- Sort Score
- Result 10 results
- Languages All
Results 1 - 6 of 6 for AuthorizationPolicy (0.21 sec)
-
istioctl/pkg/authz/authz.go
cmd := &cobra.Command{ Use: "check [<type>/]<name>[.<namespace>]", Short: "Check AuthorizationPolicy applied in the pod.", Long: `Check prints the AuthorizationPolicy applied to a pod by directly checking the Envoy configuration of the pod. The command is especially useful for inspecting the policy propagation from Istiod to Envoy and the final AuthorizationPolicy list merged from multiple sources (mesh-level, namespace-level and workload-level).
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Sat Apr 13 05:23:38 UTC 2024 - 5K bytes - Viewed (0) -
istioctl/pkg/authz/authz_test.go
WantException: true, }, { Args: []string{"-f", "testdata/configdump.yaml"}, ExpectedOutput: `ACTION AuthorizationPolicy RULES ALLOW _anonymous_match_nothing_ 1 ALLOW httpbin.default 1 `, }, } authzCmd := checkCmd(cli.NewFakeContext(&cli.NewFakeContextOption{})) for i, c := range cases {
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Wed Jun 21 14:20:23 UTC 2023 - 1.4K bytes - Viewed (0) -
istioctl/pkg/authz/analyzer_test.go
}, ClientStatus: 453, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { var buf bytes.Buffer a.Print(&buf) expectedOutput := "ACTION AuthorizationPolicy RULES\n" actualOutput := buf.String() if !reflect.DeepEqual(expectedOutput, actualOutput) { t.Errorf("Found %v, wanted %v", actualOutput, expectedOutput) } }) }
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Sun Apr 21 17:42:54 UTC 2024 - 2.8K bytes - Viewed (0) -
istioctl/pkg/authz/listener.go
if len(parts) != 4 { log.Errorf("failed to parse policy name: %s", name) return "", "" } return fmt.Sprintf("%s.%s", parts[2], parts[1]), parts[3] } // Print prints the AuthorizationPolicy in the listener. func Print(writer io.Writer, listeners []*listener.Listener) { parsedListeners := parse(listeners) if parsedListeners == nil { return }
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Mon Sep 11 15:29:30 UTC 2023 - 6K bytes - Viewed (0) -
architecture/ambient/ztunnel.md
Most notably, this is only L4 resources. Most of the API is fairly straight forward. However, one interesting aspect is how these policies associate with workloads. Istio's AuthorizationPolicy has label selectors. However, we intentionally do not send those as part of the Workload API, in order to keep the size low. The obvious solution to this is to put the list of selected workloads into the policy itself.
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Wed Jul 17 23:10:17 UTC 2024 - 16.8K bytes - Viewed (0) -
manifests/charts/base/files/crd-all.gen.yaml
spec: group: security.istio.io names: categories: - istio-io - security-istio-io kind: AuthorizationPolicy listKind: AuthorizationPolicyList plural: authorizationpolicies shortNames: - ap singular: authorizationpolicy scope: Namespaced versions: - additionalPrinterColumns: - description: The operation to take.
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Fri Nov 01 16:23:52 UTC 2024 - 805K bytes - Viewed (0)