- Sort Score
- Result 10 results
- Languages All
Results 21 - 30 of 58 for Authz (0.05 sec)
-
cluster/gce/gci/configure-kubeapiserver.sh
# Create the ABAC file if it doesn't exist yet, or if we have a KUBE_USER set (to ensure the right user is given permissions) if [[ -n "${KUBE_USER:-}" || ! -e /etc/srv/kubernetes/abac-authz-policy.jsonl ]]; then local -r abac_policy_json="${src_dir}/abac-authz-policy.jsonl" if [[ -n "${KUBE_USER:-}" ]]; then sed -i -e "s/{{kube_user}}/${KUBE_USER}/g" "${abac_policy_json}" else
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Jun 07 11:08:30 UTC 2024 - 25.8K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_inbound.go
TrafficDirection: core.TrafficDirection_INBOUND, ContinueOnListenerFiltersTimeout: true, } // Flush authz cache since we need filter state for the principal. oldBuilder := lb.authzBuilder lb.authzBuilder = authz.NewBuilder(authz.Local, lb.push, lb.node, true) inboundChainConfigs := lb.buildInboundChainConfigs() for _, cc := range inboundChainConfigs { cc.hbone = true
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 35.1K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_builder_test.go
t.Run(tt.name, func(t *testing.T) { push.Networks = tt.networks lb := &ListenerBuilder{ push: push, node: sidecarProxy, authzCustomBuilder: &authz.Builder{}, authzBuilder: &authz.Builder{}, } httpConnManager := lb.buildHTTPConnectionManager(&httpListenerOpts{}) if !reflect.DeepEqual(tt.expectedconfig, httpConnManager.InternalAddressConfig) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 24.7K bytes - Viewed (0) -
cmd/kube-scheduler/app/server.go
func buildHandlerChain(handler http.Handler, authn authenticator.Request, authz authorizer.Authorizer) http.Handler { requestInfoResolver := &apirequest.RequestInfoFactory{} failedHandler := genericapifilters.Unauthorized(scheme.Codecs) handler = genericapifilters.WithAuthorization(handler, authz, scheme.Codecs) handler = genericapifilters.WithAuthentication(handler, authn, failedHandler, nil, nil)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon May 27 19:11:24 UTC 2024 - 14.3K bytes - Viewed (0) -
pilot/pkg/networking/grpcgen/lds.go
"istio.io/api/label" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/networking/util" "istio.io/istio/pilot/pkg/security/authn" authzmodel "istio.io/istio/pilot/pkg/security/authz/model" "istio.io/istio/pilot/pkg/util/protoconv" xdsfilters "istio.io/istio/pilot/pkg/xds/filters" "istio.io/istio/pkg/istio-agent/grpcxds" "istio.io/istio/pkg/util/sets" )
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 14.6K bytes - Viewed (0) -
pilot/pkg/xds/sds.go
} else { authzError = err } authzResult = &res return res } // There are 4 cases of secret reference // Verified cross namespace (by ReferencePolicy). No Authz needed. // Verified same namespace (implicit). No Authz needed. // Unverified cross namespace. Never allowed. // Unverified same namespace. Allowed if authorized. allowedResources := make([]SecretResource, 0, len(resources))
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 15 23:04:36 UTC 2024 - 15.8K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/server/config.go
// authz is nil, this function won't add a token authenticator or authorizer. func AuthorizeClientBearerToken(loopback *restclient.Config, authn *AuthenticationInfo, authz *AuthorizationInfo) { if loopback == nil || len(loopback.BearerToken) == 0 { return } if authn == nil || authz == nil { // prevent nil pointer panic return }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 28 08:48:22 UTC 2024 - 47.7K bytes - Viewed (0) -
pkg/test/framework/components/echo/common/deployment/echos.go
// will be generated unless NoExternalNamespace is specified. ExternalNamespace namespace.Getter // IncludeExtAuthz if enabled, an additional ext-authz container will be included in the deployment. // This is mainly used to test the CUSTOM authorization policy when the ext-authz server is deployed // locally with the application container in the same pod. IncludeExtAuthz bool
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 20 16:01:31 UTC 2024 - 16K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go
// // # clusters refers to the remote service. // clusters: // - name: name-of-remote-authz-service // cluster: // certificate-authority: /path/to/ca.pem # CA for verifying the remote service. // server: https://authz.example.com/authorize # URL of remote service to query. Must use 'https'. // // # users refers to the API server's webhook configuration. // users:
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Mar 04 19:01:15 UTC 2024 - 18.4K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/admission/plugin/cel/filter_test.go
&condition{ Expression: "authorizer.group('').resource('endpoints').check('create').errored()", }, &condition{ Expression: "authorizer.group('').resource('endpoints').check('create').error() == 'fake authz error'", }, &condition{ Expression: "authorizer.group('').resource('endpoints').check('create').allowed()", }, }, attributes: newValidAttribute(&podObject, false),
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri May 10 22:07:40 UTC 2024 - 40.4K bytes - Viewed (0)