github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
54,653 Commits 1 Branch 31 Tags 1,019 MiB
d698404adc
Commit Graph

24 Commits

Author SHA1 Message Date
xilabao
f14c138438 add selfsubjectrulesreview api 2017-09-01 19:09:43 +08:00
Monis Khan
8e7893e541
Refactor RBAC authorizer entry points 
This change refactors various RBAC authorizer functions to be more
flexible in their inputs.  This makes it easier to reuse the various
components that make up the authorizer.

Signed-off-by: Monis Khan <mkhan@redhat.com>
 2017-08-16 11:43:39 -04:00
Jordan Liggitt
e87bce1f8a
Quote groups in deny log message 2017-04-28 12:40:38 -04:00
Jordan Liggitt
67360883bc
Switch to pointer to policy rule, visit and short circuit during authorization 2017-04-20 10:52:53 -04:00
Jordan Liggitt
34782b203d
Add detailed RBAC deny logging 2017-02-15 01:05:43 -05:00
Jordan Liggitt
7f81e2e4ac
Improve RBAC denial audit logging 2017-01-14 17:31:58 -05:00
Dr. Stefan Schimanski
cf60bec396 Split out server side code from pkg/apis/rbac/validation 2017-01-11 18:31:58 +01:00
deads2k
4d7fcae85a mechanicals 2017-01-05 11:14:27 -05:00
deads2k
ca58ec0237 mechanical changes for move 2017-01-04 10:27:05 -05:00
xilabao
9b38eaf98e omit the reason if we don't have an error when using rbac 2017-01-04 11:41:43 +08:00
xilabao
2a77353164 extend err info when authorize failed 2016-12-22 14:47:56 +08:00
deads2k
17f600d671 rbac deny output for e2e tests 2016-12-21 13:51:50 -05:00
deads2k
2923d09091 remove rbac super user 2016-12-05 13:49:54 -05:00
deads2k
e1638f11a3 run authorization from a cache 2016-10-13 07:53:40 -04:00
deads2k
ceaf026881 slim down authorization listing interfaces 2016-10-13 07:50:01 -04:00
deads2k
a2a6423574 separate RESTStorage by API group 2016-09-20 08:00:50 -04:00
deads2k
1943d256d2 make rbac authorizer use rule comparison, not covers 2016-09-16 15:53:42 -04:00
deads2k
1e7adaa5c0 allow restricting subresource access 2016-08-03 08:19:57 -04:00
Michal Rostecki
fa0dd46ab7 Return (bool, error) in Authorizer.Authorize() 
Before this change, Authorize() method was just returning an error,
regardless of whether the user is unauthorized or whether there
is some other unrelated error. Returning boolean with information
about user authorization and error (which should be unrelated to
the authorization) separately will make it easier to debug.

Fixes #27974
 2016-07-18 12:06:54 +02:00
deads2k
f6f1ab34aa authorize based on user.Info 2016-07-14 07:48:42 -04:00
Eric Chiang
411922f66c rbac authorizer: include verb in non-resource url requests 2016-07-12 10:01:53 -07:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Eric Chiang
d13e351028 add unit and integration tests for rbac authorizer 2016-06-14 11:07:48 -07:00
Eric Chiang
ef40aa9572 pkg/master: enable certificates API and add rbac authorizer 2016-05-25 14:24:47 -07:00