- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 12 for trustDomainAliases (1.19 sec)
-
pkg/config/mesh/mesh_test.go
- name: prometheus prometheus: {} trustDomainAliases: ["both", "default"] `, }, { name: "add trust domain aliases", in: ` trustDomainAliases: ["added", "both"]`, out: `defaultProviders: metrics: - stackdriver extensionProviders: - name: stackdriver stackdriver: maxNumberOfAttributes: 3 trustDomainAliases: - added - both - default `, }, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 20:06:41 UTC 2024 - 11.7K bytes - Viewed (0) -
pkg/config/mesh/mesh.go
found = true break } } if !found { defaultConfig.ExtensionProviders = append(defaultConfig.ExtensionProviders, p) } } defaultConfig.TrustDomainAliases = sets.SortedList(sets.New(append(defaultConfig.TrustDomainAliases, prevTrustDomainAliases...)...)) warn, err := agent.ValidateMeshConfig(defaultConfig) if err != nil { return nil, err } if warn != nil {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 20:06:41 UTC 2024 - 12K bytes - Viewed (0) -
tests/integration/security/ca_custom_root/trust_domain_alias_secure_naming_test.go
// 5. DestinaitonRule with tls ISTIO_MUTUAL mode, because Istio auto mTLS will let client send plaintext to naked servers by default. // 6. MeshConfig.TrustDomainAliases contains one of the trust domain "server-naked-foo". // // Expectation: // When the "server-naked-foo" is in the list of MeshConfig.TrustDomainAliases, client requests to // "server-naked-foo" succeeds, and requests to "server-naked-bar" fails. func TestTrustDomainAliasSecureNaming(t *testing.T) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 3.7K bytes - Viewed (0) -
pkg/spiffe/spiffe.go
// // {"spiffe://td1/ns/def/sa/a", "spiffe://td2/ns/def/sa/a", "spiffe://td1/ns/def/sa/b", "spiffe://td2/ns/def/sa/b"}. func ExpandWithTrustDomains(spiffeIdentities sets.String, trustDomainAliases []string) sets.String { if len(trustDomainAliases) == 0 { return spiffeIdentities } out := sets.New[string]() for id := range spiffeIdentities { out.Insert(id)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 23 21:07:03 UTC 2024 - 11.1K bytes - Viewed (0) -
pilot/pkg/networking/plugin/authz/authorization.go
} func NewBuilderForService(actionType ActionType, push *model.PushContext, proxy *model.Proxy, useFilterState bool, svc *model.Service) *Builder { tdBundle := trustdomain.NewBundle(push.Mesh.TrustDomain, push.Mesh.TrustDomainAliases) option := builder.Option{ IsCustomBuilder: actionType == Custom, UseFilterState: useFilterState, UseExtendedJwt: proxy.SupportsEnvoyExtendedJwt(), }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 2.7K bytes - Viewed (0) -
pilot/pkg/security/authn/factory.go
type PolicyApplier interface { // InboundMTLSSettings returns inbound mTLS settings for a given workload port InboundMTLSSettings(endpointPort uint32, node *model.Proxy, trustDomainAliases []string, modeOverride model.MutualTLSMode) MTLSSettings // JwtFilter returns the JWT HTTP filter to enforce the underlying authentication policy. // It may return nil, if no JWT validation is needed.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 3K bytes - Viewed (0) -
pilot/pkg/serviceregistry/aggregate/controller_test.go
"istio.io/istio/pkg/config/host" "istio.io/istio/pkg/test/util/retry" ) type mockMeshConfigHolder struct { trustDomainAliases []string } func (mh mockMeshConfigHolder) Mesh() *meshconfig.MeshConfig { return &meshconfig.MeshConfig{ TrustDomainAliases: mh.trustDomainAliases, } } func buildMockController() *Controller { discovery1 := memory.NewServiceDiscovery(mock.ReplicatedFooServiceV1.DeepCopy(),
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 15 06:28:11 UTC 2024 - 14.5K bytes - Viewed (0) -
pkg/config/validation/agent/validation_test.go
"discovery address must be set to the proxy discovery service", "invalid proxy admin port", "invalid status port", "trustDomain: empty domain name not allowed", "trustDomainAliases[0]", "trustDomainAliases[1]", "trustDomainAliases[2]", "mesh TLS does not support ECDH curves configuration", } switch err := err.(type) { case *multierror.Error: // each field must cause an error in the field
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 20:06:41 UTC 2024 - 39.1K bytes - Viewed (0) -
tests/integration/security/ca_custom_root/main_test.go
cfgYaml := tmpl.MustEvaluate(` values: pilot: env: ISTIO_MULTIROOT_MESH: true meshConfig: defaultConfig: proxyMetadata: PROXY_CONFIG_XDS_AGENT: "true" trustDomainAliases: [some-other, trust-domain-foo] caCertificates: - pem: | {{.pem | indent 8}} `, map[string]string{"pem": rootPEM}) cfg.ControlPlaneValues = cfgYaml }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 9.2K bytes - Viewed (0) -
pkg/config/validation/agent/validation.go
errs = multierror.Append(errs, fmt.Errorf("trustDomain: %v", err)) } for i, tda := range config.TrustDomainAliases { if err := ValidateTrustDomain(tda); err != nil { errs = multierror.Append(errs, fmt.Errorf("trustDomainAliases[%d], domain `%s` : %v", i, tda, err)) } } return } func ValidateMeshTLSConfig(mesh *meshconfig.MeshConfig) (errs error) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 20:06:41 UTC 2024 - 30.9K bytes - Viewed (0)