- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 13 for MTLSDisable (0.54 sec)
-
pilot/pkg/networking/plugin/authn/authentication.go
if b == nil { return authn.MTLSSettings{ Port: port, Mode: model.MTLSDisable, } } return b.applier.InboundMTLSSettings(port, b.proxy, b.trustDomains, authn.NoOverride) } func (b *Builder) ForHBONE() authn.MTLSSettings { if b == nil { return authn.MTLSSettings{ Port: model.HBoneInboundListenPort, Mode: model.MTLSDisable, } } // HBONE is always strict
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 4.4K bytes - Viewed (0) -
pilot/pkg/model/authentication.go
type MutualTLSMode int const ( // MTLSUnknown is used to indicate the variable hasn't been initialized correctly (with the authentication policy). MTLSUnknown MutualTLSMode = iota // MTLSDisable if authentication policy disable mTLS. MTLSDisable // MTLSPermissive if authentication policy enable mTLS in permissive mode. MTLSPermissive // MTLSStrict if authentication policy enable mTLS in strict mode. MTLSStrict )
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 10.1K bytes - Viewed (0) -
tests/integration/security/reachability_test.go
config.File("testdata/reachability/global-peer-authn.yaml.tmpl"), config.File("testdata/reachability/global-dr.yaml.tmpl"), }.WithParams(param.Params{ mtlsModeParam: model.MTLSDisable.String(), tlsModeParam: "DISABLE", param.Namespace.String(): systemNS, }), fromMatch: notMigration, toMatch: notMigration, expectMTLS: never,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 20.6K bytes - Viewed (0) -
pilot/pkg/networking/grpcgen/lds.go
// No need to warn on each push - the behavior is still consistent with auto-mtls, which is the // replacement for permissive. mode = model.MTLSDisable } var out []*listener.FilterChain switch mode { case model.MTLSDisable: out = append(out, buildInboundFilterChain(node, push, "plaintext", nil)) case model.MTLSStrict: out = append(out, buildInboundFilterChain(node, push, "mtls", tlsContext))
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 14.6K bytes - Viewed (0) -
pilot/pkg/security/authn/utils/utils.go
protocol networking.ListenerProtocol, trustDomainAliases []string, minTLSVersion tls.TlsParameters_TlsProtocol, mc *meshconfig.MeshConfig, ) *tls.DownstreamTlsContext { if mTLSMode == model.MTLSDisable || mTLSMode == model.MTLSUnknown { return nil } ctx := &tls.DownstreamTlsContext{ CommonTlsContext: &tls.CommonTlsContext{}, RequireClientCertificate: protovalue.BoolTrue, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 23 00:16:21 UTC 2024 - 3.8K bytes - Viewed (0) -
pilot/pkg/xds/endpoints/mtls_checker.go
if ep.TLSMode != model.IstioMutualTLSModeLabel { return false } return authn. NewMtlsPolicy(c.push, ep.Namespace, ep.Labels, isWaypoint). GetMutualTLSModeForPort(ep.EndpointPort) != model.MTLSDisable } func tlsModeForDestinationRule(drc *config.Config, subset string, port int) *networkingapi.ClientTLSSettings_TLSmode { if drc == nil { return nil } dr, ok := drc.Spec.(*networkingapi.DestinationRule)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Dec 01 07:32:22 UTC 2023 - 3.3K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_inbound.go
cc.hbone = true lp := istionetworking.ModelProtocolToListenerProtocol(cc.port.Protocol) // Internal chain has no mTLS mtls := authn.MTLSSettings{Port: cc.port.TargetPort, Mode: model.MTLSDisable} opts := getFilterChainMatchOptions(mtls, lp) chains := lb.inboundChainForOpts(cc, mtls, opts) for _, c := range chains { fcm := c.GetFilterChainMatch() if fcm != nil {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 35.1K bytes - Viewed (0) -
pilot/pkg/networking/core/cluster_tls.go
} return cb.buildIstioMutualTLS(subjectAltNamesToUse, sniToUse), userSupplied } if meshExternal || !autoMTLSEnabled || serviceMTLSMode == model.MTLSUnknown || serviceMTLSMode == model.MTLSDisable { return nil, userSupplied } // For backward compatibility, use metadata certs if provided. if cb.hasMetadataCerts() { return cb.buildMutualTLS(serviceAccounts, sni), autoDetected }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 18 19:09:43 UTC 2024 - 19.2K bytes - Viewed (0) -
pilot/pkg/networking/core/cluster_tls_test.go
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 06 03:53:05 UTC 2024 - 60.9K bytes - Viewed (0) -
pilot/pkg/security/authn/policy_applier_test.go
Mtls: &v1beta1.PeerAuthentication_MutualTLS{ Mode: v1beta1.PeerAuthentication_MutualTLS_DISABLE, }, }, }, }, expected: MTLSSettings{Port: 8080, Mode: model.MTLSDisable}, }, { name: "Single policy - permissive mode", peerPolicies: []*config.Config{ { Spec: &v1beta1.PeerAuthentication{ Mtls: &v1beta1.PeerAuthentication_MutualTLS{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Dec 01 07:32:22 UTC 2023 - 60.2K bytes - Viewed (0)