- Sort Score
- Result 10 results
- Languages All
Results 1 - 4 of 4 for SecretAllowed (0.41 sec)
-
pilot/pkg/model/context.go
Reconcile(ctx *PushContext) error // SecretAllowed determines if a SDS credential is accessible to a given namespace. // For example, for resourceName of `kubernetes-gateway://ns-name/secret-name` and namespace of `ingress-ns`, // this would return true only if there was a policy allowing `ingress-ns` to access Secrets in the `ns-name` namespace. SecretAllowed(resourceName string, namespace string) bool }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Jun 03 08:29:05 UTC 2024 - 33.6K bytes - Viewed (0) -
pilot/pkg/config/kube/gateway/conversion_test.go
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 08 20:24:52 UTC 2024 - 34.9K bytes - Viewed (0) -
pilot/pkg/config/kube/gateway/conversion.go
if err != nil { return out, err } credNs := ptr.OrDefault((*string)(tls.CertificateRefs[0].Namespace), namespace) sameNamespace := credNs == namespace if !sameNamespace && !ctx.AllowedReferences.SecretAllowed(creds.ToResourceName(cred), namespace) { return out, &ConfigError{ Reason: InvalidListenerRefNotPermitted, Message: fmt.Sprintf(
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Jun 14 04:34:37 UTC 2024 - 84.7K bytes - Viewed (0) -
pilot/pkg/model/push_context.go
// Currently, only Secret has reference policy, and only implemented by Gateway API controller. switch kind { case gvk.Secret: if ps.GatewayAPIController != nil { return ps.GatewayAPIController.SecretAllowed(resourceName, namespace) } default: } return false } func (ps *PushContext) ServiceAccounts(hostname host.Name, namespace string) []string { return ps.serviceAccounts[serviceAccountKey{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 15 09:02:11 UTC 2024 - 91.8K bytes - Viewed (0)