scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-03 19:58:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #34691 from mbohlool/co2

Browse Source 
Automatic merge from submit-queue

Add authentication to openapi Spec

We need authentication definition in OpenAPI spec to be able to generate a client with authorization.
This commit is contained in:
Kubernetes Submit Queue
2016-10-22 04:23:06 -07:00
committed by GitHub
parent eeae8b5975 cd5643b85c
commit 77c53fd1a1
46 changed files with 7912 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
api/openapi-spec/api.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIVersions" "$ref": "#/definitions/unversioned.APIVersions"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -74,5 +77,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

18
api/openapi-spec/apis.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIGroupList" "$ref": "#/definitions/unversioned.APIGroupList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -115,5 +118,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

18
api/openapi-spec/apps.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIGroup" "$ref": "#/definitions/unversioned.APIGroup"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -100,5 +103,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

18
api/openapi-spec/authentication.k8s.io.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIGroup" "$ref": "#/definitions/unversioned.APIGroup"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -100,5 +103,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

18
api/openapi-spec/authorization.k8s.io.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIGroup" "$ref": "#/definitions/unversioned.APIGroup"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -100,5 +103,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

18
api/openapi-spec/autoscaling.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIGroup" "$ref": "#/definitions/unversioned.APIGroup"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -100,5 +103,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

18
api/openapi-spec/batch.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIGroup" "$ref": "#/definitions/unversioned.APIGroup"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -100,5 +103,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

18
api/openapi-spec/certificates.k8s.io.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIGroup" "$ref": "#/definitions/unversioned.APIGroup"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -100,5 +103,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

18
api/openapi-spec/extensions.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIGroup" "$ref": "#/definitions/unversioned.APIGroup"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -100,5 +103,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

23
api/openapi-spec/logs.json
View File

@@ -12,8 +12,8 @@
], ],
"operationId": "logFileListHandler", "operationId": "logFileListHandler",
"responses": { "responses": {
"default": { "401": {
"description": "Default Response." "description": "Unauthorized"
} }
} }
} }
@@ -25,8 +25,8 @@
], ],
"operationId": "logFileHandler", "operationId": "logFileHandler",
"responses": { "responses": {
"default": { "401": {
"description": "Default Response." "description": "Unauthorized"
} }
} }
}, },
@@ -42,5 +42,18 @@
] ]
} }
}, },
"definitions": {} "definitions": {},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

18
api/openapi-spec/policy.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIGroup" "$ref": "#/definitions/unversioned.APIGroup"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -100,5 +103,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

18
api/openapi-spec/rbac.authorization.k8s.io.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIGroup" "$ref": "#/definitions/unversioned.APIGroup"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -100,5 +103,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

1610
api/openapi-spec/root_swagger.json
View File

File diff suppressed because it is too large Load Diff

18
api/openapi-spec/storage.k8s.io.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIGroup" "$ref": "#/definitions/unversioned.APIGroup"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -100,5 +103,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

60
api/openapi-spec/v1.autoscaling.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIResourceList" "$ref": "#/definitions/unversioned.APIResourceList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -53,6 +56,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscalerList" "$ref": "#/definitions/v1.HorizontalPodAutoscalerList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -159,6 +165,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscalerList" "$ref": "#/definitions/v1.HorizontalPodAutoscalerList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -192,6 +201,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscaler" "$ref": "#/definitions/v1.HorizontalPodAutoscaler"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -252,6 +264,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -310,6 +325,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscaler" "$ref": "#/definitions/v1.HorizontalPodAutoscaler"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -343,6 +361,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscaler" "$ref": "#/definitions/v1.HorizontalPodAutoscaler"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -376,6 +397,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -411,6 +435,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscaler" "$ref": "#/definitions/v1.HorizontalPodAutoscaler"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -461,6 +488,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscaler" "$ref": "#/definitions/v1.HorizontalPodAutoscaler"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -494,6 +524,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscaler" "$ref": "#/definitions/v1.HorizontalPodAutoscaler"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -529,6 +562,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscaler" "$ref": "#/definitions/v1.HorizontalPodAutoscaler"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -580,6 +616,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -650,6 +689,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -728,6 +770,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1216,5 +1261,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

60
api/openapi-spec/v1.batch.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIResourceList" "$ref": "#/definitions/unversioned.APIResourceList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -53,6 +56,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.JobList" "$ref": "#/definitions/v1.JobList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -159,6 +165,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.JobList" "$ref": "#/definitions/v1.JobList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -192,6 +201,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.Job" "$ref": "#/definitions/v1.Job"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -252,6 +264,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -310,6 +325,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.Job" "$ref": "#/definitions/v1.Job"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -343,6 +361,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.Job" "$ref": "#/definitions/v1.Job"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -376,6 +397,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -411,6 +435,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.Job" "$ref": "#/definitions/v1.Job"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -461,6 +488,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.Job" "$ref": "#/definitions/v1.Job"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -494,6 +524,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.Job" "$ref": "#/definitions/v1.Job"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -529,6 +562,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1.Job" "$ref": "#/definitions/v1.Job"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -580,6 +616,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -650,6 +689,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -728,6 +770,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1914,5 +1959,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

