upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-06-13 19:01:10 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
kubernetes/pkg
History
Kubernetes Submit Queue d1b38b21ef
Merge pull request #62136 from rithujohn191/oidc-hd-claim 
Automatic merge from submit-queue (batch tested with PRs 61241, 62136). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

OIDC required claims

**What this PR does / why we need it**: 
Currently there is no mechanism for a user to specify claims in the OIDC authentication process that are required to be present in the ID Token with an expected value. This PR adds the required claims support for the OIDC authentication. It allows users to pass in a `--oidc-required-claims` flag, and key=value pairs in the API config, which will ensure that the specified `required claims` are checked against the ID Token claims.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #61276

**Special notes for your reviewer**:
Ran the following commands to update godep files:

```
./hack/godep-restore.sh -v
./hack/godep-save.sh
./hack/update-staging-godeps.sh
./hack/update-bazel.sh
```
Since we don't officially support go 1.10, kept go version to 1.9

**Release note**:

```release-note
kube-apiserver: oidc authentication now supports requiring specific claims with `--oidc-required-claim=<claim>=<value>`
```
/sig auth
/kind feature
/assign @ericchiang
2018-04-11 03:25:11 -07:00
..
api remove deprecated ObjectMeta ListOptions DeleteOptions 2018-04-09 21:19:20 +08:00
apis Merge pull request #62018 from andyzhangx/local-windows-path-fix 2018-04-10 05:31:20 -07:00
auth Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
capabilities Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
client Run hack/update-codegen.sh 2018-04-05 23:35:14 +02:00
cloudprovider Merge pull request #61082 from wenlxie/githubupstream.master.ignorevolumeerrorstatus 2018-04-10 18:19:16 -07:00
controller Merge pull request #61549 from jingxu97/Mar/aswVolumeSpec 2018-04-10 17:43:38 -07:00
credentialprovider Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
features Delete in-tree support for NVIDIA GPUs. 2018-04-02 20:17:01 -07:00
fieldpath Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
generated Fix kubectl bindata 2018-04-05 14:05:53 +02:00
kubeapiserver pkg/kubeapiserver/options: update Bazel files 2018-04-10 12:03:54 -07:00
kubectl Create container name after dropped ":" and "@" both separately 2018-04-08 21:50:15 +09:00
kubelet Merge pull request #46903 from gyliu513/validateip 2018-04-11 00:45:44 -07:00
kubemark add nodeport-addresses flag for kube-proxy 2018-02-26 23:48:46 +08:00
master apiserver: enforce shared RequestContextMapper in delegation chain 2018-04-05 14:41:56 +02:00
printers update PrintFlags#Complete to receive string template 2018-04-06 16:44:40 -04:00
probe Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
proxy Merge pull request #61329 from Lion-Wei/ipvs-esipp 2018-04-07 21:33:13 -07:00
quota Resources prefixed with *kubernetes.io/ should remain unscheduled if they are not exposed on the node. 2018-03-28 17:24:30 -07:00
registry check error when create failed and fix the conditional judgment 2018-04-03 14:51:02 +08:00
routes Remove /ui/ redirect 2018-02-12 10:54:33 -05:00
scheduler Merge pull request #62236 from zhangxiaoyu-zidif/fix-caps-on-schedulerName 2018-04-10 05:31:17 -07:00
security Update gofmt for go1.10 2018-04-02 17:44:04 -07:00
securitycontext remove unused code in securitycontext 2018-03-29 23:32:48 -07:00
serviceaccount implement token authenticator for new id tokens 2018-02-27 17:20:46 -08:00
ssh Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
util add tests for GetFileType 2018-04-10 10:53:11 +08:00
version Require boilerplate on Bazel Skylark source files 2018-02-16 13:44:04 -08:00
volume Merge pull request #61549 from jingxu97/Mar/aswVolumeSpec 2018-04-10 17:43:38 -07:00
watch/json remove outdate package 2018-01-15 23:17:19 +08:00
windows/service Add support for binaries to run as Windows services 2018-03-07 00:51:36 +01:00
.import-restrictions Add import-boss directives 2017-10-13 07:06:22 -04:00
BUILD pkg/api/unversioned related cleanup 2018-03-13 17:20:16 +08:00
OWNERS