- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 30 for PERMISSIVE (0.16 sec)
-
tests/integration/security/pass_through_filter_chain_test.go
}, }, { // There is only authN policy that enables mTLS (Permissive). // The request should be allowed because the client is always using plain text. name: "PERMISSIVE", config: `apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: mtls spec: mtls: mode: PERMISSIVE`, expected: []expect{ {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 11.9K bytes - Viewed (0) -
pilot/pkg/networking/core/sidecar_simulation_test.go
calls: calls, }) }) t.Run("Permissive", func(t *testing.T) { calls := []simulation.Expect{} for _, c := range cases { calls = append(calls, simulation.Expect{ Name: c.Name, Call: c.Call, Result: c.Permissive, }) } runSimulationTest(t, nil, xds.FakeOptions{}, simulationTest{ config: svc + mtlsMode("PERMISSIVE"), calls: calls, }) })
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 84.7K bytes - Viewed (0) -
pilot/pkg/networking/core/peer_authentication_simulation_test.go
mode: DISABLE ---` paPermissive := ` apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default spec: selector: matchLabels: app: foo mtls: mode: PERMISSIVE ---` paStrictWithDisableOnPort9000 := ` apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: default spec: selector: matchLabels: app: foo mtls:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 16.2K bytes - Viewed (0) -
pilot/pkg/model/authentication.go
MTLSUnknown MutualTLSMode = iota // MTLSDisable if authentication policy disable mTLS. MTLSDisable // MTLSPermissive if authentication policy enable mTLS in permissive mode. MTLSPermissive // MTLSStrict if authentication policy enable mTLS in strict mode. MTLSStrict ) // In Ambient, we convert k8s PeerAuthentication resources to the same type as AuthorizationPolicies
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 10.1K bytes - Viewed (0) -
pilot/pkg/networking/grpcgen/lds.go
// replacement for permissive. mode = model.MTLSDisable } var out []*listener.FilterChain switch mode { case model.MTLSDisable: out = append(out, buildInboundFilterChain(node, push, "plaintext", nil)) case model.MTLSStrict: out = append(out, buildInboundFilterChain(node, push, "mtls", tlsContext))
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 14.6K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/authorization.go
Name: workloadCfg.Name, Kind: kind.PeerAuthentication, Namespace: workloadCfg.Namespace, }) } } else { // Permissive mesh or namespace policy isEffectiveStrictPolicy = false // any ports that aren't specified will be PERMISSIVE so this workload isn't effectively under a STRICT policy foundStrict := false for _, portMtls := range workloadSpec.PortLevelMtls {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 15 16:23:36 UTC 2024 - 18.4K bytes - Viewed (0) -
tests/integration/security/reachability_test.go
expectCrossCluster: notFromNaked, expectCrossNetwork: notNaked, expectSuccess: notNaked, minIstioVersion: integIstioVersion, }, { name: "global mtls permissive", configs: config.Sources{ config.File("testdata/reachability/global-peer-authn.yaml.tmpl"), config.File("testdata/reachability/global-dr.yaml.tmpl"), }.WithParams(param.Params{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 20.6K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_builder_test.go
http map[int]bool tls map[int]bool }{ { name: "permissive", config: "", http: map[int]bool{ // Should not see HTTP inspector if we declare ports 80: true, 82: true, // But should see for passthrough or unnamed ports 81: false, 1000: false, }, tls: map[int]bool{ // Permissive mode: inspector is set everywhere 80: false, 82: false,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 24.7K bytes - Viewed (0) -
tests/integration/ambient/baseline_test.go
t.NewSubTest("permissive").Run(func(t framework.TestContext) { t.ConfigIstio().Eval(apps.Namespace.Name(), map[string]string{ "Destination": dst.Config().Service, "Source": src.Config().Service, "Namespace": apps.Namespace.Name(), }, ` apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: global-permissive spec: mtls: mode: PERMISSIVE
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 00:07:28 UTC 2024 - 78.4K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/ambientindex_test.go
}, } }) // There should be an event since effective policy moves to PERMISSIVE s.assertEvent(t, s.podXdsName("pod1"), s.podXdsName("pod2"), xdsConvertedPeerAuthSelector) assert.Equal(t, s.lookup(s.addrXdsName("127.0.0.1"))[0].Address.GetWorkload().AuthorizationPolicies, nil) // Change namespace policy to be PERMISSIVE s.addPolicy(t, "namespace", testNS, nil, gvk.PeerAuthentication, func(c controllers.Object) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 08 01:04:50 UTC 2024 - 70.2K bytes - Viewed (0)