828
api/openapi-spec/v1.json
View File

File diff suppressed because it is too large Load Diff

60
api/openapi-spec/v1alpha1.apps.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIResourceList" "$ref": "#/definitions/unversioned.APIResourceList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -90,6 +93,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PetSetList" "$ref": "#/definitions/v1alpha1.PetSetList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -123,6 +129,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PetSet" "$ref": "#/definitions/v1alpha1.PetSet"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -183,6 +192,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -241,6 +253,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PetSet" "$ref": "#/definitions/v1alpha1.PetSet"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -274,6 +289,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PetSet" "$ref": "#/definitions/v1alpha1.PetSet"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -307,6 +325,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -342,6 +363,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PetSet" "$ref": "#/definitions/v1alpha1.PetSet"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -392,6 +416,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PetSet" "$ref": "#/definitions/v1alpha1.PetSet"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -425,6 +452,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PetSet" "$ref": "#/definitions/v1alpha1.PetSet"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -460,6 +490,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PetSet" "$ref": "#/definitions/v1alpha1.PetSet"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -510,6 +543,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PetSetList" "$ref": "#/definitions/v1alpha1.PetSetList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -580,6 +616,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -658,6 +697,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -744,6 +786,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1923,5 +1968,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

51
api/openapi-spec/v1alpha1.certificates.k8s.io.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIResourceList" "$ref": "#/definitions/unversioned.APIResourceList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -90,6 +93,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.CertificateSigningRequestList" "$ref": "#/definitions/v1alpha1.CertificateSigningRequestList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -123,6 +129,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.CertificateSigningRequest" "$ref": "#/definitions/v1alpha1.CertificateSigningRequest"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -183,6 +192,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -233,6 +245,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.CertificateSigningRequest" "$ref": "#/definitions/v1alpha1.CertificateSigningRequest"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -266,6 +281,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.CertificateSigningRequest" "$ref": "#/definitions/v1alpha1.CertificateSigningRequest"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -299,6 +317,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -334,6 +355,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.CertificateSigningRequest" "$ref": "#/definitions/v1alpha1.CertificateSigningRequest"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -376,6 +400,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.CertificateSigningRequest" "$ref": "#/definitions/v1alpha1.CertificateSigningRequest"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -426,6 +453,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.CertificateSigningRequest" "$ref": "#/definitions/v1alpha1.CertificateSigningRequest"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -477,6 +507,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -547,6 +580,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1006,5 +1042,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

60
api/openapi-spec/v1alpha1.policy.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIResourceList" "$ref": "#/definitions/unversioned.APIResourceList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -90,6 +93,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudgetList" "$ref": "#/definitions/v1alpha1.PodDisruptionBudgetList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -123,6 +129,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudget" "$ref": "#/definitions/v1alpha1.PodDisruptionBudget"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -183,6 +192,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -241,6 +253,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudget" "$ref": "#/definitions/v1alpha1.PodDisruptionBudget"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -274,6 +289,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudget" "$ref": "#/definitions/v1alpha1.PodDisruptionBudget"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -307,6 +325,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -342,6 +363,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudget" "$ref": "#/definitions/v1alpha1.PodDisruptionBudget"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -392,6 +416,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudget" "$ref": "#/definitions/v1alpha1.PodDisruptionBudget"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -425,6 +452,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudget" "$ref": "#/definitions/v1alpha1.PodDisruptionBudget"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -460,6 +490,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudget" "$ref": "#/definitions/v1alpha1.PodDisruptionBudget"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -510,6 +543,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudgetList" "$ref": "#/definitions/v1alpha1.PodDisruptionBudgetList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -580,6 +616,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -658,6 +697,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -744,6 +786,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1221,5 +1266,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

