- Sort Score
- Result 10 results
- Languages All
Results 1 - 8 of 8 for requestPrincipals (0.24 sec)
-
pilot/pkg/security/authz/builder/testdata/http/allow-full-rule-out.yaml
stringMatch: exact: requestPrincipals - metadata: filter: istio_authn path: - key: request.auth.principal value: stringMatch: prefix: requestPrincipals-prefix- - metadata: filter: istio_authn
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Apr 20 01:58:53 UTC 2024 - 32.6K bytes - Viewed (0) -
pilot/pkg/security/authz/builder/testdata/http/extended-allow-full-rule-out.yaml
path: - key: payload - key: iss value: stringMatch: exact: requestPrincipals - metadata: filter: envoy.filters.http.jwt_authn path: - key: payload - key: sub
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 03 18:02:42 UTC 2024 - 39K bytes - Viewed (0) -
pilot/pkg/security/authz/model/model_test.go
} } }) } } func TestModel_Generate(t *testing.T) { rule := yamlRule(t, ` from: - source: requestPrincipals: ["td-1/ns/foo/sa/sleep-1"] notRequestPrincipals: ["td-1/ns/foo/sa/sleep-2"] - source: requestPrincipals: ["td-1/ns/foo/sa/sleep-3"] notRequestPrincipals: ["td-1/ns/foo/sa/sleep-4"] to: - operation: ports: ["8001"] notPorts: ["8002"]
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Nov 20 22:15:12 UTC 2023 - 10K bytes - Viewed (0) -
pilot/pkg/security/authz/model/model.go
if useExtendedJwt { merged.insertFrontExtended(requestPrincipalGenerator{}, attrRequestPrincipal, s.RequestPrincipals, s.NotRequestPrincipals) } else { merged.insertFront(requestPrincipalGenerator{}, attrRequestPrincipal, s.RequestPrincipals, s.NotRequestPrincipals) } merged.insertFront(srcPrincipalGenerator{}, attrSrcPrincipal, s.Principals, s.NotPrincipals) }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Mar 25 10:39:25 UTC 2024 - 13.8K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/authorization.go
} fromMatches := []*security.Match{} for _, from := range rule.From { op := from.Source if action == security.Action_ALLOW && anyNonEmpty(op.RemoteIpBlocks, op.NotRemoteIpBlocks, op.RequestPrincipals, op.NotRequestPrincipals) { // L7 policies never match for ALLOW // For DENY they will always match, so it is more restrictive return nil } match := &security.Match{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 15 16:23:36 UTC 2024 - 18.4K bytes - Viewed (0) -
pilot/pkg/networking/core/networkfilter_test.go
Action: v1beta1.AuthorizationPolicy_ALLOW, Rules: []*v1beta1.Rule{ { From: []*v1beta1.Rule_From{ { Source: &v1beta1.Source{ RequestPrincipals: []string{"id-1"}, }, }, }, To: []*v1beta1.Rule_To{ { Operation: &v1beta1.Operation{ Methods: []string{"GET"}, },
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 25.8K bytes - Viewed (0) -
pilot/pkg/security/authz/builder/testdata/http/single-policy-out.yaml
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Oct 17 16:35:46 UTC 2023 - 14.1K bytes - Viewed (0) -
pilot/pkg/security/authz/builder/testdata/http/extended-single-policy-out.yaml
- key: payload - key: iss value: stringMatch: exact: rule[0]-from[0]-requestPrincipal[1] - metadata: filter: envoy.filters.http.jwt_authn path: - key: payload - key: sub
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Mar 25 10:39:25 UTC 2024 - 17.4K bytes - Viewed (0)