github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
7a9ad669243a91c8d794f81e03e9c24c352a72ef
kubernetes/hack
History
Kubernetes Submit Queue c3aac2b938 Merge pull request #38968 from liggitt/anonymous-abac 
Automatic merge from submit-queue (batch tested with PRs 36751, 38968)

Convert * users/groups to system:authenticated group in ABAC

Part of enabling anonymous auth by default in 1.6 means protecting earlier policies that did not intend to grant access to anonymous users.

This modifies ABAC policies that match `user` or `group` `*` to only match authenticated users.

Docs PR to update examples to use `system:authenticated` or `system:unauthenticated` groups explicitly: https://github.com/kubernetes/kubernetes.github.io/pull/1992

```release-note
ABAC policies using "user":"*" or "group":"*" to match all users or groups will only match authenticated requests. To match unauthenticated requests, ABAC policies must explicitly specify "group":"system:unauthenticated"
```
2016-12-20 23:31:43 -08:00
..
boilerplate
bazel: implement set-gen as a bazel genrule
2016-10-27 15:16:30 -07:00
cmd/teststale
e2e-internal
Added MULTIZONE flag to e2e remove master script.
2016-12-19 14:37:42 +01:00
gen-swagger-doc
change the relative links to definition in operations.html to satisfy the new path set in the kubernetes.io
2016-07-29 13:29:34 -07:00
jenkins
Update OWNERS: Create test-infra-maintainers
2016-12-19 15:41:51 -08:00
lib
Merge pull request #38919 from brendandburns/fix
2016-12-20 15:32:40 -08:00
make-rules
Add a KUBERNETES_NODE_* section to build kubelet/kube-proxy for windows
2016-12-17 21:07:18 -08:00
testdata
Remove initialized annotation from statefulset examples
2016-11-23 10:40:42 -08:00
verify-flags
Merge pull request #33965 from euank/coreos-kube-up-now-with-less-cloud-init
2016-12-20 01:13:45 -08:00
.linted_packages
Merge pull request #38968 from liggitt/anonymous-abac
2016-12-20 23:31:43 -08:00
autogenerated_placeholder.txt
benchmark-go.sh
unify newline format for benchmark-go.sh
2016-12-10 01:15:30 -08:00
benchmark-integration.sh
Use make as the main build tool
2016-07-12 21:52:00 -07:00
build-cross.sh
Make releases work
2016-07-12 21:52:54 -07:00
build-go.sh
Use make as the main build tool
2016-07-12 21:52:00 -07:00
build-ui.sh
Cleanup non-rest apiserver handlers
2016-09-15 13:22:45 +02:00
cherry_pick_pull.sh
hack/cherry_pick_pull.sh: cleanup patch files
2016-12-14 14:33:17 -08:00
dev-build-and-push.sh
hack/dev-build-*: Run dev build instead of release build
2016-12-15 10:35:16 -07:00
dev-build-and-up.sh
hack/dev-build-*: Run dev build instead of release build
2016-12-15 10:35:16 -07:00
dev-push-hyperkube.sh
Rename build-tools/ back to build/
2016-12-14 13:42:15 -08:00
e2e-node-test.sh
Use make as the main build tool
2016-07-12 21:52:00 -07:00
e2e.go
hack/e2e.go / kops: Add --kops-admin-access to restrict API access
2016-12-12 23:25:13 -08:00
federated-ginkgo-e2e.sh
generate-bindata.sh
Build vendored copy of go-bindata and use that in go generate step
2016-11-30 22:23:40 -08:00
generate-docs.sh
spell check for test/*
2016-12-14 06:03:00 -08:00
get-build.sh
ginkgo-e2e.sh
[Federation][init-11] Switch federation e2e tests to use the new federation control plane bootstrap via the kubefed init command.
2016-12-16 11:22:44 +05:30
godep-save.sh
Ensure verify-godep passes godep to godep-save
2016-11-02 23:49:30 -07:00
grab-profiles.sh
Make all useage of sort deterministic
2016-10-20 16:47:20 -04:00
install-etcd.sh
list-feature-tests.sh
Make all useage of sort deterministic
2016-10-20 16:47:20 -04:00
local-up-cluster.sh
local-up-cluster changes: added help option, added error message for why docker ps fails and how to recover, added test to check if etcd is in your path to fail fast when not found.
2016-12-16 07:41:35 -08:00
local-up-discovery.sh
add service status detection to kubernetes-discovery
2016-12-19 14:56:20 -05:00
lookup_pull.py
OWNERS
Add jbeda to OWNERS for build, cluster, hack
2016-09-27 14:53:16 -07:00
run-in-gopath.sh
Allow make to run from outside GOPATH
2016-07-15 08:42:12 -07:00
test-cmd.sh
fix hack/test-cmd
2016-08-02 10:27:29 -04:00
test-go.sh
Use make as the main build tool
2016-07-12 21:52:00 -07:00
test-integration.sh
choose a particular directory test-integration
2016-08-26 12:33:06 -04:00
test-update-storage-objects.sh
Remove extensions/v1beta1 Job
2016-12-17 00:07:24 +01:00
update_owners.py
Remove girishkalele from most places
2016-12-05 19:29:34 -05:00
update-all.sh
Sync update-all with verfiy targets
2016-12-05 12:43:54 +01:00