138
api/openapi-spec/v1alpha1.rbac.authorization.k8s.io.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIResourceList" "$ref": "#/definitions/unversioned.APIResourceList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -90,6 +93,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.ClusterRoleBindingList" "$ref": "#/definitions/v1alpha1.ClusterRoleBindingList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -123,6 +129,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.ClusterRoleBinding" "$ref": "#/definitions/v1alpha1.ClusterRoleBinding"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -183,6 +192,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -217,6 +229,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.ClusterRoleBinding" "$ref": "#/definitions/v1alpha1.ClusterRoleBinding"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -250,6 +265,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.ClusterRoleBinding" "$ref": "#/definitions/v1alpha1.ClusterRoleBinding"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -283,6 +301,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -318,6 +339,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.ClusterRoleBinding" "$ref": "#/definitions/v1alpha1.ClusterRoleBinding"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -397,6 +421,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.ClusterRoleList" "$ref": "#/definitions/v1alpha1.ClusterRoleList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -430,6 +457,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.ClusterRole" "$ref": "#/definitions/v1alpha1.ClusterRole"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -490,6 +520,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -524,6 +557,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.ClusterRole" "$ref": "#/definitions/v1alpha1.ClusterRole"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -557,6 +593,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.ClusterRole" "$ref": "#/definitions/v1alpha1.ClusterRole"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -590,6 +629,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -625,6 +667,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.ClusterRole" "$ref": "#/definitions/v1alpha1.ClusterRole"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -704,6 +749,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.RoleBindingList" "$ref": "#/definitions/v1alpha1.RoleBindingList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -737,6 +785,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.RoleBinding" "$ref": "#/definitions/v1alpha1.RoleBinding"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -797,6 +848,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -839,6 +893,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.RoleBinding" "$ref": "#/definitions/v1alpha1.RoleBinding"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -872,6 +929,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.RoleBinding" "$ref": "#/definitions/v1alpha1.RoleBinding"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -905,6 +965,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -940,6 +1003,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.RoleBinding" "$ref": "#/definitions/v1alpha1.RoleBinding"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1027,6 +1093,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.RoleList" "$ref": "#/definitions/v1alpha1.RoleList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1060,6 +1129,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.Role" "$ref": "#/definitions/v1alpha1.Role"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1120,6 +1192,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1162,6 +1237,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.Role" "$ref": "#/definitions/v1alpha1.Role"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1195,6 +1273,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.Role" "$ref": "#/definitions/v1alpha1.Role"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1228,6 +1309,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1263,6 +1347,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.Role" "$ref": "#/definitions/v1alpha1.Role"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1313,6 +1400,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.RoleBindingList" "$ref": "#/definitions/v1alpha1.RoleBindingList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1382,6 +1472,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1alpha1.RoleList" "$ref": "#/definitions/v1alpha1.RoleList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1452,6 +1545,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1522,6 +1618,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1600,6 +1699,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1670,6 +1772,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1748,6 +1853,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1826,6 +1934,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1912,6 +2023,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -1990,6 +2104,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -2076,6 +2193,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -2146,6 +2266,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -2756,5 +2879,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

21
api/openapi-spec/v1beta1.authentication.k8s.io.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIResourceList" "$ref": "#/definitions/unversioned.APIResourceList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -53,6 +56,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1beta1.TokenReview" "$ref": "#/definitions/v1beta1.TokenReview"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -307,5 +313,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

27
api/openapi-spec/v1beta1.authorization.k8s.io.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIResourceList" "$ref": "#/definitions/unversioned.APIResourceList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -53,6 +56,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1beta1.LocalSubjectAccessReview" "$ref": "#/definitions/v1beta1.LocalSubjectAccessReview"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -103,6 +109,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1beta1.SelfSubjectAccessReview" "$ref": "#/definitions/v1beta1.SelfSubjectAccessReview"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -145,6 +154,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1beta1.SubjectAccessReview" "$ref": "#/definitions/v1beta1.SubjectAccessReview"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -494,5 +506,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

360
api/openapi-spec/v1beta1.extensions.json
View File

File diff suppressed because it is too large Load Diff

45
api/openapi-spec/v1beta1.storage.k8s.io.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIResourceList" "$ref": "#/definitions/unversioned.APIResourceList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -90,6 +93,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1beta1.StorageClassList" "$ref": "#/definitions/v1beta1.StorageClassList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -123,6 +129,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1beta1.StorageClass" "$ref": "#/definitions/v1beta1.StorageClass"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -183,6 +192,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -233,6 +245,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1beta1.StorageClass" "$ref": "#/definitions/v1beta1.StorageClass"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -266,6 +281,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1beta1.StorageClass" "$ref": "#/definitions/v1beta1.StorageClass"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -299,6 +317,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.Status" "$ref": "#/definitions/unversioned.Status"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -334,6 +355,9 @@
"schema": { "schema": {
"$ref": "#/definitions/v1beta1.StorageClass" "$ref": "#/definitions/v1beta1.StorageClass"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -377,6 +401,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -447,6 +474,9 @@
"schema": { "schema": {
"$ref": "#/definitions/versioned.Event" "$ref": "#/definitions/versioned.Event"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
}, },
@@ -851,5 +881,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

18
api/openapi-spec/v2alpha1.batch.json
View File

@@ -28,6 +28,9 @@
"schema": { "schema": {
"$ref": "#/definitions/unversioned.APIResourceList" "$ref": "#/definitions/unversioned.APIResourceList"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -76,5 +79,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

