upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-05-23 10:29:27 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
kubernetes/test/integration
History
Antonio Ojea adbf3b5aa5
Add granular authorization for DRA ResourceClaim status updates 
This commit introduces the DRAResourceClaimGranularStatusAuthorization
feature gate (Beta in 1.36) to enforce fine-grained authorization checks
on ResourceClaim status updates.

Previously, 'update' permission on 'resourceclaims/status' allowed modifying
the entire status. To enforce the principle of least privilege for DRA
drivers and the scheduler, this change introduces synthetic subresources and
verb prefixes:

- 'resourceclaims/binding': Required to update 'status.allocation' and
  'status.reservedFor'.
- 'resourceclaims/driver': Required to update 'status.devices'. Evaluated
  on a per-driver basis using 'associated-node:<verb>' (for node-local
  ServiceAccounts) or 'arbitrary-node:<verb>' (for cluster-wide controllers).
2026-03-26 13:22:09 +00:00
..
apimachinery Remove usage of deprecated functions from ktesting package 2026-01-29 14:51:59 +05:30
apiserver Merge pull request #136355 from enj/enj/i/tls_cache_gc 2026-03-19 05:42:29 +05:30
auth Add granular authorization for DRA ResourceClaim status updates 2026-03-26 13:22:09 +00:00
authutil
benchmark
certificates Remove redundant re-assignments in for-loops in test/{e2e,integration,utils} 2026-01-25 22:58:27 +01:00
client Add GC to client-go TLS cache 2026-03-18 17:24:33 -04:00
cloudprovider adopt consistent way to set feature gate based on emulation version for kcm and scheduler test server. 2025-10-22 13:20:30 -05:00
clustertrustbundles adopt consistent way to set feature gate based on emulation version for kcm and scheduler test server. 2025-10-22 13:20:30 -05:00
configmap
controllermanager Add OWNERS for controller manager integration tests 2026-03-18 18:10:21 +00:00
controlplane Graduate ComponentFlagz feature gate to Beta 2026-03-10 09:50:16 -07:00
cronjob Add integration tests for Workload/PodGroup Job integration 2026-03-18 22:32:57 +00:00
daemonset Use Go 1.22 for-range in test/utils and test/integrations 2026-02-05 16:13:58 +01:00
defaulttolerationseconds
deployment add integration tests for pod replacement during scaling and 2025-10-30 09:55:43 +01:00
disruption Use Go 1.22 for-range in test/utils and test/integrations 2026-02-05 16:13:58 +01:00
dra Workload API: PodGroup ResourceClaims (KEP-5729) 2026-03-22 14:52:45 -05:00
dryrun
dualstack Remove unneeded use of fmt.Sprintf in test/{integration,e2e} 2026-02-08 14:34:13 +01:00
endpoints Use Go 1.22 for-range in test/utils and test/integrations 2026-02-05 16:13:58 +01:00
endpointslice
etcd Merge pull request #137028 from nmn3m/feature/dra-resource-pool-status 2026-03-21 08:16:13 +05:30
events
evictions Merge pull request #136767 from Sahil-4555/atomic-types-test 2026-02-07 22:13:08 +05:30
examples Merge pull request #136767 from Sahil-4555/atomic-types-test 2026-02-07 22:13:08 +05:30
framework Add GC to client-go TLS cache 2026-03-18 17:24:33 -04:00
garbagecollector Use Go 1.22 for-range in test/utils and test/integrations 2026-02-05 16:13:58 +01:00
ipamperf
job Add integration tests for Workload/PodGroup Job integration 2026-03-18 22:32:57 +00:00
kubelet Merge pull request #136729 from ahmedtd/podcert-pkcs10 2026-02-12 04:43:59 +05:30
logs Use Go 1.22 for-range in test/utils and test/integrations 2026-02-05 16:13:58 +01:00
metrics Enable native histograms gated by feature flag in KCM 2026-03-16 11:45:51 -07:00
namespace Move dump package from apimachinery to k8s.io/utils 2026-02-12 07:34:19 -05:00
network
node Use Go 1.22 for-range in test/utils and test/integrations 2026-02-05 16:13:58 +01:00
objectmeta
openshift
podcertificaterequests Promote PodCertificateRequests to v1beta1 2025-11-02 05:33:44 +00:00
podgc
pods add pod resize feasibility check admission plugin 2026-03-17 17:12:31 +00:00
pvc
quota fix quota integration test 2026-02-20 18:44:37 +00:00
replicaset Use Go 1.22 for-range in test/utils and test/integrations 2026-02-05 16:13:58 +01:00
replicationcontroller Use Go 1.22 for-range in test/utils and test/integrations 2026-02-05 16:13:58 +01:00
scale
scheduler Marry WAP logic with the new API fields 2026-03-24 09:36:00 +01:00
scheduler_perf Workload API: PodGroup ResourceClaims (KEP-5729) 2026-03-22 14:52:45 -05:00
secrets
service Drop TopologyAwareHints and ServiceTraficDistribution feature gates 2026-01-09 12:42:34 -05:00
serviceaccount Use Go 1.22 for-range in test/utils and test/integrations 2026-02-05 16:13:58 +01:00
servicecidr Update startup_race_test.go 2026-02-25 20:52:44 -08:00
serving integration tests for configz endpoints 2026-03-11 00:25:32 +00:00
staleness Add rv query to store 2026-02-12 00:41:25 +00:00
statefulset
storageclasses
storageversion
storageversionmigrator test/integration/storageversionmigrator: wait longer for CRD updates 2026-03-17 09:12:04 -04:00
tls Add --tls-curve-preferences flag for configuring TLS key exchange mechanisms 2026-03-13 14:26:05 +01:00
ttlcontroller
util Workload API: PodGroup ResourceClaims (KEP-5729) 2026-03-22 14:52:45 -05:00
volume Use Go 1.22 for-range in test/utils and test/integrations 2026-02-05 16:13:58 +01:00
volumescheduling Remove unneeded use of fmt.Sprintf in test/{integration,e2e} 2026-02-08 14:34:13 +01:00
.import-restrictions DRA integration: test sharing a claim sequentially 2026-02-12 12:33:22 +01:00
benchmark-controller.json
doc.go
utils.go