github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
32,351 Commits 1 Branch 31 Tags 1,019 MiB
d6e23b984c
Commit Graph

18 Commits

Author SHA1 Message Date
Michal Rostecki
fa0dd46ab7 Return (bool, error) in Authorizer.Authorize() 
Before this change, Authorize() method was just returning an error,
regardless of whether the user is unauthorized or whether there
is some other unrelated error. Returning boolean with information
about user authorization and error (which should be unrelated to
the authorization) separately will make it easier to debug.

Fixes #27974
 2016-07-18 12:06:54 +02:00
deads2k
f6f1ab34aa authorize based on user.Info 2016-07-14 07:48:42 -04:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
deads2k
02578a7ea7 add missing attributes to authorization interface 2016-03-29 08:46:21 -04:00
Jordan Liggitt
2321651518 Add non-resource and API group support to ABAC authorizer, version ABAC policy rules 2015-12-03 12:31:13 -05:00
Jordan Liggitt
9d6b52881d Add authentication/authorization interfaces to kubelet, always include /metrics with /stats 2015-10-09 03:10:00 -04:00
Jordan Liggitt
e024e55e8e Add verb to authorizer attributes 2015-10-01 23:54:02 -04:00
deads2k
8db054651c plumb APIGroup to authorization attributes and test 2015-09-30 09:45:10 -04:00
Veres Lajos
9f77e49109 typofix - https://github.com/vlajos/misspell_fixer 2015-08-08 22:31:48 +01:00
Mike Danese
8e33cbfa28 rewrite go imports 2015-08-05 17:30:03 -07:00
Jordan Liggitt
92bd58ede6 ServiceAccount e2e/integration tests 2015-05-11 17:18:06 -04:00
Eric Paris
6b3a6e6b98 Make copyright ownership statement generic 
Instead of saying "Google Inc." (which is not always correct) say "The
Kubernetes Authors", which is generic.
 2015-05-01 17:49:56 -04:00
deads2k
8a2fe9bd2b modify policy to correctly identify resource versus kind 2015-02-04 13:36:01 -05:00
Jordan Liggitt
9d8d313113 Initial addition of groups to user/policy 2014-12-18 15:33:45 -05:00
Eric Tune
6e81e8c896 Basic ACL file. 
Added function to read basic ACL from a CSV file.
Added implementation of Authorize based on that file's policies.
Added docs on authentication and authorization.
Added example file and tested it.
 2014-11-05 16:06:22 -08:00
Eric Tune
1668c6f107 Authorization based on namespace, kind, readonly. 
Also, pass Authorizer into master.Config.
 2014-11-03 17:45:15 -08:00
Eric Tune
3045035512 Get user from request and put in authz attribs. 
Added integration tests for user-based auth.
 2014-11-03 16:38:56 -08:00
Eric Tune
55c2d6bbbb Add basic Authorization. 
Added basic interface for authorizer implementations.
Added default "authorize everything" and "authorize nothing
implementations.
Added authorization check immediately after authentication check.
Added an integration test of authorization at the HTTP level of
abstraction.
 2014-10-31 12:04:33 -07:00