scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-08 06:15:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
52,608 Commits 1 Branch 0 Tags
4a57d68da02705deedcd85608da92b51a004eed1
Commit Graph

91 Commits

Author SHA1 Message Date
deads2k
ec397c4374 convert default predicates to use the default 2017-08-07 09:05:17 -04:00
Shiyang Wang
2eda19da7b Fix NotFound errors do not line up with API endpoint's group version 2017-08-07 16:30:40 +08:00
Kubernetes Submit Queue
8b30aaec39 Merge pull request #47028 from xilabao/compact-same-resourcenamea-rule 
Automatic merge from submit-queue

compact rules which has the same ResourceName

**What this PR does / why we need it**:
make compact rule more elegant.
Before
```
# ./cluster/kubectl.sh describe clusterrole system:kube-scheduler
Name:		system:kube-scheduler
Labels:		kubernetes.io/bootstrapping=rbac-defaults
Annotations:	rbac.authorization.kubernetes.io/autoupdate=true
PolicyRule:
  Resources			Non-Resource URLs	Resource Names		Verbs
  ---------			-----------------	--------------		-----
  bindings			[]			[]			[create]
  endpoints			[]			[]			[create]
  endpoints			[]			[kube-scheduler]	[delete]
  endpoints			[]			[kube-scheduler]	[get]
  endpoints			[]			[kube-scheduler]	[patch]
  endpoints			[]			[kube-scheduler]	[update]
  events			[]			[]			[create patch update]
  nodes				[]			[]			[get list watch]
  persistentvolumeclaims	[]			[]			[get list watch]
  persistentvolumes		[]			[]			[get list watch]
  pods				[]			[]			[get list watch]
  pods/binding			[]			[]			[create]
  pods/status			[]			[]			[update]
  replicasets.extensions	[]			[]			[get list watch]
  replicationcontrollers	[]			[]			[get list watch]
  services			[]			[]			[get list watch]
  statefulsets.apps		[]			[]			[get list watch]
```
After
```
# ./cluster/kubectl.sh describe clusterrole system:kube-scheduler
Name:		system:kube-scheduler
Labels:		kubernetes.io/bootstrapping=rbac-defaults
Annotations:	rbac.authorization.kubernetes.io/autoupdate=true
PolicyRule:
  Resources			Non-Resource URLs	Resource Names		Verbs
  ---------			-----------------	--------------		-----
  bindings			[]			[]			[create]
  endpoints			[]			[]			[create]
  endpoints			[]			[kube-scheduler]	[delete get patch update]
  events			[]			[]			[create patch update]
  nodes				[]			[]			[get list watch]
  persistentvolumeclaims	[]			[]			[get list watch]
  persistentvolumes		[]			[]			[get list watch]
  pods				[]			[]			[get list watch]
  pods/binding			[]			[]			[create]
  pods/status			[]			[]			[update]
  replicasets.extensions	[]			[]			[get list watch]
  replicationcontrollers	[]			[]			[get list watch]
  services			[]			[]			[get list watch]
  statefulsets.apps		[]			[]			[get list watch]
```
**Which issue this PR fixes**:

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
 2017-08-04 05:51:47 -07:00
Monis Khan
f3d9b940bb Allow update to GC fields for RBAC resources 
This change makes it so that no escalation check is performed when
updating only the garbage collector fields (owner references and
finalizers) of RBAC resources.  This allows the
garbage collector to delete roles that grant permissions such
as "create", which it will never have.

Signed-off-by: Monis Khan <mkhan@redhat.com>
 2017-08-01 13:40:10 -04:00
xilabao
bc92f800bd compact rules which has the same ResourceName 2017-07-26 09:14:46 +08:00
Jordan Liggitt
d5730f40cd Ensure namespace exists as part of RBAC reconciliation 2017-07-04 18:24:16 -05:00
Chao Xu
60604f8818 run hack/update-all 2017-06-22 11:31:03 -07:00
Chao Xu
cde4772928 run ./root-rewrite-all-other-apis.sh, then run make all, pkg/... compiles 2017-06-22 11:30:52 -07:00
deads2k
963c85e1c8 sort current API versions and fallback for others 2017-06-14 09:29:44 -04:00
Clayton Coleman
2568a92119 Grow signature for predicate attributes to include init status 2017-06-02 22:09:04 -04:00
Clayton Coleman
331eea67d8 Allow initialization of resources 
Add support for creating resources that are not immediately visible to
naive clients, but must first be initialized by one or more privileged
cluster agents. These controllers can mark the object as initialized,
allowing others to see them.

Permission to override initialization defaults or modify an initializing
object is limited per resource to a virtual subresource "RESOURCE/initialize"
via RBAC.

Initialization is currently alpha.
 2017-06-02 22:09:03 -04:00
xilabao
9fe2ef54ba add policy_compact to rbac validation 2017-05-26 13:22:38 +08:00
Monis Khan
ed35deb69d Default ObjectNameFunc for all REST Stores 
All Stores in Kubernetes follow the same logic for determining the name
of an object.  This change makes it so that CompleteWithOptions defaults
the ObjectNameFunc if it is not specified.  Thus a user does not need to
remember to use ObjectMeta.Name.  Using the wrong field as the name can
lead to an object which has a name that bypasses normal object name
validation.

