github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
106,685 Commits 1 Branch 31 Tags 1,019 MiB
f4df7d0eb2
Commit Graph

54 Commits

Author SHA1 Message Date
ahrtr
fe95aa614c io/ioutil has already been deprecated in golang 1.16, so replace all ioutil with io and os 2022-02-03 05:32:12 +08:00
Jordan Liggitt
57e0c5969b Fix integration test authenticators to include AllAuthenticated group 2022-01-19 13:21:05 -05:00
jlsong01
3006aa534b fix flake on TestQuotaLimitService 2022-01-19 21:58:57 +08:00
Margo Crawford
d9ddfb26e1 Introduces Impersonate-Uid to client-go. 
* Updates ImpersonationConfig in rest/config.go to include UID
  attribute, and pass it through when copying the config
* Updates ImpersonationConfig in transport/config.go to include UID
  attribute
* In transport/round_tripper.go, Set the "Impersonate-Uid" header in
  requests based on the UID value in the config
* Update auth_test.go integration test to specify a UID through the new
  rest.ImpersonationConfig field rather than manually setting the
  Impersonate-Uid header

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-09-24 14:06:30 -07:00
Kubernetes Prow Robot
e1acbbd8fd
Merge pull request #99961 from margocrawf/master 
Introduce Impersonate-UID header
 2021-07-06 18:46:43 -07:00
Margo Crawford
74f5ed6b17 This introduces an Impersonate-Uid header to server side code. 
UserInfo contains a uid field alongside groups, username and extra.
This change makes it possible to pass a UID through as an impersonation header like you
can with Impersonate-Group, Impersonate-User and Impersonate-Extra.

This PR contains:

* Changes to impersonation.go to parse the Impersonate-Uid header and authorize uid impersonation
* Unit tests for allowed and disallowed impersonation cases
* An integration test that creates a CertificateSigningRequest using impersonation,
  and ensures that the API server populates the correct impersonated spec.uid upon creation.
 2021-07-06 10:13:16 -07:00
Mengjiao Liu
4eab19ae7d Clean up the master term in test/integration comments 2021-06-18 16:31:05 +08:00
Mengjiao Liu
6871b2b3c7 Rename masterConfig to controlPlaneConfig 2021-06-04 20:55:08 +08:00
Mengjiao Liu
387154f1a9 Part3: master to controlplane in test/integration 
Rename RunAMaster to RunAControlPlane
 2021-06-03 11:06:19 +08:00
Mengjiao Liu
c9ec486287 Part of master to controlplane in test/integration 
Rename NewIntegrationTestMasterConfig to NewIntegrationTestControlPlaneConfig
 2021-05-25 13:26:28 +08:00
Abu Kashem
53a1307f68
make backoff parameters configurable for webhook 
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.
 2020-11-01 10:18:25 -05:00
Jefftree
1b38199ea8 pass Dialer instead of egressselector to webhooks 2020-02-27 17:47:23 -08:00
Jefftree
d318e52ffe authentication webhook via network proxy 2020-02-27 17:47:23 -08:00
tanjunchen
264a1cf5f6 staticcheck:test/integration/auth/ 2020-01-07 15:23:19 +08:00
Jordan Liggitt
5d5b444c4d Remove use of testapi codecs, selflink, resourcepath functions 2019-12-13 11:56:29 -05:00
Mike Danese
d16dde36a3 inline GC in expiring cache 
This allows us to drop the background goroutine with negligable
difference in performance.
 2019-11-15 17:50:31 -08:00
Mike Danese
3f194d5b41 migrate token cache to cache.Expiring 2019-11-14 13:50:15 -08:00
Jordan Liggitt
5ef4fe959a Switch kubelet/aggregated API servers to use v1 tokenreviews 2019-11-11 17:19:10 -05:00
Jordan Liggitt
92eb072989 Propagate context to Authorize() calls 2019-09-24 11:14:54 -04:00
Baasbank
d97b7f20f8 fixes golint errors in pkg/printers/storage 
fixes golint errors in pkg/printers

fixes golint errors for pkg/printers/internalversion

implements recommended changes
 2019-05-01 17:02:55 +01:00
Eric Walker
75df4dc04c Remove test/integration/* from hack/.golint_failures 2019-02-28 19:52:39 -07:00
Mike Danese
effad15ecc patch webhook authenticator to support token review with arbitrary audiences 2018-11-16 19:30:42 -05:00
Mike Danese
0ec4d6d396 remove webhook cache implementation and replace with the token cache 
The striped cache used by the token cache is slightly more sophisticated
however the simple cache provides about the same exact behavior. I used
the striped cache rather than the simple cache because:

* It has been used without issue as the primary token cache.
* It preforms better under load.
* It is already exposed in the public API of the token cache package.
 2018-11-05 13:08:45 -08:00
mooncake
4894f5583d Remove the duplicated words in test files 
Signed-off-by: mooncake <xcoder@tenxcloud.com>
 2018-10-05 22:55:16 +08:00
xuzhonghu
70d5af6e7b stop using AlwaysAdmit admission 2018-03-13 20:02:56 +08:00
Mike Danese
7b4722964d remove deprecated /proxy paths 
These were depercated in v1.2.
 2018-02-20 14:42:19 -08:00
Dr. Stefan Schimanski
4e0114b0dd apiserver: make SecureServingOptions and authz/n options re-usable 2018-02-13 11:16:38 +01:00
Dr. Stefan Schimanski
012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Mike Danese
12125455d8 move authorizers over to new interface 2017-11-03 13:46:28 -07:00
Jacob Simpson
8bcbbd4d08 Migrate api.Registry to testapi.Groups in tests. 2017-07-17 15:05:38 -07:00
Chao Xu
60604f8818 run hack/update-all 2017-06-22 11:31:03 -07:00
Chao Xu
cde4772928 run ./root-rewrite-all-other-apis.sh, then run make all, pkg/... compiles 2017-06-22 11:30:52 -07:00
deads2k
be39283923 plumb stopch to post start hook index since many of them are starting go funcs 2017-05-11 09:16:13 -04:00
Mike Danese
21617a60ae don't use build tags to mark integration tests 2017-04-28 14:19:39 -07:00
deads2k
0d8e6b8500 move genericapiserver authenticator and authorizer factories 2017-01-26 08:50:47 -05:00
Dr. Stefan Schimanski
4077e0bba7 genericapiserver: move authn plugins into k8s.io/apiserver 2017-01-24 20:56:03 +01:00
Clayton Coleman
469df12038
refactor: move ListOptions references to metav1 2017-01-23 17:52:46 -05:00
deads2k
cdb2934bbc remove kubernetes copy of clientcmd types 2017-01-19 07:39:19 -05:00
Dr. Stefan Schimanski
bf307d9948 genericapiserver: cut off pkg/serviceaccount dependency 2017-01-17 09:36:10 +01:00
deads2k
f1176d9c5c mechanical repercussions 2017-01-13 08:27:14 -05:00
deads2k
c4fae4e690 mechanical repercussions 2017-01-11 15:20:36 -05:00
deads2k
6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
deads2k
4d7fcae85a mechanicals 2017-01-05 11:14:27 -05:00
deads2k
ca58ec0237 mechanical changes for move 2017-01-04 10:27:05 -05:00
Jordan Liggitt
742ef34484
Convert user/group * to match authenticated users only in ABAC 2016-12-19 13:41:35 -05:00
deads2k
518d5500c7 remove testapi.Default.GroupVersion 2016-10-07 10:10:54 -04:00
Dr. Stefan Schimanski
61409c821b Turn embedding into composition: master.Config.{Config -> GenericConfig} 2016-09-29 08:09:39 +02:00
Eric Chiang
b4eaf625a0 pkg/genericapiserver/options: don't import pkg/apiserver 
Refactor the authorization options for the API server so
pkg/apiserver isn't directly imported by the options package.
 2016-08-18 13:01:50 -07:00
deads2k
60dd4a5d26 interesting changes to add tokenreviews endpoint to implement webhook 2016-08-03 08:37:45 -04:00
Wojciech Tyczynski
4d0d115690 Revert "add tokenreviews endpoint to implement webhook" 2016-07-21 09:40:35 +02:00