18
api/openapi-spec/version.json
View File

@@ -24,6 +24,9 @@
"schema": { "schema": {
"$ref": "#/definitions/version.Info" "$ref": "#/definitions/version.Info"
} }
},
"401": {
"description": "Unauthorized"
} }
} }
} }
@@ -73,5 +76,18 @@
} }
} }
} }
} },
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
} }

3
cmd/kube-apiserver/app/server.go
View File

@@ -216,7 +216,7 @@ func Run(s *options.APIServer) error {
serviceAccountGetter = serviceaccountcontroller.NewGetterFromStorageInterface(storageConfig, storageFactory.ResourcePrefix(api.Resource("serviceaccounts")), storageFactory.ResourcePrefix(api.Resource("secrets"))) serviceAccountGetter = serviceaccountcontroller.NewGetterFromStorageInterface(storageConfig, storageFactory.ResourcePrefix(api.Resource("serviceaccounts")), storageFactory.ResourcePrefix(api.Resource("secrets")))
} }
apiAuthenticator, err := authenticator.New(authenticator.AuthenticatorConfig{ apiAuthenticator, securityDefinitions, err := authenticator.New(authenticator.AuthenticatorConfig{
Anonymous: s.AnonymousAuth, Anonymous: s.AnonymousAuth,
AnyToken: s.EnableAnyToken, AnyToken: s.EnableAnyToken,
BasicAuthFile: s.BasicAuthFile, BasicAuthFile: s.BasicAuthFile,
@@ -309,6 +309,7 @@ func Run(s *options.APIServer) error {
genericConfig.OpenAPIConfig.Definitions = generatedopenapi.OpenAPIDefinitions genericConfig.OpenAPIConfig.Definitions = generatedopenapi.OpenAPIDefinitions
genericConfig.OpenAPIConfig.GetOperationID = openapi.GetOperationID genericConfig.OpenAPIConfig.GetOperationID = openapi.GetOperationID
genericConfig.EnableOpenAPISupport = true genericConfig.EnableOpenAPISupport = true
genericConfig.OpenAPIConfig.SecurityDefinitions = securityDefinitions
config := &master.Config{ config := &master.Config{
GenericConfig: genericConfig.Config, GenericConfig: genericConfig.Config,

18
federation/apis/openapi-spec/api.json
View File

@@ -74,5 +74,23 @@
} }
} }
} }
},
"securityDefinitions": {
"HTTPBasic": {
"description": "HTTP Basic authentication",
"type": "basic"
},
"LoopbackTokenBearer": {
"description": "LoopbackToken Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
},
"TokenBearer": {
"description": "Token Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
} }
} }

18
federation/apis/openapi-spec/apis.json
View File

@@ -115,5 +115,23 @@
} }
} }
} }
},
"securityDefinitions": {
"HTTPBasic": {
"description": "HTTP Basic authentication",
"type": "basic"
},
"LoopbackTokenBearer": {
"description": "LoopbackToken Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
},
"TokenBearer": {
"description": "Token Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
} }
} }

18
federation/apis/openapi-spec/extensions.json
View File

@@ -100,5 +100,23 @@
} }
} }
} }
},
"securityDefinitions": {
"HTTPBasic": {
"description": "HTTP Basic authentication",
"type": "basic"
},
"LoopbackTokenBearer": {
"description": "LoopbackToken Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
},
"TokenBearer": {
"description": "Token Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
} }
} }

18
federation/apis/openapi-spec/federation.json
View File

@@ -100,5 +100,23 @@
} }
} }
} }
},
"securityDefinitions": {
"HTTPBasic": {
"description": "HTTP Basic authentication",
"type": "basic"
},
"LoopbackTokenBearer": {
"description": "LoopbackToken Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
},
"TokenBearer": {
"description": "Token Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
} }
} }

20
federation/apis/openapi-spec/logs.json
View File

@@ -42,5 +42,23 @@
] ]
} }
}, },
"definitions": {} "definitions": {},
"securityDefinitions": {
"HTTPBasic": {
"description": "HTTP Basic authentication",
"type": "basic"
},
"LoopbackTokenBearer": {
"description": "LoopbackToken Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
},
"TokenBearer": {
"description": "Token Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
}
} }

2185
federation/apis/openapi-spec/root_swagger.json
View File

File diff suppressed because it is too large Load Diff

18
federation/apis/openapi-spec/v1.json
View File

@@ -3398,5 +3398,23 @@
} }
} }
} }
},
"securityDefinitions": {
"HTTPBasic": {
"description": "HTTP Basic authentication",
"type": "basic"
},
"LoopbackTokenBearer": {
"description": "LoopbackToken Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
},
"TokenBearer": {
"description": "Token Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
} }
} }

