese@google.com>	2016-07-07 00:54:15 -07:00

48 Commits