- Sort Score
- Result 10 results
- Languages All
Results 1 - 6 of 6 for SecretAllowed (0.15 sec)
-
pilot/pkg/config/kube/gateway/model.go
Context GatewayContext } type Grants struct { AllowAll bool AllowedNames sets.String } type AllowedReferences map[Reference]map[Reference]*Grants func (refs AllowedReferences) SecretAllowed(resourceName string, namespace string) bool { p, err := creds.ParseResourceName(resourceName, "", "", "") if err != nil { log.Warnf("failed to parse resource name %q: %v", resourceName, err) return false }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Mar 28 17:09:09 UTC 2024 - 4K bytes - Viewed (0) -
pilot/pkg/config/kube/gateway/controller.go
} } func (c *Controller) HasSynced() bool { return c.cache.HasSynced() && c.namespaces.HasSynced() } func (c *Controller) SecretAllowed(resourceName string, namespace string) bool { c.stateMu.RLock() defer c.stateMu.RUnlock() return c.state.AllowedReferences.SecretAllowed(resourceName, namespace) } // namespaceEvent handles a namespace add/update. Gateway's can select routes by label, so we need to handle
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Mar 30 05:26:03 UTC 2024 - 13.5K bytes - Viewed (0) -
pilot/pkg/model/context.go
Reconcile(ctx *PushContext) error // SecretAllowed determines if a SDS credential is accessible to a given namespace. // For example, for resourceName of `kubernetes-gateway://ns-name/secret-name` and namespace of `ingress-ns`, // this would return true only if there was a policy allowing `ingress-ns` to access Secrets in the `ns-name` namespace. SecretAllowed(resourceName string, namespace string) bool }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Jun 03 08:29:05 UTC 2024 - 33.6K bytes - Viewed (0) -
pilot/pkg/config/kube/gateway/conversion_test.go
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 08 20:24:52 UTC 2024 - 34.9K bytes - Viewed (0) -
pilot/pkg/config/kube/gateway/conversion.go
if err != nil { return out, err } credNs := ptr.OrDefault((*string)(tls.CertificateRefs[0].Namespace), namespace) sameNamespace := credNs == namespace if !sameNamespace && !ctx.AllowedReferences.SecretAllowed(creds.ToResourceName(cred), namespace) { return out, &ConfigError{ Reason: InvalidListenerRefNotPermitted, Message: fmt.Sprintf(
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Jun 14 04:34:37 UTC 2024 - 84.7K bytes - Viewed (0) -
pilot/pkg/model/push_context.go
// Currently, only Secret has reference policy, and only implemented by Gateway API controller. switch kind { case gvk.Secret: if ps.GatewayAPIController != nil { return ps.GatewayAPIController.SecretAllowed(resourceName, namespace) } default: } return false } func (ps *PushContext) ServiceAccounts(hostname host.Name, namespace string) []string { return ps.serviceAccounts[serviceAccountKey{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 15 09:02:11 UTC 2024 - 91.8K bytes - Viewed (0)