- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 10 for trustDomainAliases (0.38 sec)
-
tests/fuzz/aggregate_controller_fuzzer.go
"istio.io/istio/pilot/pkg/serviceregistry/aggregate" ) var meshHolder fuzzMeshConfigHolder type fuzzMeshConfigHolder struct { trustDomainAliases []string } func (mh fuzzMeshConfigHolder) Mesh() *meshconfig.MeshConfig { return &meshconfig.MeshConfig{ TrustDomainAliases: mh.trustDomainAliases, } } // FuzzAggregateController implements a fuzzer // that targets the add and delete registry apis
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Aug 07 18:40:05 UTC 2023 - 2.7K bytes - Viewed (0) -
pilot/pkg/networking/plugin/authn/util_test.go
meshConfig *meshconfig.MeshConfig want []string }{ { name: "No duplicated trust domain in mesh config", meshConfig: &meshconfig.MeshConfig{ TrustDomain: "cluster.local", TrustDomainAliases: []string{"alias-1.domain", "some-other-alias-1.domain", "alias-2.domain"}, }, want: []string{"cluster.local", "alias-1.domain", "some-other-alias-1.domain", "alias-2.domain"}, }, {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 24 16:11:07 UTC 2023 - 2.8K bytes - Viewed (0) -
pilot/pkg/security/authn/utils/utils.go
"AES128-GCM-SHA256", } // BuildInboundTLS returns the TLS context corresponding to the mTLS mode. func BuildInboundTLS(mTLSMode model.MutualTLSMode, node *model.Proxy, protocol networking.ListenerProtocol, trustDomainAliases []string, minTLSVersion tls.TlsParameters_TlsProtocol, mc *meshconfig.MeshConfig, ) *tls.DownstreamTlsContext { if mTLSMode == model.MTLSDisable || mTLSMode == model.MTLSUnknown { return nil }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 23 00:16:21 UTC 2024 - 3.8K bytes - Viewed (0) -
pilot/pkg/security/trustdomain/bundle.go
// For example, if we have // trustDomain: td1, trustDomainAliases: ["td2", "td3"] // Any service with the identity `td1/ns/foo/sa/a-service-account`, `td2/ns/foo/sa/a-service-account`, // or `td3/ns/foo/sa/a-service-account` will be treated the same in the Istio mesh. TrustDomains []string } // NewBundle returns a new trust domain bundle. func NewBundle(trustDomain string, trustDomainAliases []string) Bundle { return Bundle{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Oct 23 15:48:01 UTC 2023 - 7.5K bytes - Viewed (0) -
tests/integration/security/ca_custom_root/trust_domain_alias_secure_naming_test.go
// 5. DestinaitonRule with tls ISTIO_MUTUAL mode, because Istio auto mTLS will let client send plaintext to naked servers by default. // 6. MeshConfig.TrustDomainAliases contains one of the trust domain "server-naked-foo". // // Expectation: // When the "server-naked-foo" is in the list of MeshConfig.TrustDomainAliases, client requests to // "server-naked-foo" succeeds, and requests to "server-naked-bar" fails. func TestTrustDomainAliasSecureNaming(t *testing.T) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 3.7K bytes - Viewed (0) -
pilot/pkg/networking/plugin/authn/util.go
) func TrustDomainsForValidation(meshConfig *meshconfig.MeshConfig) []string { if features.SkipValidateTrustDomain { return nil } tds := append([]string{meshConfig.TrustDomain}, meshConfig.TrustDomainAliases...) for _, cacert := range meshConfig.GetCaCertificates() { tds = append(tds, cacert.GetTrustDomains()...) } return dedupTrustDomains(tds) } func dedupTrustDomains(tds []string) []string {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 24 16:11:07 UTC 2023 - 1.3K bytes - Viewed (0) -
pilot/pkg/networking/plugin/authz/authorization.go
} func NewBuilderForService(actionType ActionType, push *model.PushContext, proxy *model.Proxy, useFilterState bool, svc *model.Service) *Builder { tdBundle := trustdomain.NewBundle(push.Mesh.TrustDomain, push.Mesh.TrustDomainAliases) option := builder.Option{ IsCustomBuilder: actionType == Custom, UseFilterState: useFilterState, UseExtendedJwt: proxy.SupportsEnvoyExtendedJwt(), }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 2.7K bytes - Viewed (0) -
pilot/pkg/security/authn/factory.go
type PolicyApplier interface { // InboundMTLSSettings returns inbound mTLS settings for a given workload port InboundMTLSSettings(endpointPort uint32, node *model.Proxy, trustDomainAliases []string, modeOverride model.MutualTLSMode) MTLSSettings // JwtFilter returns the JWT HTTP filter to enforce the underlying authentication policy. // It may return nil, if no JWT validation is needed.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 3K bytes - Viewed (0) -
tests/integration/security/external_ca/main_test.go
cfgYaml := tmpl.MustEvaluate(` values: pilot: env: EXTERNAL_CA: ISTIOD_RA_KUBERNETES_API meshConfig: defaultConfig: proxyMetadata: ISTIO_META_CERT_SIGNER: signer1 trustDomainAliases: [some-other, trust-domain-foo] caCertificates: - pem: | {{.rootcert1 | indent 8}} certSigners: - {{.signer1}} - pem: | {{.rootcert2 | indent 8}} certSigners:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Mar 22 14:18:21 UTC 2023 - 4.7K bytes - Viewed (0) -
tests/integration/security/ca_custom_root/main_test.go
cfgYaml := tmpl.MustEvaluate(` values: pilot: env: ISTIO_MULTIROOT_MESH: true meshConfig: defaultConfig: proxyMetadata: PROXY_CONFIG_XDS_AGENT: "true" trustDomainAliases: [some-other, trust-domain-foo] caCertificates: - pem: | {{.pem | indent 8}} `, map[string]string{"pem": rootPEM}) cfg.ControlPlaneValues = cfgYaml }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 9.2K bytes - Viewed (0)