Added function to read basic ACL from a CSV file.
Added implementation of Authorize based on that file's policies.
Added docs on authentication and authorization.
Added example file and tested it.
Without this, tests which create a master
will panic with a nil pointer when the periodic
podCache update runs.
Deleted unused FakePodInfoGetter.
Added FakeKubeletClient.
Passed to master.New.
Required a KubeletClient in master.New.
Use some constants for tokens.
Refactor tokenfile creation to function.
Reorder some test cases to make lookups follow creates so they succeed.
Add expected status code to test cases (some are not quite what expected,
so filed bugs #2112, #2113, #2114)
Check expected status codes.
Close Body after each iterations so that we don't run out of file handles
when I add even more test cases in the next PR.
Handle that it is unpredictable whether status 200 or 202 is returned.
Added basic interface for authorizer implementations.
Added default "authorize everything" and "authorize nothing
implementations.
Added authorization check immediately after authentication check.
Added an integration test of authorization at the HTTP level of
abstraction.
Callsites no longer allocate a mux.
Master now exposes method to install handlers
which use the master's auth code. Not used
but forks (openshift) are expected to use these
methods. These methods will later be a point
for additional plug-in functionality.
Integration tests now use the master-provided
handler which has auth, rather than using the mux,
which didn't. Fix TestWhoAmI now that /_whoami
sits behind auth.
Added new endpoint /_whoami for debugging authentication.
Added integration test which checks that a user is authenticated
using token authentication.
Rearranged initialization of authenticator to support preceeding.