2011
federation/apis/openapi-spec/v1beta1.extensions.json
View File

File diff suppressed because it is too large Load Diff

18
federation/apis/openapi-spec/v1beta1.federation.json
View File

@@ -996,5 +996,23 @@
} }
} }
} }
},
"securityDefinitions": {
"HTTPBasic": {
"description": "HTTP Basic authentication",
"type": "basic"
},
"LoopbackTokenBearer": {
"description": "LoopbackToken Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
},
"TokenBearer": {
"description": "Token Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
} }
} }

18
federation/apis/openapi-spec/version.json
View File

@@ -73,5 +73,23 @@
} }
} }
} }
},
"securityDefinitions": {
"HTTPBasic": {
"description": "HTTP Basic authentication",
"type": "basic"
},
"LoopbackTokenBearer": {
"description": "LoopbackToken Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
},
"TokenBearer": {
"description": "Token Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
} }
} }

3
federation/cmd/federation-apiserver/app/server.go
View File

@@ -117,7 +117,7 @@ func Run(s *options.ServerRunOptions) error {
storageFactory.SetEtcdLocation(groupResource, servers) storageFactory.SetEtcdLocation(groupResource, servers)
} }
apiAuthenticator, err := authenticator.New(authenticator.AuthenticatorConfig{ apiAuthenticator, securityDefinitions, err := authenticator.New(authenticator.AuthenticatorConfig{
Anonymous: s.AnonymousAuth, Anonymous: s.AnonymousAuth,
AnyToken: s.EnableAnyToken, AnyToken: s.EnableAnyToken,
BasicAuthFile: s.BasicAuthFile, BasicAuthFile: s.BasicAuthFile,
@@ -200,6 +200,7 @@ func Run(s *options.ServerRunOptions) error {
// this method does not provide good operation IDs for federation, we should create federation's own GetOperationID. // this method does not provide good operation IDs for federation, we should create federation's own GetOperationID.
genericConfig.OpenAPIConfig.GetOperationID = apiserveropenapi.GetOperationID genericConfig.OpenAPIConfig.GetOperationID = apiserveropenapi.GetOperationID
genericConfig.EnableOpenAPISupport = true genericConfig.EnableOpenAPISupport = true
genericConfig.OpenAPIConfig.SecurityDefinitions = securityDefinitions
// TODO: Move this to generic api server (Need to move the command line flag). // TODO: Move this to generic api server (Need to move the command line flag).
if s.EnableWatchCache { if s.EnableWatchCache {

4
hack/update-federation-openapi-spec.sh
View File

@@ -42,6 +42,7 @@ trap cleanup EXIT SIGINT
kube::golang::setup_env kube::golang::setup_env
TMP_DIR=$(mktemp -d /tmp/update-federation-openapi-spec.XXXX)
ETCD_HOST=${ETCD_HOST:-127.0.0.1} ETCD_HOST=${ETCD_HOST:-127.0.0.1}
ETCD_PORT=${ETCD_PORT:-2379} ETCD_PORT=${ETCD_PORT:-2379}
API_PORT=${API_PORT:-8050} API_PORT=${API_PORT:-8050}
@@ -49,6 +50,8 @@ API_HOST=${API_HOST:-127.0.0.1}
kube::etcd::start kube::etcd::start
echo "dummy_token,admin,admin" > $TMP_DIR/tokenauth.csv
# Start federation-apiserver # Start federation-apiserver
kube::log::status "Starting federation-apiserver" kube::log::status "Starting federation-apiserver"
"${KUBE_OUTPUT_HOSTBIN}/hyperkube" federation-apiserver \ "${KUBE_OUTPUT_HOSTBIN}/hyperkube" federation-apiserver \
@@ -57,6 +60,7 @@ kube::log::status "Starting federation-apiserver"
--insecure-port="${API_PORT}" \ --insecure-port="${API_PORT}" \
--etcd-servers="http://${ETCD_HOST}:${ETCD_PORT}" \ --etcd-servers="http://${ETCD_HOST}:${ETCD_PORT}" \
--advertise-address="10.10.10.10" \ --advertise-address="10.10.10.10" \
--token-auth-file=$TMP_DIR/tokenauth.csv \
--service-cluster-ip-range="10.0.0.0/24" >/tmp/openapi-federation-api-server.log 2>&1 & --service-cluster-ip-range="10.0.0.0/24" >/tmp/openapi-federation-api-server.log 2>&1 &
APISERVER_PID=$! APISERVER_PID=$!
kube::util::wait_for_url "${API_HOST}:${API_PORT}/" "apiserver: " kube::util::wait_for_url "${API_HOST}:${API_PORT}/" "apiserver: "

