- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 15 for RequestPrincipals (0.26 sec)
-
pilot/pkg/security/authz/builder/testdata/http/allow-full-rule-in.yaml
- key: "request.auth.principal" values: ["requestPrincipals", "requestPrincipals-prefix-*", "*-suffix-requestPrincipals", "*", "https://example.com/*"] notValues: ["not-requestPrincipals", "not-requestPrincipals-prefix-*", "*-not-suffix-requestPrincipals", "*"] - key: "request.auth.audiences" values: ["audiences", "audiences-prefix-*", "*-suffix-audiences", "*"]
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Apr 20 01:58:53 UTC 2024 - 4.1K bytes - Viewed (0) -
pilot/pkg/security/authz/builder/testdata/http/allow-full-rule-out.yaml
stringMatch: exact: requestPrincipals - metadata: filter: istio_authn path: - key: request.auth.principal value: stringMatch: prefix: requestPrincipals-prefix- - metadata: filter: istio_authn
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Apr 20 01:58:53 UTC 2024 - 32.6K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/testdata/allow-full-in.yaml
- from: - source: requestPrincipals: [ "requestPrincipals", "requestPrincipals-prefix-*", "*-suffix-requestPrincipals", "*" ] notRequestPrincipals: [ "not-requestPrincipals", "not-requestPrincipals-prefix-*", "*-suffix-not-requestPrincipals", "*" ] - from: - source: namespaces: [ "ns", "ns-prefix-*", "*-ns-suffix", "*" ]
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Feb 29 18:40:34 UTC 2024 - 4K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/testdata/deny-groups-in.yaml
kind: AuthorizationPolicy metadata: name: groups-deny spec: action: DENY rules: # Has mix of L4 and L7 in from - from: - source: principals: ["from-mix-principal"] requestPrincipals: ["from-mix-requestPrincipals"] namespaces: ["from-mix-ns"] to: - operation: ports: ["80"] # Has mix of L4 and L7 in to - from: - source: principals: ["to-mix-principal"]
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Feb 29 18:40:34 UTC 2024 - 1.4K bytes - Viewed (0) -
pilot/pkg/security/authz/builder/testdata/http/extended-allow-full-rule-out.yaml
path: - key: payload - key: iss value: stringMatch: exact: requestPrincipals - metadata: filter: envoy.filters.http.jwt_authn path: - key: payload - key: sub
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 03 18:02:42 UTC 2024 - 39K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/testdata/allow-groups-in.yaml
kind: AuthorizationPolicy metadata: name: groups spec: rules: # Has mix of L4 and L7 in from - from: - source: principals: ["from-mix-principal"] requestPrincipals: ["from-mix-requestPrincipals"] namespaces: ["from-mix-ns"] to: - operation: ports: ["80"] # Has mix of L4 and L7 in to - from: - source: principals: ["to-mix-principal"]
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Feb 29 18:40:34 UTC 2024 - 1.3K bytes - Viewed (0) -
tests/integration/ambient/testdata/requestauthn/waypoint-jwt.yaml.tmpl
spec: targetRefs: - kind: Gateway group: gateway.networking.k8s.io name: waypoint rules: - from: - source: requestPrincipals: ["******@****.***/sub-1"] - source: requestPrincipals: ["******@****.***/sub-1"] - to: - operation:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 15 16:23:36 UTC 2024 - 1.3K bytes - Viewed (0) -
tests/integration/security/testdata/authz/jwt.yaml.tmpl
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 08 23:36:51 UTC 2024 - 3K bytes - Viewed (0) -
pilot/pkg/security/authz/model/model.go
if useExtendedJwt { merged.insertFrontExtended(requestPrincipalGenerator{}, attrRequestPrincipal, s.RequestPrincipals, s.NotRequestPrincipals) } else { merged.insertFront(requestPrincipalGenerator{}, attrRequestPrincipal, s.RequestPrincipals, s.NotRequestPrincipals) } merged.insertFront(srcPrincipalGenerator{}, attrSrcPrincipal, s.Principals, s.NotPrincipals) }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Mar 25 10:39:25 UTC 2024 - 13.8K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/authorization.go
} fromMatches := []*security.Match{} for _, from := range rule.From { op := from.Source if action == security.Action_ALLOW && anyNonEmpty(op.RemoteIpBlocks, op.NotRemoteIpBlocks, op.RequestPrincipals, op.NotRequestPrincipals) { // L7 policies never match for ALLOW // For DENY they will always match, so it is more restrictive return nil } match := &security.Match{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 15 16:23:36 UTC 2024 - 18.4K bytes - Viewed (0)