Access Review APIs #37
Comments
|
@kubernetes/sig-auth @erictune @smarterclayton We've talked about doing this for some time. The API objects were actually approved and merged, but we've had trouble getting review attention on the PRs that provide the REST endpoints. I'd really like to focus on getting this in for 1.4. I think providing a complete authorization delegation API is important for things like server federation. |
|
David and I are both SIG leads and we both approve of this initiative. On Wed, Jul 20, 2016 at 12:44 PM, David Eads [email protected]
|
Automatic merge from submit-queue add subjectaccessreviews resource Adds a subjectaccessreviews endpoint that uses the API server's authorizer to determine if a subject is allowed to perform an action. Part of kubernetes/enhancements#37
|
kubernetes/kubernetes#31271 adds the SelfSubjectAccessReview API. |
Automatic merge from submit-queue add subjectaccessreviews resource Adds a subjectaccessreviews endpoint that uses the API server's authorizer to determine if a subject is allowed to perform an action. Part of kubernetes/enhancements#37
|
@deads2k Are the docs ready? Please update the docs in https://github.com/kubernetes/kubernetes.github.io, and then add PR numbers and check the docs box in the issue description |
|
Ping. Any update on docs? |
Right now, its API only, but swagger is complete. CLI integration should come in 1.5 and then there will be something more substantive to doc for end users. |
|
How about one sentence that says that the API exists, so that people know On Wed, Sep 7, 2016 at 3:39 PM, David Eads [email protected] wrote:
|
Fair. I'll find a spot tomorrow or early next week. |
I've written a brief description here: kubernetes/website#1219 . As we continue to fill out the API, it will become easier to use and have more capability. |
|
Issues go stale after 90d of inactivity. Prevent issues from auto-closing with an If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or |
k8s-ci-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
lifecycle/rotten
|
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
…kargs-day-1 Add enhancements proposal for kernel args day 1 support in the MCO
…netes#37) * Address comments regarding alpha for gateway topology features * Add features.yaml
Description
The API server should provide endpoints to allow access control checks and subject access checks without direct knowledge of the backing authorization engine. This allows delegation of authorization.
Progress Tracker
/pkg/apis/...)FEATURE_STATUS is used for feature tracking and to be updated by @kubernetes/feature-reviewers.
FEATURE_STATUS: IN_DEVELOPMENT
More advice:
Design
Coding
and sometimes https://github.com/kubernetes/contrib, or other repos.
check that the code matches the proposed feature and design, and that everything is done, and that there is adequate
testing. They won't do detailed code review: that already happened when your PRs were reviewed.
When that is done, you can check this box and the reviewer will apply the "code-complete" label.
Docs
The text was updated successfully, but these errors were encountered: