github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
96,061 Commits 1 Branch 31 Tags 1,019 MiB
acb43c7c4a
Commit Graph

36 Commits

Author SHA1 Message Date
Davanum Srinivas
442a69c3bd
switch over k/k to use klog v2 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-16 07:54:27 -04:00
Gaurav Sofat
ac0ce7338e
Reflect DecisionNoOpinion in RBAC authorizer logs (#89608) 
* Reflect DecisionNoOpinion in RBAC authorizer logs

* Modify RBAC authorizer log message
 2020-04-08 13:37:44 -07:00
Jordan Liggitt
92eb072989 Propagate context to Authorize() calls 2019-09-24 11:14:54 -04:00
Davanum Srinivas
954996e231
Move from glog to klog 
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
 2018-11-10 07:50:31 -05:00
Samuel Davidson
3558f83957 Revert "Improve multi-authorizer errors" 
This reverts commit 1c012f1c49.
 2018-10-29 11:05:45 -07:00
Jordan Liggitt
1c012f1c49
Improve multi-authorizer errors 2018-07-06 10:55:17 -04:00
David Eads
092714ea0f switch rbac to external 2018-05-22 08:17:05 -04:00
Cao Shufeng
e87c2c9f27 Log rbac info into advanced audit event 2018-03-19 08:37:53 +08:00
Jordan Liggitt
b4fb25261e
return reason for allowed rbac authorizations 
includes the binding, role, and subject that allowed a request so audit can make use of it
 2018-01-19 14:32:39 -05:00
Jordan Liggitt
13854c46a7
Raise RBAC DENY log level 2017-12-14 00:06:23 -05:00
Mike Danese
12125455d8 move authorizers over to new interface 2017-11-03 13:46:28 -07:00
David Eads
e8a703b651 allow */subresource in rbac policy rules 2017-10-16 16:17:51 -04:00
xilabao
f14c138438 add selfsubjectrulesreview api 2017-09-01 19:09:43 +08:00
Monis Khan
8e7893e541
Refactor RBAC authorizer entry points 
This change refactors various RBAC authorizer functions to be more
flexible in their inputs.  This makes it easier to reuse the various
components that make up the authorizer.

Signed-off-by: Monis Khan <mkhan@redhat.com>
 2017-08-16 11:43:39 -04:00
Jordan Liggitt
e87bce1f8a
Quote groups in deny log message 2017-04-28 12:40:38 -04:00
Jordan Liggitt
67360883bc
Switch to pointer to policy rule, visit and short circuit during authorization 2017-04-20 10:52:53 -04:00
Jordan Liggitt
34782b203d
Add detailed RBAC deny logging 2017-02-15 01:05:43 -05:00
Jordan Liggitt
7f81e2e4ac
Improve RBAC denial audit logging 2017-01-14 17:31:58 -05:00
Dr. Stefan Schimanski
cf60bec396 Split out server side code from pkg/apis/rbac/validation 2017-01-11 18:31:58 +01:00
deads2k
4d7fcae85a mechanicals 2017-01-05 11:14:27 -05:00
deads2k
ca58ec0237 mechanical changes for move 2017-01-04 10:27:05 -05:00
xilabao
9b38eaf98e omit the reason if we don't have an error when using rbac 2017-01-04 11:41:43 +08:00
xilabao
2a77353164 extend err info when authorize failed 2016-12-22 14:47:56 +08:00
deads2k
17f600d671 rbac deny output for e2e tests 2016-12-21 13:51:50 -05:00
deads2k
2923d09091 remove rbac super user 2016-12-05 13:49:54 -05:00
deads2k
e1638f11a3 run authorization from a cache 2016-10-13 07:53:40 -04:00
deads2k
ceaf026881 slim down authorization listing interfaces 2016-10-13 07:50:01 -04:00
deads2k
a2a6423574 separate RESTStorage by API group 2016-09-20 08:00:50 -04:00
deads2k
1943d256d2 make rbac authorizer use rule comparison, not covers 2016-09-16 15:53:42 -04:00
deads2k
1e7adaa5c0 allow restricting subresource access 2016-08-03 08:19:57 -04:00
Michal Rostecki
fa0dd46ab7 Return (bool, error) in Authorizer.Authorize() 
Before this change, Authorize() method was just returning an error,
regardless of whether the user is unauthorized or whether there
is some other unrelated error. Returning boolean with information
about user authorization and error (which should be unrelated to
the authorization) separately will make it easier to debug.

Fixes #27974
 2016-07-18 12:06:54 +02:00
deads2k
f6f1ab34aa authorize based on user.Info 2016-07-14 07:48:42 -04:00
Eric Chiang
411922f66c rbac authorizer: include verb in non-resource url requests 2016-07-12 10:01:53 -07:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Eric Chiang
d13e351028 add unit and integration tests for rbac authorizer 2016-06-14 11:07:48 -07:00
Eric Chiang
ef40aa9572 pkg/master: enable certificates API and add rbac authorizer 2016-05-25 14:24:47 -07:00