Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 6 of 6 for AuthorizationPolicy (0.15 sec)

  1. istioctl/pkg/authz/authz.go

    	cmd := &cobra.Command{
    		Use:   "check [<type>/]<name>[.<namespace>]",
    		Short: "Check AuthorizationPolicy applied in the pod.",
    		Long: `Check prints the AuthorizationPolicy applied to a pod by directly checking
    the Envoy configuration of the pod. The command is especially useful for inspecting
    the policy propagation from Istiod to Envoy and the final AuthorizationPolicy list merged
    from multiple sources (mesh-level, namespace-level and workload-level).
    
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Sat Apr 13 05:23:38 UTC 2024
    - 5K bytes
    - Viewed (0)
  2. istioctl/pkg/authz/authz_test.go

    			WantException:  true,
    		},
    		{
    			Args: []string{"-f", "testdata/configdump.yaml"},
    			ExpectedOutput: `ACTION   AuthorizationPolicy         RULES
    ALLOW    _anonymous_match_nothing_   1
    ALLOW    httpbin.default             1
    `,
    		},
    	}
    
    	authzCmd := checkCmd(cli.NewFakeContext(&cli.NewFakeContextOption{}))
    	for i, c := range cases {
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Wed Jun 21 14:20:23 UTC 2023
    - 1.4K bytes
    - Viewed (0)
  3. istioctl/pkg/authz/analyzer_test.go

    				},
    				ClientStatus: 453,
    			},
    		},
    	}
    	for _, tt := range tests {
    		t.Run(tt.name, func(t *testing.T) {
    			var buf bytes.Buffer
    			a.Print(&buf)
    			expectedOutput := "ACTION   AuthorizationPolicy   RULES\n"
    			actualOutput := buf.String()
    			if !reflect.DeepEqual(expectedOutput, actualOutput) {
    				t.Errorf("Found %v, wanted %v", actualOutput, expectedOutput)
    			}
    		})
    	}
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Sun Apr 21 17:42:54 UTC 2024
    - 2.8K bytes
    - Viewed (0)
  4. istioctl/pkg/authz/listener.go

    	if len(parts) != 4 {
    		log.Errorf("failed to parse policy name: %s", name)
    		return "", ""
    	}
    	return fmt.Sprintf("%s.%s", parts[2], parts[1]), parts[3]
    }
    
    // Print prints the AuthorizationPolicy in the listener.
    func Print(writer io.Writer, listeners []*listener.Listener) {
    	parsedListeners := parse(listeners)
    	if parsedListeners == nil {
    		return
    	}
    
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Mon Sep 11 15:29:30 UTC 2023
    - 6K bytes
    - Viewed (0)
  5. architecture/ambient/ztunnel.md

    Most notably, this is only L4 resources.
    
    Most of the API is fairly straight forward.
    However, one interesting aspect is how these policies associate with workloads.
    Istio's AuthorizationPolicy has label selectors.
    However, we intentionally do not send those as part of the Workload API, in order to keep the size low.
    
    The obvious solution to this is to put the list of selected workloads into the policy itself.
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Wed Jul 17 23:10:17 UTC 2024
    - 16.8K bytes
    - Viewed (0)
  6. manifests/charts/base/files/crd-all.gen.yaml

    spec:
      group: security.istio.io
      names:
        categories:
        - istio-io
        - security-istio-io
        kind: AuthorizationPolicy
        listKind: AuthorizationPolicyList
        plural: authorizationpolicies
        shortNames:
        - ap
        singular: authorizationpolicy
      scope: Namespaced
      versions:
      - additionalPrinterColumns:
        - description: The operation to take.
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Fri Nov 01 16:23:52 UTC 2024
    - 805K bytes
    - Viewed (0)
Back to top