- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 25 for trustDomainAliases (0.35 sec)
-
pkg/config/mesh/mesh_test.go
- name: prometheus prometheus: {} trustDomainAliases: ["both", "default"] `, }, { name: "add trust domain aliases", in: ` trustDomainAliases: ["added", "both"]`, out: `defaultProviders: metrics: - stackdriver extensionProviders: - name: stackdriver stackdriver: maxNumberOfAttributes: 3 trustDomainAliases: - added - both - default `, }, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 20:06:41 UTC 2024 - 11.7K bytes - Viewed (0) -
pilot/pkg/security/model/authentication.go
func ConstructSdsSecretConfig(name string) *tls.SdsSecretConfig { return pm.ConstructSdsSecretConfig(name) } func AppendURIPrefixToTrustDomain(trustDomainAliases []string) []string { res := make([]string, 0, len(trustDomainAliases)) for _, td := range trustDomainAliases { res = append(res, spiffe.URIPrefix+td+"/") } return res } // ApplyToCommonTLSContext completes the commonTlsContext
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Mar 28 22:11:02 UTC 2024 - 9.9K bytes - Viewed (0) -
tests/fuzz/aggregate_controller_fuzzer.go
"istio.io/istio/pilot/pkg/serviceregistry/aggregate" ) var meshHolder fuzzMeshConfigHolder type fuzzMeshConfigHolder struct { trustDomainAliases []string } func (mh fuzzMeshConfigHolder) Mesh() *meshconfig.MeshConfig { return &meshconfig.MeshConfig{ TrustDomainAliases: mh.trustDomainAliases, } } // FuzzAggregateController implements a fuzzer // that targets the add and delete registry apis
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Aug 07 18:40:05 UTC 2023 - 2.7K bytes - Viewed (0) -
pilot/pkg/networking/plugin/authn/util_test.go
meshConfig *meshconfig.MeshConfig want []string }{ { name: "No duplicated trust domain in mesh config", meshConfig: &meshconfig.MeshConfig{ TrustDomain: "cluster.local", TrustDomainAliases: []string{"alias-1.domain", "some-other-alias-1.domain", "alias-2.domain"}, }, want: []string{"cluster.local", "alias-1.domain", "some-other-alias-1.domain", "alias-2.domain"}, }, {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 24 16:11:07 UTC 2023 - 2.8K bytes - Viewed (0) -
pilot/pkg/security/authn/utils/utils.go
"AES128-GCM-SHA256", } // BuildInboundTLS returns the TLS context corresponding to the mTLS mode. func BuildInboundTLS(mTLSMode model.MutualTLSMode, node *model.Proxy, protocol networking.ListenerProtocol, trustDomainAliases []string, minTLSVersion tls.TlsParameters_TlsProtocol, mc *meshconfig.MeshConfig, ) *tls.DownstreamTlsContext { if mTLSMode == model.MTLSDisable || mTLSMode == model.MTLSUnknown { return nil }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 23 00:16:21 UTC 2024 - 3.8K bytes - Viewed (0) -
releasenotes/notes/trust-domain-validation.yaml
kind: feature area: security issue: - 26224 releaseNotes: - | **Added** Trust Domain Validation by default rejecting requests in sidecars if the request is not from same trust domain
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Nov 09 16:52:01 UTC 2020 - 288 bytes - Viewed (0) -
operator/pkg/util/merge_iop.go
ConfigSources []*v1alpha13.ConfigSource `json:"configSources" patchStrategy:"merge" patchMergeKey:"address"` TrustDomainAliases []string `json:"trustDomainAliases" patchStrategy:"merge"` DefaultServiceExportTo []string `json:"defaultServiceExportTo" patchStrategy:"merge"`
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 02 18:21:41 UTC 2024 - 16.2K bytes - Viewed (0) -
pkg/config/mesh/mesh.go
found = true break } } if !found { defaultConfig.ExtensionProviders = append(defaultConfig.ExtensionProviders, p) } } defaultConfig.TrustDomainAliases = sets.SortedList(sets.New(append(defaultConfig.TrustDomainAliases, prevTrustDomainAliases...)...)) warn, err := agent.ValidateMeshConfig(defaultConfig) if err != nil { return nil, err } if warn != nil {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 20:06:41 UTC 2024 - 12K bytes - Viewed (0) -
pilot/pkg/security/trustdomain/bundle.go
// For example, if we have // trustDomain: td1, trustDomainAliases: ["td2", "td3"] // Any service with the identity `td1/ns/foo/sa/a-service-account`, `td2/ns/foo/sa/a-service-account`, // or `td3/ns/foo/sa/a-service-account` will be treated the same in the Istio mesh. TrustDomains []string } // NewBundle returns a new trust domain bundle. func NewBundle(trustDomain string, trustDomainAliases []string) Bundle { return Bundle{
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Oct 23 15:48:01 UTC 2023 - 7.5K bytes - Viewed (0) -
tests/integration/security/ca_custom_root/trust_domain_alias_secure_naming_test.go
// 5. DestinaitonRule with tls ISTIO_MUTUAL mode, because Istio auto mTLS will let client send plaintext to naked servers by default. // 6. MeshConfig.TrustDomainAliases contains one of the trust domain "server-naked-foo". // // Expectation: // When the "server-naked-foo" is in the list of MeshConfig.TrustDomainAliases, client requests to // "server-naked-foo" succeeds, and requests to "server-naked-bar" fails. func TestTrustDomainAliasSecureNaming(t *testing.T) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 3.7K bytes - Viewed (0)