update-api-reference-docs.sh
update generation scripts to share API group version constants
2016-09-22 13:30:41 -04:00
update-bazel.sh
pin gazel to v3
2016-12-12 13:30:06 -08:00
update-codecgen.sh
Make all useage of sort deterministic
2016-10-20 16:47:20 -04:00
update-codegen.sh
update client generation scripts to include batch/Job for federation
2016-12-15 09:58:33 -08:00
update-federation-api-reference-docs.sh
Adding a script to update federation API reference docs
2016-08-31 13:21:42 -07:00
update-federation-generated-swagger-docs.sh
Adding a script to update federation API reference docs
2016-08-31 13:21:42 -07:00
update-federation-openapi-spec.sh
genericapiserver: move MasterCount and service options into master
2016-12-16 17:23:43 +01:00
update-federation-swagger-spec.sh
Handle sudo cleanly with tmp dir in generation
2016-12-10 18:05:37 -05:00
update-generated-docs.sh
Use make as the main build tool
2016-07-12 21:52:00 -07:00
update-generated-protobuf-dockerized.sh
spell check for test/*
2016-12-14 06:03:00 -08:00
update-generated-protobuf.sh
Rename build-tools/ back to build/
2016-12-14 13:42:15 -08:00
update-generated-runtime-dockerized.sh
Make update-generated-runtime work
2016-07-12 21:52:54 -07:00
update-generated-runtime.sh
Rename build-tools/ back to build/
2016-12-14 13:42:15 -08:00
update-generated-swagger-docs.sh
Handle sudo cleanly with tmp dir in generation
2016-12-10 18:05:37 -05:00
update-godep-licenses.sh
make godep licenses/copyright check case insensitive
2016-10-24 18:00:08 -07:00
update-gofmt.sh
Merge pull request #31547 from mbohlool/fix2
2016-09-14 05:35:51 -07:00
update-munge-docs.sh
remove verify-munge-docs.sh
2016-12-07 14:33:34 -08:00
update-openapi-spec.sh
Update OpenAPI spec generator to enable all APIs
2016-11-11 16:29:49 -08:00
update-staging-client-go.sh
add update-staging-client-go.sh and verify-staging-client-go.sh;
2016-10-29 14:20:39 -07:00
update-swagger-spec.sh
update generation scripts to share API group version constants
2016-09-22 13:30:41 -04:00
verify-all.sh
Use make as the main build tool
2016-07-12 21:52:00 -07:00
verify-api-groups.sh
add script to check for updates to the files for generation
2016-11-01 15:59:50 -04:00
verify-api-reference-docs.sh
verify-bazel.sh
pin gazel to v3
2016-12-12 13:30:06 -08:00
verify-boilerplate.sh
Add verbose mode to boilerplate
2016-10-22 21:40:08 -07:00
verify-cli-conventions.sh
Tools for checking CLI conventions
2016-10-17 11:50:02 -02:00
verify-codecgen.sh
add apiregistration types
2016-12-06 13:45:10 -05:00
verify-codegen.sh
add apiregistration types
2016-12-06 13:45:10 -05:00
verify-description.sh
Use make as the main build tool
2016-07-12 21:52:00 -07:00
verify-federation-openapi-spec.sh
Add verify script federation OpenAPI spec generation
2016-11-07 02:41:50 -08:00
verify-flags-underscore.py
ignore BUILD in the flags-underscore.py validation
2016-10-21 17:32:33 -07:00
verify-generated-docs.sh
Use make as the main build tool
2016-07-12 21:52:00 -07:00
verify-generated-protobuf.sh
utils: Use macOS copatible copying method
2016-10-18 11:09:38 +02:00
verify-generated-runtime.sh
add update-staging-client-go.sh and verify-staging-client-go.sh;
2016-10-29 14:20:39 -07:00
verify-generated-swagger-docs.sh
docs generation: Use macos compatible copy method
2016-10-18 11:11:03 +02:00
verify-godep-licenses.sh
verify-godeps.sh
Move godeps to version v74 instead of v73
2016-11-03 00:43:06 -07:00
verify-gofmt.sh
ignore staging in munge scripts
2016-08-24 13:09:13 -07:00
verify-golint.sh
Use LC_ALL=C with sort
2016-10-19 09:47:21 -04:00
verify-govet.sh
Use make as the main build tool
2016-07-12 21:52:00 -07:00
verify-import-boss.sh
Use make as the main build tool
2016-07-12 21:52:00 -07:00
verify-linkcheck.sh
Use make as the main build tool
2016-07-12 21:52:00 -07:00
verify-openapi-spec.sh
verify-openapi-spec.sh should not ignore extra file in the spec folder api/openapi-spec
2016-11-01 01:13:11 -07:00
verify-pkg-names.sh
Fix spelling in package naming linter error message
2016-12-20 15:48:14 -05:00
verify-staging-client-go.sh
add update-staging-client-go.sh and verify-staging-client-go.sh;
2016-10-29 14:20:39 -07:00
verify-swagger-spec.sh
Use make as the main build tool
2016-07-12 21:52:00 -07:00
verify-symbols.sh
spell check for test/*
2016-12-14 06:03:00 -08:00
verify-test-images.sh
Make all useage of sort deterministic
2016-10-20 16:47:20 -04:00
verify-test-owners.sh
Disable the test-owners verify step until the merge conflicts are resolved.
2016-11-02 15:39:06 -07:00