3
hack/update-openapi-spec.sh
View File

@@ -52,6 +52,8 @@ API_HOST=${API_HOST:-127.0.0.1}
kube::etcd::start kube::etcd::start
echo "dummy_token,admin,admin" > $TMP_DIR/tokenauth.csv
# Start kube-apiserver # Start kube-apiserver
kube::log::status "Starting kube-apiserver" kube::log::status "Starting kube-apiserver"
"${KUBE_OUTPUT_HOSTBIN}/kube-apiserver" \ "${KUBE_OUTPUT_HOSTBIN}/kube-apiserver" \
@@ -61,6 +63,7 @@ kube::log::status "Starting kube-apiserver"
--etcd-servers="http://${ETCD_HOST}:${ETCD_PORT}" \ --etcd-servers="http://${ETCD_HOST}:${ETCD_PORT}" \
--advertise-address="10.10.10.10" \ --advertise-address="10.10.10.10" \
--cert-dir="${TMP_DIR}/certs" \ --cert-dir="${TMP_DIR}/certs" \
--token-auth-file=$TMP_DIR/tokenauth.csv \
--service-cluster-ip-range="10.0.0.0/24" >/tmp/openapi-api-server.log 2>&1 & --service-cluster-ip-range="10.0.0.0/24" >/tmp/openapi-api-server.log 2>&1 &
APISERVER_PID=$! APISERVER_PID=$!

1
pkg/apiserver/authenticator/BUILD
View File

@@ -31,5 +31,6 @@ go_library(
"//plugin/pkg/auth/authenticator/token/oidc:go_default_library", "//plugin/pkg/auth/authenticator/token/oidc:go_default_library",
"//plugin/pkg/auth/authenticator/token/tokenfile:go_default_library", "//plugin/pkg/auth/authenticator/token/tokenfile:go_default_library",
"//plugin/pkg/auth/authenticator/token/webhook:go_default_library", "//plugin/pkg/auth/authenticator/token/webhook:go_default_library",
"//vendor:github.com/go-openapi/spec",
], ],
) )

