Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 6 of 6 for AuthorizationPolicy (0.17 sec)

  2. github.com/istio/istio

    istioctl/pkg/authz/authz.go 

    	cmd := &cobra.Command{
		Use:   "check [<type>/]<name>[.<namespace>]",
		Short: "Check AuthorizationPolicy applied in the pod.",
		Long: `Check prints the AuthorizationPolicy applied to a pod by directly checking
the Envoy configuration of the pod. The command is especially useful for inspecting
the policy propagation from Istiod to Envoy and the final AuthorizationPolicy list merged
from multiple sources (mesh-level, namespace-level and workload-level).
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Sat Apr 13 05:23:38 UTC 2024
    - 5K bytes
    - Viewed (0)
  3. github.com/istio/istio

    istioctl/pkg/authz/authz_test.go 

    			WantException:  true,
		},
		{
			Args: []string{"-f", "testdata/configdump.yaml"},
			ExpectedOutput: `ACTION   AuthorizationPolicy         RULES
ALLOW    _anonymous_match_nothing_   1
ALLOW    httpbin.default             1
`,
		},
	}

	authzCmd := checkCmd(cli.NewFakeContext(&cli.NewFakeContextOption{}))
	for i, c := range cases {
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Wed Jun 21 14:20:23 UTC 2023
    - 1.4K bytes
    - Viewed (0)
  4. github.com/istio/istio

    istioctl/pkg/authz/analyzer_test.go 

    				},
				ClientStatus: 453,
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			var buf bytes.Buffer
			a.Print(&buf)
			expectedOutput := "ACTION   AuthorizationPolicy   RULES\n"
			actualOutput := buf.String()
			if !reflect.DeepEqual(expectedOutput, actualOutput) {
				t.Errorf("Found %v, wanted %v", actualOutput, expectedOutput)
			}
		})
	}
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Sun Apr 21 17:42:54 UTC 2024
    - 2.8K bytes
    - Viewed (0)
  5. github.com/istio/istio

    istioctl/pkg/authz/listener.go 

    	if len(parts) != 4 {
		log.Errorf("failed to parse policy name: %s", name)
		return "", ""
	}
	return fmt.Sprintf("%s.%s", parts[2], parts[1]), parts[3]
}

// Print prints the AuthorizationPolicy in the listener.
func Print(writer io.Writer, listeners []*listener.Listener) {
	parsedListeners := parse(listeners)
	if parsedListeners == nil {
		return
	}
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Mon Sep 11 15:29:30 UTC 2023
    - 6K bytes
    - Viewed (0)
  6. github.com/istio/istio

    architecture/ambient/ztunnel.md 

    Most notably, this is only L4 resources.

Most of the API is fairly straight forward.
However, one interesting aspect is how these policies associate with workloads.
Istio's AuthorizationPolicy has label selectors.
However, we intentionally do not send those as part of the Workload API, in order to keep the size low.

The obvious solution to this is to put the list of selected workloads into the policy itself.
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Wed Jul 17 23:10:17 UTC 2024
    - 16.8K bytes
    - Viewed (0)
  7. github.com/istio/istio

    manifests/charts/base/files/crd-all.gen.yaml 

    spec:
  group: security.istio.io
  names:
    categories:
    - istio-io
    - security-istio-io
    kind: AuthorizationPolicy
    listKind: AuthorizationPolicyList
    plural: authorizationpolicies
    shortNames:
    - ap
    singular: authorizationpolicy
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - description: The operation to take.
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Fri Nov 01 16:23:52 UTC 2024
    - 805K bytes
    - Viewed (0)
Back to top