Signed-off-by: Monis Khan <mkhan@redhat.com>
 2017-04-21 15:47:25 -04:00
Kubernetes Submit Queue
910c9d1ec7 Merge pull request #44729 from liggitt/non-resource-url-test 
Automatic merge from submit-queue

Add nonResourceURL wildcard coverage tests

Ensure `*` covering all paths is tested
 2017-04-21 06:10:26 -07:00
Jordan Liggitt
b2994a297d Add nonResourceURL wildcard coverage tests 2017-04-20 11:43:46 -04:00
Jordan Liggitt
67360883bc Switch to pointer to policy rule, visit and short circuit during authorization 2017-04-20 10:52:53 -04:00
Mike Danese
a05c3c0efd autogenerated 2017-04-14 10:40:57 -07:00
Chao Xu
08aa712a6c move helpers.go to helper 2017-04-11 15:49:11 -07:00
Jordan Liggitt
5d839d0d0b Avoid nil user special-casing in unsecured endpoint 2017-03-31 13:28:59 -04:00
Jordan Liggitt
890894ac4f Disable RBAC post-start hook if not using the RBAC authorizer 2017-03-30 23:30:04 -04:00
Kubernetes Submit Queue
599929657f Merge pull request #42482 from CaoShuFeng/trvial_fix 
Automatic merge from submit-queue

remove extra function call

We have read user info from context in previous line. No need to call
this function again.

**Special notes for your reviewer**:

**Release note**:

```NONE
```
 2017-03-27 07:06:23 -07:00
Jordan Liggitt
7f4e5c5676 Use namespace from context 2017-03-07 14:02:13 -05:00
Cao Shufeng
63346d979c remove extra function call 
We have read user info from context in previous line. No need to call
this function again.
 2017-03-03 08:41:03 -05:00
deads2k
e24b1c0c25 add namespaced role bindings 2017-02-28 13:04:23 -05:00
deads2k
a849df9dff allow reconcilation of namespaced rolebindings 2017-02-28 12:58:29 -05:00
Jordan Liggitt
4127322f23 Restore wait for etcd in rbac initialization 2017-02-27 15:09:47 -05:00
Kubernetes Submit Queue
945b041fab Merge pull request #41165 from nikhiljindal/del202 
Automatic merge from submit-queue (batch tested with PRs 41954, 40528, 41875, 41165, 41877)

Updating apiserver to return 202 when resource is being deleted asynchronously via cascading deletion

As per https://github.com/kubernetes/kubernetes/issues/33196#issuecomment-278440622.

cc @kubernetes/sig-api-machinery-pr-reviews @smarterclayton @caesarxuchao @bgrant0607 @kubernetes/api-reviewers 

```release-note
Updating apiserver to return http status code 202 for a delete request when the resource is not immediately deleted because of user requesting cascading deletion using DeleteOptions.OrphanDependents=false.
```
 2017-02-26 14:54:54 -08:00
deads2k
d5cd40a585 reconcile namespace roles during startup 2017-02-23 11:45:49 -05:00
deads2k
06f5de9d84 make reconcilation generic to handle roles and clusterroles 2017-02-23 08:24:59 -05:00
nikhiljindal
1d32897eed Updating the registry to return whether the resource was immediately deleted 2017-02-21 11:00:35 -08:00
Dr. Stefan Schimanski
0e9c1f75bf Update bazel 2017-02-15 10:25:15 +01:00
Dr. Stefan Schimanski
27e01b5c46 k8s.io/apiserver: fixup imports and renamed packages 2017-02-15 10:24:58 +01:00
Jordan Liggitt
26b42d350d Reconcile bootstrap clusterroles on server start 2017-02-14 12:33:05 -05:00
Dr. Stefan Schimanski
6af3210d6f Update generated files 2017-02-03 08:15:46 +01:00
Dr. Stefan Schimanski
536460e1d9 Mechanical fixup imports: pkg/genericapiserver 2017-02-03 08:15:45 +01:00
Dr. Stefan Schimanski
de2eee391a Update bazel 2017-02-02 15:19:04 +01:00
Dr. Stefan Schimanski
b8142896a7 pkg/genericapiserver: cut off pkg/registry/cachesize dependency 2017-02-02 15:19:03 +01:00
Dr. Stefan Schimanski
bfe0d50ce8 pkg/genericapiserver/server: cut off from pkg/api 2017-02-02 15:19:01 +01:00
deads2k
1ef5d26079 move pkg/storage to apiserver 2017-01-31 19:07:33 -05:00
Kubernetes Submit Queue
f1cd8508e5 Merge pull request #40596 from liggitt/auth-owners 
Automatic merge from submit-queue

Update authn/authz owners and reviewers

Add myself as potential reviewer to several authn/authz-related packages.

Add @deads2k as approver to several packages he wrote.
 2017-01-29 20:57:05 -08:00
deads2k
9fb37f3bba remove storage dependency on api 2017-01-27 14:02:28 -05:00
Jordan Liggitt
07f14ebc6f Update authn/authz owners and reviewers 2017-01-27 08:55:44 -05:00
Clayton Coleman
469df12038 refactor: move ListOptions references to metav1 2017-01-23 17:52:46 -05:00
Clayton Coleman
245b592fac Convert core code to metav1.ListOptions 2017-01-23 17:52:45 -05:00
Clayton Coleman
a35be4e02e Update registries to use metainternalversion list options 2017-01-23 17:52:45 -05:00
deads2k
11e8068d3f move pkg/fields to apimachinery 2017-01-19 09:50:16 -05:00
Dr. Stefan Schimanski
3d9449a353 genericapiserver: fix imports 2017-01-19 13:06:47 +01:00
deads2k
d1fec7068f generated 2017-01-18 10:35:46 -05:00
deads2k
e74efe41a0 add rbac v1beta1 2017-01-18 09:49:33 -05:00
Clayton Coleman
9a2a50cda7 refactor: use metav1.ObjectMeta in other types 2017-01-17 16:17:19 -05:00