54
pkg/apiserver/authenticator/authn.go
View File

@@ -19,6 +19,8 @@ package authenticator
import ( import (
"time" "time"
"github.com/go-openapi/spec"
"k8s.io/kubernetes/pkg/auth/authenticator" "k8s.io/kubernetes/pkg/auth/authenticator"
"k8s.io/kubernetes/pkg/auth/authenticator/bearertoken" "k8s.io/kubernetes/pkg/auth/authenticator/bearertoken"
"k8s.io/kubernetes/pkg/auth/group" "k8s.io/kubernetes/pkg/auth/group"
@@ -58,30 +60,35 @@ type AuthenticatorConfig struct {
// New returns an authenticator.Request or an error that supports the standard // New returns an authenticator.Request or an error that supports the standard
// Kubernetes authentication mechanisms. // Kubernetes authentication mechanisms.
func New(config AuthenticatorConfig) (authenticator.Request, error) { func New(config AuthenticatorConfig) (authenticator.Request, *spec.SecurityDefinitions, error) {
var authenticators []authenticator.Request var authenticators []authenticator.Request
securityDefinitions := spec.SecurityDefinitions{}
hasBasicAuth := false
hasTokenAuth := false
// BasicAuth methods, local first, then remote // BasicAuth methods, local first, then remote
if len(config.BasicAuthFile) > 0 { if len(config.BasicAuthFile) > 0 {
basicAuth, err := newAuthenticatorFromBasicAuthFile(config.BasicAuthFile) basicAuth, err := newAuthenticatorFromBasicAuthFile(config.BasicAuthFile)
if err != nil { if err != nil {
return nil, err return nil, nil, err
} }
authenticators = append(authenticators, basicAuth) authenticators = append(authenticators, basicAuth)
hasBasicAuth = true
} }
if len(config.KeystoneURL) > 0 { if len(config.KeystoneURL) > 0 {
keystoneAuth, err := newAuthenticatorFromKeystoneURL(config.KeystoneURL) keystoneAuth, err := newAuthenticatorFromKeystoneURL(config.KeystoneURL)
if err != nil { if err != nil {
return nil, err return nil, nil, err
} }
authenticators = append(authenticators, keystoneAuth) authenticators = append(authenticators, keystoneAuth)
hasBasicAuth = true
} }
// X509 methods // X509 methods
if len(config.ClientCAFile) > 0 { if len(config.ClientCAFile) > 0 {
certAuth, err := newAuthenticatorFromClientCAFile(config.ClientCAFile) certAuth, err := newAuthenticatorFromClientCAFile(config.ClientCAFile)
if err != nil { if err != nil {
return nil, err return nil, nil, err
} }
authenticators = append(authenticators, certAuth) authenticators = append(authenticators, certAuth)
} }
@@ -90,16 +97,18 @@ func New(config AuthenticatorConfig) (authenticator.Request, error) {
if len(config.TokenAuthFile) > 0 { if len(config.TokenAuthFile) > 0 {
tokenAuth, err := newAuthenticatorFromTokenFile(config.TokenAuthFile) tokenAuth, err := newAuthenticatorFromTokenFile(config.TokenAuthFile)
if err != nil { if err != nil {
return nil, err return nil, nil, err
} }
authenticators = append(authenticators, tokenAuth) authenticators = append(authenticators, tokenAuth)
hasTokenAuth = true
} }
if len(config.ServiceAccountKeyFiles) > 0 { if len(config.ServiceAccountKeyFiles) > 0 {
serviceAccountAuth, err := newServiceAccountAuthenticator(config.ServiceAccountKeyFiles, config.ServiceAccountLookup, config.ServiceAccountTokenGetter) serviceAccountAuth, err := newServiceAccountAuthenticator(config.ServiceAccountKeyFiles, config.ServiceAccountLookup, config.ServiceAccountTokenGetter)
if err != nil { if err != nil {
return nil, err return nil, nil, err
} }
authenticators = append(authenticators, serviceAccountAuth) authenticators = append(authenticators, serviceAccountAuth)
hasTokenAuth = true
} }
// NOTE(ericchiang): Keep the OpenID Connect after Service Accounts. // NOTE(ericchiang): Keep the OpenID Connect after Service Accounts.
// //
@@ -110,32 +119,55 @@ func New(config AuthenticatorConfig) (authenticator.Request, error) {
if len(config.OIDCIssuerURL) > 0 && len(config.OIDCClientID) > 0 { if len(config.OIDCIssuerURL) > 0 && len(config.OIDCClientID) > 0 {
oidcAuth, err := newAuthenticatorFromOIDCIssuerURL(config.OIDCIssuerURL, config.OIDCClientID, config.OIDCCAFile, config.OIDCUsernameClaim, config.OIDCGroupsClaim) oidcAuth, err := newAuthenticatorFromOIDCIssuerURL(config.OIDCIssuerURL, config.OIDCClientID, config.OIDCCAFile, config.OIDCUsernameClaim, config.OIDCGroupsClaim)
if err != nil { if err != nil {
return nil, err return nil, nil, err
} }
authenticators = append(authenticators, oidcAuth) authenticators = append(authenticators, oidcAuth)
hasTokenAuth = true
} }
if len(config.WebhookTokenAuthnConfigFile) > 0 { if len(config.WebhookTokenAuthnConfigFile) > 0 {
webhookTokenAuth, err := newWebhookTokenAuthenticator(config.WebhookTokenAuthnConfigFile, config.WebhookTokenAuthnCacheTTL) webhookTokenAuth, err := newWebhookTokenAuthenticator(config.WebhookTokenAuthnConfigFile, config.WebhookTokenAuthnCacheTTL)
if err != nil { if err != nil {
return nil, err return nil, nil, err
} }
authenticators = append(authenticators, webhookTokenAuth) authenticators = append(authenticators, webhookTokenAuth)
hasTokenAuth = true
} }
// always add anytoken last, so that every other token authenticator gets to try first // always add anytoken last, so that every other token authenticator gets to try first
if config.AnyToken { if config.AnyToken {
authenticators = append(authenticators, bearertoken.New(anytoken.AnyTokenAuthenticator{})) authenticators = append(authenticators, bearertoken.New(anytoken.AnyTokenAuthenticator{}))
hasTokenAuth = true
}
if hasBasicAuth {
securityDefinitions["HTTPBasic"] = &spec.SecurityScheme{
SecuritySchemeProps: spec.SecuritySchemeProps{
Type: "basic",
Description: "HTTP Basic authentication",
},
}
}
if hasTokenAuth {
securityDefinitions["BearerToken"] = &spec.SecurityScheme{
SecuritySchemeProps: spec.SecuritySchemeProps{
Type: "apiKey",
Name: "authorization",
In: "header",
Description: "Bearer Token authentication",
},
}
} }
if len(authenticators) == 0 { if len(authenticators) == 0 {
if config.Anonymous { if config.Anonymous {
return anonymous.NewAuthenticator(), nil return anonymous.NewAuthenticator(), &securityDefinitions, nil
} }
} }
switch len(authenticators) { switch len(authenticators) {
case 0: case 0:
return nil, nil return nil, &securityDefinitions, nil
} }
authenticator := union.New(authenticators...) authenticator := union.New(authenticators...)
@@ -147,7 +179,7 @@ func New(config AuthenticatorConfig) (authenticator.Request, error) {
authenticator = union.NewFailOnError(authenticator, anonymous.NewAuthenticator()) authenticator = union.NewFailOnError(authenticator, anonymous.NewAuthenticator())
} }
return authenticator, nil return authenticator, &securityDefinitions, nil
} }
// IsValidServiceAccountKeyFile returns true if a valid public RSA key can be read from the given file // IsValidServiceAccountKeyFile returns true if a valid public RSA key can be read from the given file

