- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 107 for authorizationpolicy (0.54 sec)
-
pilot/pkg/xds/testdata/benchmarks/authorizationpolicy.yaml
resolution: STATIC endpoints: - address: 1.1.1.1 labels: istio.io/benchmark: "true" --- {{- range $i := until .Services }} apiVersion: security.istio.io/v1 kind: AuthorizationPolicy metadata: name: authn-{{$i}} spec: action: DENY rules: - from: - source: namespaces: ["default"] to: - operation: methods: ["POST"] ---
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Jul 29 02:10:48 UTC 2023 - 738 bytes - Viewed (0) -
pkg/test/datasets/validation/dataset/security-v1beta1-AuthorizationPolicy.yaml
apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: authorization-policy spec: selector: matchLabels: app: httpbin version: v1 rules: - from: - source: principals: ["cluster.local/ns/default/sa/sleep"] - source: namespaces: ["test"] to: - operation: methods: ["GET"] paths: ["/info*"] - operation: methods: ["POST"]
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Oct 17 07:02:38 UTC 2023 - 524 bytes - Viewed (0) -
pkg/test/datasets/validation/dataset/security-v1-AuthorizationPolicy.yaml
apiVersion: security.istio.io/v1 kind: AuthorizationPolicy metadata: name: authorization-policy spec: selector: matchLabels: app: httpbin version: v1 rules: - from: - source: principals: ["cluster.local/ns/default/sa/sleep"] - source: namespaces: ["test"] to: - operation: methods: ["GET"] paths: ["/info*"] - operation: methods: ["POST"]
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Oct 17 07:02:38 UTC 2023 - 519 bytes - Viewed (0) -
pilot/pkg/model/authorization.go
Spec: config.Spec.(*authpb.AuthorizationPolicy), } policy.NamespaceToPolicies[config.Namespace] = append(policy.NamespaceToPolicies[config.Namespace], authzConfig) } return policy } type AuthorizationPoliciesResult struct { Custom []AuthorizationPolicy Deny []AuthorizationPolicy Allow []AuthorizationPolicy Audit []AuthorizationPolicy }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 4.2K bytes - Viewed (0) -
pilot/pkg/model/authorization_test.go
auditPolicy.Action = authpb.AuthorizationPolicy_AUDIT customPolicy := proto.Clone(policy).(*authpb.AuthorizationPolicy) customPolicy.Action = authpb.AuthorizationPolicy_CUSTOM cases := []struct { name string selectionOpts WorkloadPolicyMatcher configs []config.Config wantDeny []AuthorizationPolicy wantAllow []AuthorizationPolicy wantAudit []AuthorizationPolicy
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 12.7K bytes - Viewed (0) -
pkg/config/analysis/analyzers/testdata/authorizationpolicies.yaml
values: ["https://accounts.google.com"] --- apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: meshwide-httpbin namespace: istio-system # valid: it applies to whole mesh spec: {} --- apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: meshwide-httpbin-v1 namespace: istio-system # invalid: no pods running anywhere in the mesh
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Mar 08 14:14:46 UTC 2023 - 7.8K bytes - Viewed (0) -
tests/integration/security/testdata/authz/conditions.yaml.tmpl
apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: {{ .To.ServiceName }}-request-headers spec: selector: matchLabels: app: "{{ .To.ServiceName }}" rules: - to: - operation: paths: [ "/request-headers" ] when: - key: request.headers[x-foo] values: [ "foo" ] - to: - operation: paths: [ "/request-headers-notValues" ] when:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 08 07:03:01 UTC 2023 - 4K bytes - Viewed (0) -
pkg/config/analysis/analyzers/authz/authorizationpolicies.go
Inputs: []config.GroupVersionKind{ gvk.MeshConfig, gvk.AuthorizationPolicy, gvk.Namespace, gvk.Pod, }, } } func (a *AuthorizationPoliciesAnalyzer) Analyze(c analysis.Context) { podLabelsMap := initPodLabelsMap(c) c.ForEach(gvk.AuthorizationPolicy, func(r *resource.Instance) bool { a.analyzeNoMatchingWorkloads(r, c, podLabelsMap)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Sep 11 20:57:29 UTC 2023 - 6K bytes - Viewed (0) -
tests/integration/pilot/testdata/authz-a.yaml
apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: allow-policy spec: action: ALLOW rules: - to: - operation: methods: ["*"] --- apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: deny-policy spec: action: DENY rules: - to: - operation: methods: ["*"] - to: - operation: methods: ["*"]
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 08 07:03:01 UTC 2023 - 402 bytes - Viewed (0) -
tests/integration/security/testdata/authz/path-precedence.yaml.tmpl
# The following policy denies access to path /allow/admin. apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: policy-{{ .To.ServiceName }}-deny spec: selector: matchLabels: "app": "{{ .To.ServiceName }}" action: DENY rules: - to: - operation: paths: ["/allow/admin"] --- # The following policy allows access to path with prefix /allow.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 08 07:03:01 UTC 2023 - 689 bytes - Viewed (0)