Commit Graph

392 Commits

Author SHA1 Message Date
CJ Cullen
36d54b2094 Remove /Validate endpoint 2015-05-26 10:49:18 -07:00
Prashanth Balasubramanian
8a5445d3db Randomize apiserver watch timeouts 2015-05-21 20:52:33 -07:00
Cesar Wong
328b1d0817 Add admission control to the Connect method in the API Server
The resource passed to admission control is a ConnectRequest object
which includes additional information about the current request.
2015-05-21 13:54:45 -04:00
Cesar Wong
68ad63b5e2 Add operation checking to admission control handlers
Adds a new method to the handler interface that returns true only if the
admission control handler handles that operation.
2015-05-21 13:51:43 -04:00
Clayton Coleman
3b10d82864 Merge pull request #8391 from liggitt/etcd_token_lookup
Make serviceaccount/token lookup more flexible
2015-05-18 11:08:30 -04:00
Jordan Liggitt
d90e7409e4 Prevent auth recursion for service account tokens 2015-05-16 23:39:07 -04:00
Paul Weil
aaeb1dad93 expose user info to admission controllers 2015-05-13 21:31:51 -04:00
Nikhil Jindal
d75bd8bf2a Merge pull request #7101 from liggitt/service_account
ServiceAccounts
2015-05-12 10:23:41 -07:00
Jordan Liggitt
db1f0dc906 JWT token generation/verification 2015-05-11 17:18:06 -04:00
Clayton Coleman
ecbca9eb17 Allow v1beta3 to POST events to all namespaces
A namespaced resource that supports ALL may allow creation
on the root (all namespaces) collection, thus adding POST
here.