23
pkg/genericapiserver/config.go
View File

@@ -24,6 +24,7 @@ import (
"os" "os"
"path" "path"
"regexp" "regexp"
"sort"
"strconv" "strconv"
"strings" "strings"
"time" "time"
@@ -331,6 +332,28 @@ func (c *Config) Complete() completedConfig {
} }
c.ExternalHost = hostAndPort c.ExternalHost = hostAndPort
} }
// All APIs will have the same authentication for now.
if c.OpenAPIConfig != nil && c.OpenAPIConfig.SecurityDefinitions != nil {
c.OpenAPIConfig.DefaultSecurity = []map[string][]string{}
keys := []string{}
for k := range *c.OpenAPIConfig.SecurityDefinitions {
keys = append(keys, k)
}
sort.Strings(keys)
for _, k := range keys {
c.OpenAPIConfig.DefaultSecurity = append(c.OpenAPIConfig.DefaultSecurity, map[string][]string{k: {}})
}
if c.OpenAPIConfig.CommonResponses == nil {
c.OpenAPIConfig.CommonResponses = map[int]spec.Response{}
}
if _, exists := c.OpenAPIConfig.CommonResponses[http.StatusUnauthorized]; !exists {
c.OpenAPIConfig.CommonResponses[http.StatusUnauthorized] = spec.Response{
ResponseProps: spec.ResponseProps{
Description: "Unauthorized",
},
}
}
}
return completedConfig{c} return completedConfig{c}
} }

14
pkg/genericapiserver/openapi/common/common.go
View File

@@ -45,9 +45,15 @@ type Config struct {
// Info is general information about the API. // Info is general information about the API.
Info *spec.Info Info *spec.Info
// DefaultResponse will be used if an operation does not have any responses listed. It // DefaultResponse will be used if an operation does not have any responses listed. It
// will show up as ... "responses" : {"default" : $DefaultResponse} in the spec. // will show up as ... "responses" : {"default" : $DefaultResponse} in the spec.
DefaultResponse *spec.Response DefaultResponse *spec.Response
// CommonResponses will be added as a response to all operation specs. This is a good place to add common
// responses such as authorization failed.
CommonResponses map[int]spec.Response
// List of webservice's path prefixes to ignore // List of webservice's path prefixes to ignore
IgnorePrefixes []string IgnorePrefixes []string
@@ -57,6 +63,14 @@ type Config struct {
// GetOperationID returns operation id for a restful route. It is an optional function to customize operation IDs. // GetOperationID returns operation id for a restful route. It is an optional function to customize operation IDs.
GetOperationID func(servePath string, r *restful.Route) (string, error) GetOperationID func(servePath string, r *restful.Route) (string, error)
// SecurityDefinitions is list of all security definitions for OpenAPI service. If this is not nil, the user of config
// is responsible to provide DefaultSecurity and (maybe) add unauthorized response to CommonResponses.
SecurityDefinitions *spec.SecurityDefinitions
// DefaultSecurity for all operations. This will pass as spec.SwaggerProps.Security to OpenAPI.
// For most cases, this will be list of acceptable definitions in SecurityDefinitions.
DefaultSecurity []map[string][]string
} }
// This function is a reference for converting go (or any custom type) to a simple open API type,format pair. There are // This function is a reference for converting go (or any custom type) to a simple open API type,format pair. There are

12
pkg/genericapiserver/openapi/openapi.go
View File

@@ -78,10 +78,17 @@ func (o *openAPI) init(webServices []*restful.WebService) error {
return r.Operation, nil return r.Operation, nil
} }
} }
if o.config.CommonResponses == nil {
o.config.CommonResponses = map[int]spec.Response{}
}
err := o.buildPaths(webServices) err := o.buildPaths(webServices)
if err != nil { if err != nil {
return err return err
} }
if o.config.SecurityDefinitions != nil {
o.swagger.SecurityDefinitions = *o.config.SecurityDefinitions
o.swagger.Security = o.config.DefaultSecurity
}
return nil return nil
} }
@@ -227,6 +234,11 @@ func (o *openAPI) buildOperations(route restful.Route, inPathCommonParamsMap map
return ret, err return ret, err
} }
} }
for code, resp := range o.config.CommonResponses {
if _, exists := ret.Responses.StatusCodeResponses[code]; !exists {
ret.Responses.StatusCodeResponses[code] = resp
}
}
// If there is still no response, use default response provided. // If there is still no response, use default response provided.
if len(ret.Responses.StatusCodeResponses) == 0 { if len(ret.Responses.StatusCodeResponses) == 0 {
ret.Responses.Default = o.config.DefaultResponse ret.Responses.Default = o.config.DefaultResponse