Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 130 for authZ (0.1 sec)

  1. istioctl/pkg/authz/authz.go

    		Example: `  # Check AuthorizationPolicy applied to pod httpbin-88ddbcfdd-nt5jb:
      istioctl x authz check httpbin-88ddbcfdd-nt5jb
    
      # Check AuthorizationPolicy applied to one pod under a deployment
      istioctl x authz check deployment/productpage-v1
    
      # Check AuthorizationPolicy from Envoy config dump file:
      istioctl x authz check -f httpbin_config_dump.json`,
    		Args: func(cmd *cobra.Command, args []string) error {
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Sat Apr 13 05:23:38 UTC 2024
    - 5K bytes
    - Viewed (0)
  2. istioctl/cmd/root.go

    	rootCmd.AddCommand(admin.Cmd(ctx))
    	experimentalCmd.AddCommand(injector.Cmd(ctx))
    
    	rootCmd.AddCommand(mesh.UninstallCmd(ctx))
    
    	experimentalCmd.AddCommand(authz.AuthZ(ctx))
    	rootCmd.AddCommand(seeExperimentalCmd("authz"))
    	experimentalCmd.AddCommand(metrics.Cmd(ctx))
    	experimentalCmd.AddCommand(describe.Cmd(ctx))
    	experimentalCmd.AddCommand(config.Cmd())
    	experimentalCmd.AddCommand(workload.Cmd(ctx))
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Mon Aug 05 02:08:47 UTC 2024
    - 9.6K bytes
    - Viewed (0)
  3. docs/iam/opa.md

    ```
    
    ### 2. Create a sample OPA Policy
    
    In another terminal, create a policy that allows root user all access and for all other users denies `PutObject`:
    
    ```sh
    cat > example.rego <<EOF
    package httpapi.authz
    
    import input
    
    default allow = false
    
    # Allow the root user to perform any action.
    allow {
     input.owner == true
    }
    
    # All other users may do anything other than call PutObject
    allow {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Sun Jul 17 15:43:14 UTC 2022
    - 2.3K bytes
    - Viewed (0)
  4. internal/config/policy/plugin/config.go

    	}
    
    	// Handle large OPA responses when OPA URL is of
    	// form http://localhost:8181/v1/data/httpapi/authz
    	type opaResultAllow struct {
    		Result struct {
    			Allow bool `json:"allow"`
    		} `json:"result"`
    	}
    
    	// Handle simpler OPA responses when OPA URL is of
    	// form http://localhost:8181/v1/data/httpapi/authz/allow
    	type opaResult struct {
    		Result bool `json:"result"`
    	}
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri May 24 23:05:23 UTC 2024
    - 5.8K bytes
    - Viewed (0)
  5. internal/config/policy/opa/config.go

    	}
    
    	// Handle large OPA responses when OPA URL is of
    	// form http://localhost:8181/v1/data/httpapi/authz
    	type opaResultAllow struct {
    		Result struct {
    			Allow bool `json:"allow"`
    		} `json:"result"`
    	}
    
    	// Handle simpler OPA responses when OPA URL is of
    	// form http://localhost:8181/v1/data/httpapi/authz/allow
    	type opaResult struct {
    		Result bool `json:"result"`
    	}
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Wed Jul 10 20:16:44 UTC 2024
    - 5.3K bytes
    - Viewed (0)
  6. internal/config/policy/opa/help.go

    		return config.DefaultHelpPostfix(DefaultKVS, key)
    	}
    
    	Help = config.HelpKVS{
    		config.HelpKV{
    			Key:         URL,
    			Description: `[DEPRECATED] OPA HTTP(s) endpoint e.g. "http://localhost:8181/v1/data/httpapi/authz/allow"` + defaultHelpPostfix(URL),
    			Type:        "url",
    			Sensitive:   true,
    		},
    		config.HelpKV{
    			Key:         AuthToken,
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Jun 23 14:45:27 UTC 2023
    - 1.6K bytes
    - Viewed (0)
  7. istioctl/pkg/authz/analyzer.go

    // limitations under the License.
    
    // The auth package provides support for checking the authentication and authorization policy applied
    // in the mesh. It aims to increase the debuggability and observability of auth policies.
    // Note: this is still under active development and is not ready for real use.
    package authz
    
    import (
    	"fmt"
    	"io"
    
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Wed Jul 13 01:59:17 UTC 2022
    - 2.1K bytes
    - Viewed (0)
  8. istioctl/pkg/authz/authz_test.go

    // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    // See the License for the specific language governing permissions and
    // limitations under the License.
    
    package authz
    
    import (
    	"fmt"
    	"strings"
    	"testing"
    
    	"istio.io/istio/istioctl/pkg/cli"
    	"istio.io/istio/istioctl/pkg/util/testutil"
    )
    
    func TestAuthz(t *testing.T) {
    	cases := []testutil.TestCase{
    		{
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Wed Jun 21 14:20:23 UTC 2023
    - 1.4K bytes
    - Viewed (0)
  9. internal/config/policy/plugin/help.go

    		return config.DefaultHelpPostfix(DefaultKVS, key)
    	}
    
    	Help = config.HelpKVS{
    		config.HelpKV{
    			Key:         URL,
    			Description: `plugin hook endpoint (HTTP(S)) e.g. "http://localhost:8181/v1/data/httpapi/authz/allow"` + defaultHelpPostfix(URL),
    			Type:        "url",
    			Sensitive:   true,
    		},
    		config.HelpKV{
    			Key:         AuthToken,
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Jun 23 14:45:27 UTC 2023
    - 1.8K bytes
    - Viewed (0)
  10. istioctl/pkg/authz/analyzer_test.go

    // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    // See the License for the specific language governing permissions and
    // limitations under the License.
    
    package authz
    
    import (
    	"bytes"
    	"reflect"
    	"testing"
    
    	envoy_admin "github.com/envoyproxy/go-control-plane/envoy/admin/v3"
    	"google.golang.org/protobuf/types/known/anypb"
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Sun Apr 21 17:42:54 UTC 2024
    - 2.8K bytes
    - Viewed (0)
Back to top