We need to better formalize the definition of calls on namespaced
resources at the root scope, so Storage objects that do not support
that call pattern can do so at definition time and reject those
calls.
2015-05-11 15:51:05 -04:00
Clayton Coleman
84d1f19016 Subresources should be in their parent rest scope
A subresource like "Binding" does not necessarily have
to have a namespace.  The RESTScope of a subresource
should always be its parent resource.
2015-05-11 15:51:05 -04:00
Clayton Coleman
b2a2ce0bb3 Legacy scope naming should NEVER set namespace for root
... resources.
2015-05-11 15:51:04 -04:00
Satnam Singh
220e754f3e Make the API server deal with HEAD requests 2015-05-08 10:33:51 -07:00
Cesar Wong
fd65427e28 API Server - pass path name in context of create request for subresource
Allows a REST storage for a subresource to obtain name in path from
request.
2015-05-06 13:40:18 -04:00
Eric Paris
6b3a6e6b98 Make copyright ownership statement generic
Instead of saying "Google Inc." (which is not always correct) say "The
Kubernetes Authors", which is generic.
2015-05-01 17:49:56 -04:00
Fabio Yeon
45f85dbf06 Merge pull request #7404 from nikhiljindal/handleIndex
Updating handleIndex to return 404 for invalid server URL
2015-04-28 15:51:04 -07:00
Robert Bailey
6d85dcb4a0 Add support for HTTP basic auth to the kube-apiserver. 2015-04-28 10:33:51 -07:00
Filip Grzadkowski
c1c24f645c Add summary metrics to apiserver for easier debugging and future use in performance tests 2015-04-28 14:27:18 +02:00
nikhiljindal
f864195a5b Returning 404 on invalid server URL 2015-04-27 16:15:52 -07:00
Eric Tune
8a76cbf3d0 Merge pull request #7293 from ashcrow/apiserver_authz_tests
Added basic apiserver authz tests.
2015-04-24 13:05:45 -07:00
Steve Milner
1acbfba576 Added basic apiserver authz tests. 2015-04-24 14:38:34 -04:00
Brian Grant
60d7bad147 Merge pull request #7128 from nikhiljindal/fixbeta1tests
Removing more references to v1beta1 from pkg/
2015-04-24 11:07:53 -07:00
Masahiro Sano
7c371ee36e lower log level on recovering from panic 2015-04-24 22:09:14 +09:00
Wojciech Tyczynski
159a58ddfb Merge pull request #7169 from fgrzadkowski/requests_by_clients
Break request metrics in apiserver by client.
2015-04-24 13:37:50 +02:00
Filip Grzadkowski
8b755c805b Break request metrics in apiserver by client. 2015-04-24 13:16:14 +02:00
nikhiljindal
dcc368c781 Removing more references to v1beta1 from pkg/ 2015-04-24 00:45:17 -07:00
David Oppenheimer
ee11832d71 Merge pull request #7263 from lavalamp/fix4
fix watch of single object
2015-04-23 17:09:59 -07:00
Daniel Smith
2fa3ae9f15 fix watch of single object 2015-04-23 16:02:22 -07:00
nikhiljindal
120904df5f Fixing serviceErrorHandler to use apiVersion specific codec 2015-04-23 14:32:05 -07:00
Xiang Li
405ebf4b1e pkg/apiserver: use httpError in handlers.go 2015-04-21 23:05:56 -07:00
Fabio Yeon
c6ef2ddf8a Fix "validate-cluster.sh" to use "kubectl get componentstatus". 2015-04-17 11:59:53 -07:00
Fabio Yeon
951a125751 Add "componentstatus" to API for easier cluster health check. 2015-04-17 11:58:23 -07:00
Clayton Coleman
b3f03b934d Merge pull request #6869 from csrwng/pod_connect
Pod proxy, portforward and exec subresources
2015-04-17 09:49:12 -04:00
Wojciech Tyczynski
fafcf79d5d Allow more retries in density test 2015-04-17 12:35:56 +02:00
Daniel Smith
636d0682d7 Merge pull request #6830 from derekwaynecarr/improve_error_msg
Improve error message when name is omitted but generateName is available
2015-04-16 17:21:43 -07:00
Brian Grant
a927c239fe Merge pull request #6881 from nikhiljindal/errHandle
Registering a serviceErrorHandler with go-restful to always return JSON responses
2015-04-16 16:44:17 -07:00
nikhiljindal
f9132dc572 Registering serviceErrorHandler with go-restful 2015-04-16 14:59:44 -07:00
Cesar Wong
e09b8c99dc Add URL parameters to proxy redirect Location header
When a URL that doesn't end in "/" is sent to the API proxy,
the proxy responds with a redirect to the URL with a "/" at the
end. The problem is that this redirect path does not include
query parameters that were passed in the original request. This
is a fix to that issue.
2015-04-16 17:57:45 -04:00
derekwaynecarr
81dcd8c836 Improve error message when name is omitted but generateName is available 2015-04-16 13:06:19 -04:00
Cesar Wong
49abf9133e Add Connecter storage interface to API server
Connecter is a type of resource that connects a request
coming from the client to an internal request within the cluster.
It will be used for exposing a pod's proxy, exec, and portforward
endpoints.
2015-04-16 10:20:17 -04:00
Cesar Wong
a3f5dfd0e2 Move proxy html transport to utility package
Moves the proxy html transport that translates html links
from the proxy in apiserver to its own package under util.
2015-04-16 10:20:17 -04:00
David Oppenheimer
6b28a69a1b Clarify comments describing how GuaranteedUpdate() (previously AtomicUpdate() works. Closes #6626. 2015-04-14 15:38:15 -07:00
Nikhil Jindal
60f0c28fd4 Merge pull request #6725 from smarterclayton/support_subpath_on_getter_with_options
Allow subpath on GET for GetterWithOptions
2015-04-13 11:27:41 -07:00
Clayton Coleman
0c8a358de0 Merge pull request #6683 from deads2k/deads-handle-subresources
add support for authorizing subresources
2015-04-13 13:53:54 -04:00
Clayton Coleman
0225d76b6a Support subpath on GET for GetterWithOptions
Allows REST consumers to build paths like:

    /api/v1beta3/namespaces/foo/webhookresource/<name>/<encodedsecretinurl>

Also fixes parameter exposure for subresources (was only fixed for
v1beta3).
2015-04-11 11:20:13 -04:00
deads2k
c17ffb7c4c comments 1: comments 2015-04-10 15:39:20 -04:00
deads2k
72817a0801 add support for authorizing subresources 2015-04-10 12:42:52 -04:00
Brendan Burns
8694f6f550 Add return types to PUT, POST and PATCH methods.
Also add return types for proxy and redirect handlers.
2015-04-09 20:17:05 -07:00
Clayton Coleman
7a6b2ec227 Improve the output of the swagger API for watch events
Stopgap to improve this prior to converting watch resources to
versioned objects.
2015-04-07 10:46:19 -04:00
Cesar Wong
efc7f86baf Add GetterWithOptions and allow stream flushing
In addition to Getter interface, API Installer now supports a
GetterWithOptions interface that takes an additional options object when
getting a resource. A flag is now returned from rest.ResourceStreamer
that indicates whether the streamed response should be
flushed when written back to the client. This is to support log
streaming.
2015-04-07 07:46:30 -04:00