- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 17 for trustDomainAliases (0.85 sec)
-
pkg/config/mesh/mesh_test.go
- name: prometheus prometheus: {} trustDomainAliases: ["both", "default"] `, }, { name: "add trust domain aliases", in: ` trustDomainAliases: ["added", "both"]`, out: `defaultProviders: metrics: - stackdriver extensionProviders: - name: stackdriver stackdriver: maxNumberOfAttributes: 3 trustDomainAliases: - added - both - default `, }, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 20:06:41 UTC 2024 - 11.7K bytes - Viewed (0) -
pilot/pkg/security/model/authentication.go
func ConstructSdsSecretConfig(name string) *tls.SdsSecretConfig { return pm.ConstructSdsSecretConfig(name) } func AppendURIPrefixToTrustDomain(trustDomainAliases []string) []string { res := make([]string, 0, len(trustDomainAliases)) for _, td := range trustDomainAliases { res = append(res, spiffe.URIPrefix+td+"/") } return res } // ApplyToCommonTLSContext completes the commonTlsContext
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Mar 28 22:11:02 UTC 2024 - 9.9K bytes - Viewed (0) -
pilot/pkg/security/authn/utils/utils.go
"AES128-GCM-SHA256", } // BuildInboundTLS returns the TLS context corresponding to the mTLS mode. func BuildInboundTLS(mTLSMode model.MutualTLSMode, node *model.Proxy, protocol networking.ListenerProtocol, trustDomainAliases []string, minTLSVersion tls.TlsParameters_TlsProtocol, mc *meshconfig.MeshConfig, ) *tls.DownstreamTlsContext { if mTLSMode == model.MTLSDisable || mTLSMode == model.MTLSUnknown { return nil }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 23 00:16:21 UTC 2024 - 3.8K bytes - Viewed (0) -
operator/pkg/util/merge_iop.go
ConfigSources []*v1alpha13.ConfigSource `json:"configSources" patchStrategy:"merge" patchMergeKey:"address"` TrustDomainAliases []string `json:"trustDomainAliases" patchStrategy:"merge"` DefaultServiceExportTo []string `json:"defaultServiceExportTo" patchStrategy:"merge"`
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 02 18:21:41 UTC 2024 - 16.2K bytes - Viewed (0) -
pkg/config/mesh/mesh.go
found = true break } } if !found { defaultConfig.ExtensionProviders = append(defaultConfig.ExtensionProviders, p) } } defaultConfig.TrustDomainAliases = sets.SortedList(sets.New(append(defaultConfig.TrustDomainAliases, prevTrustDomainAliases...)...)) warn, err := agent.ValidateMeshConfig(defaultConfig) if err != nil { return nil, err } if warn != nil {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 20:06:41 UTC 2024 - 12K bytes - Viewed (0) -
tests/integration/security/ca_custom_root/trust_domain_alias_secure_naming_test.go
// 5. DestinaitonRule with tls ISTIO_MUTUAL mode, because Istio auto mTLS will let client send plaintext to naked servers by default. // 6. MeshConfig.TrustDomainAliases contains one of the trust domain "server-naked-foo". // // Expectation: // When the "server-naked-foo" is in the list of MeshConfig.TrustDomainAliases, client requests to // "server-naked-foo" succeeds, and requests to "server-naked-bar" fails. func TestTrustDomainAliasSecureNaming(t *testing.T) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 3.7K bytes - Viewed (0) -
pkg/spiffe/spiffe.go
// // {"spiffe://td1/ns/def/sa/a", "spiffe://td2/ns/def/sa/a", "spiffe://td1/ns/def/sa/b", "spiffe://td2/ns/def/sa/b"}. func ExpandWithTrustDomains(spiffeIdentities sets.String, trustDomainAliases []string) sets.String { if len(trustDomainAliases) == 0 { return spiffeIdentities } out := sets.New[string]() for id := range spiffeIdentities { out.Insert(id)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 23 21:07:03 UTC 2024 - 11.1K bytes - Viewed (0) -
pilot/pkg/security/model/authentication_test.go
} }) } } func TestApplyToCommonTLSContext(t *testing.T) { testCases := []struct { name string node *model.Proxy trustDomainAliases []string crl string validateClient bool expected *auth.CommonTlsContext }{ { name: "MTLSStrict using SDS", node: &model.Proxy{ Metadata: &model.NodeMetadata{},
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Feb 20 22:39:21 UTC 2024 - 18.9K bytes - Viewed (0) -
pilot/pkg/networking/plugin/authz/authorization.go
} func NewBuilderForService(actionType ActionType, push *model.PushContext, proxy *model.Proxy, useFilterState bool, svc *model.Service) *Builder { tdBundle := trustdomain.NewBundle(push.Mesh.TrustDomain, push.Mesh.TrustDomainAliases) option := builder.Option{ IsCustomBuilder: actionType == Custom, UseFilterState: useFilterState, UseExtendedJwt: proxy.SupportsEnvoyExtendedJwt(), }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 2.7K bytes - Viewed (0) -
pilot/pkg/security/authn/factory.go
type PolicyApplier interface { // InboundMTLSSettings returns inbound mTLS settings for a given workload port InboundMTLSSettings(endpointPort uint32, node *model.Proxy, trustDomainAliases []string, modeOverride model.MutualTLSMode) MTLSSettings // JwtFilter returns the JWT HTTP filter to enforce the underlying authentication policy. // It may return nil, if no JWT validation is needed.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 3K bytes - Viewed (0)