- Sort Score
- Result 10 results
- Languages All
Results 11 - 20 of 58 for Authz (0.04 sec)
-
samples/extauthz/cmd/extauthz/main.go
"google.golang.org/grpc" "google.golang.org/grpc/codes" ) const ( checkHeader = "x-ext-authz" allowedValue = "allow" resultHeader = "x-ext-authz-check-result" receivedHeader = "x-ext-authz-check-received" overrideHeader = "x-ext-authz-additional-header-override" overrideGRPCValue = "grpc-additional-header-override-value" resultAllowed = "allowed"
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Feb 15 18:23:48 UTC 2024 - 10.4K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_waypoint.go
authnBuilder := lb.authnBuilder if svc != nil { authnBuilder = authn.NewBuilderForService(lb.push, lb.node, svc) authzBuilder = authz.NewBuilderForService(authz.Local, lb.push, lb.node, true, svc) authzCustomBuilder = authz.NewBuilderForService(authz.Custom, lb.push, lb.node, true, svc) } // TODO: consider dedicated listener class for waypoint filters cls := istionetworking.ListenerClassSidecarInbound
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Jun 14 04:34:37 UTC 2024 - 27.6K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/server/genericapiserver_test.go
} } } // TestNotRestRoutesHaveAuth checks that special non-routes are behind authz/authn. func TestNotRestRoutesHaveAuth(t *testing.T) { config, _ := setUp(t) authz := mockAuthorizer{} config.LegacyAPIGroupPrefixes = sets.NewString("/apiPrefix") config.Authorization.Authorizer = &authz config.EnableIndex = true config.EnableProfiling = true kubeVersion := fakeVersion()
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Apr 29 18:59:21 UTC 2024 - 23.2K bytes - Viewed (0) -
pilot/pkg/security/authz/builder/extauthz.go
meshconfig "istio.io/api/mesh/v1alpha1" "istio.io/istio/pilot/pkg/model" authzmodel "istio.io/istio/pilot/pkg/security/authz/model" "istio.io/istio/pkg/config/validation/agent" "istio.io/istio/pkg/maps" "istio.io/istio/pkg/wellknown" ) const ( extAuthzMatchPrefix = "istio-ext-authz" badCustomActionSuffix = `-deny-due-to-bad-CUSTOM-action` ) var supportedStatus = func() []int { var supported []int
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 20:06:41 UTC 2024 - 12.7K bytes - Viewed (0) -
tests/integration/security/jwt_test.go
opts.Check = check.Status(http.StatusForbidden) }, }, })) t.NewSubTest("no-authn-authz").Run(newTest("", []testCase{ { name: "no-authn-authz", customizeCall: func(t framework.TestContext, from echo.Instance, opts *echo.CallOptions) { opts.HTTP.Path = "/no-authn-authz" opts.Check = check.And( check.OK(), check.ReachedTargetClusters(t)) }, },
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 25.3K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/cel/environment/environment_test.go
"[1, 2, 3].indexOf(2) == 1", // lists "'abc'.contains('bc')", //strings "isURL('http://example.com')", // urls "'a 1 b 2'.find('[0-9]') == '1'", // regex }, }, { name: "authz disabled", typeVersionCombinations: []envTypeAndVersion{ {version.MajorMinor(1, 26), NewExpressions}, // always enabled for StoredExpressions },
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri May 10 22:07:40 UTC 2024 - 10K bytes - Viewed (0) -
cmd/globals.go
func setGlobalAuthNPlugin(authn *idplugin.AuthNPlugin) { globalAuthPluginMutex.Lock() globalAuthNPlugin = authn globalAuthPluginMutex.Unlock() } func setGlobalAuthZPlugin(authz *polplugin.AuthZPlugin) { globalAuthPluginMutex.Lock() globalAuthZPlugin = authz globalAuthPluginMutex.Unlock() }
Registered: Sun Jun 16 00:44:34 UTC 2024 - Last Modified: Thu May 30 11:58:12 UTC 2024 - 16.4K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook_v1_test.go
server: https://authz.example.com name: foobar users: - name: a cluster user: client-certificate: {{ .Cert }} client-key: {{ .Key }} `, wantErr: true, }, { msg: "multiple clusters with no context", configTmpl: ` clusters: - cluster: certificate-authority: {{ .CA }} server: https://authz.example.com name: foobar - cluster:
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 43.2K bytes - Viewed (0) -
tests/integration/pilot/istioctl_test.go
istioLabel = labelOverride } t.ConfigIstio().File(apps.Namespace.Name(), "testdata/authz-a.yaml").ApplyOrFail(t) t.ConfigIstio().EvalFile(i.Settings().SystemNamespace, map[string]any{ "GatewayIstioLabel": istioLabel, }, "testdata/authz-b.yaml").ApplyOrFail(t) gwPod, err := i.IngressFor(t.Clusters().Default()).PodID(0) if err != nil {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 15K bytes - Viewed (0) -
pkg/kubeapiserver/options/authorization.go
return append(allErrors, fmt.Errorf("--%s can not be specified when --%s or --authorization-webhook-* flags are defined", authorizationConfigFlag, authorizationModeFlag)) } // load/validate kube-apiserver authz config with no opinion about required modes _, err := authorizer.LoadAndValidateFile(o.AuthorizationConfigurationFile, nil) if err != nil { return append(allErrors, err) } return allErrors }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Feb 14 23:09:15 UTC 2024 - 12K bytes - Viewed (0)