- Sort Score
- Result 10 results
- Languages All
Results 31 - 40 of 175 for Authz (0.04 sec)
-
pilot/pkg/security/authz/builder/testdata/http/custom-bad-out.yaml
name: envoy.filters.http.rbac typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC rules: action: DENY policies: istio-ext-authz-ns[foo]-policy[httpbin-1]-rule[0]-deny-due-to-bad-CUSTOM-action: permissions: - andRules: rules: - orRules: rules: - urlPath: path: exact: /httpbin1
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Sep 15 04:13:49 UTC 2023 - 885 bytes - Viewed (0) -
pilot/pkg/networking/core/listener_builder.go
authnBuilder *authn.Builder // authzBuilder provides access to authz configuration for the given proxy. authzBuilder *authz.Builder // authzCustomBuilder provides access to CUSTOM authz configuration for the given proxy. authzCustomBuilder *authz.Builder } // enabledInspector captures if for a given listener, listener filter inspectors are added type enabledInspector struct {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 06 04:44:06 UTC 2024 - 17.9K bytes - Viewed (0) -
pilot/pkg/networking/plugin/authz/authorization.go
// limitations under the License. package authz import ( listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/networking" "istio.io/istio/pilot/pkg/security/authz/builder" "istio.io/istio/pilot/pkg/security/trustdomain" )
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 2.7K bytes - Viewed (0) -
tests/integration/security/pass_through_filter_chain_test.go
}, }, { // There is only authZ policy that allows access to TCPWorkloadOnly should be allowed. name: "DISABLE with authz", config: `apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: mtls spec: mtls: mode: DISABLE --- apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: authz spec: rules: - to: - operation:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 11.9K bytes - Viewed (0) -
docs/iam/opa.md
``` ### 2. Create a sample OPA Policy In another terminal, create a policy that allows root user all access and for all other users denies `PutObject`: ```sh cat > example.rego <<EOF package httpapi.authz import input default allow = false # Allow the root user to perform any action. allow { input.owner == true } # All other users may do anything other than call PutObject allow {
Registered: Sun Jun 16 00:44:34 UTC 2024 - Last Modified: Sun Jul 17 15:43:14 UTC 2022 - 2.3K bytes - Viewed (0) -
pilot/pkg/networking/core/networkfilter.go
authzBuilder := lb.authzBuilder if policySvc != nil { useFilterState := lb.node.Type == model.Waypoint authzBuilder = authz.NewBuilderForService(authz.Local, lb.push, lb.node, useFilterState, policySvc) authzCustomBuilder = authz.NewBuilderForService(authz.Custom, lb.push, lb.node, useFilterState, policySvc) } var filters []*listener.Filter
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 13.7K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/admission/initializer/initializer.go
extInformers informers.SharedInformerFactory, authz authorizer.Authorizer, featureGates featuregate.FeatureGate, stopCh <-chan struct{}, restMapper meta.RESTMapper, ) pluginInitializer { return pluginInitializer{ externalClient: extClientset, dynamicClient: dynamicClient, externalInformers: extInformers, authorizer: authz, featureGates: featureGates, stopCh: stopCh,
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Mar 06 00:00:21 UTC 2024 - 3K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/validating/admission_test.go
versionedParams runtime.Object, namespace *v1.Namespace, runtimeCELCostBudget int64, authz authorizer.Authorizer, ) validating.ValidateResult { return f( ctx, matchResource, versionedAttr, versionedParams, namespace, runtimeCELCostBudget, authz, ) } var _ generic.PolicyMatcher = &fakeMatcher{} func (f *fakeMatcher) ValidateInitialization() error {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Mar 25 01:39:01 UTC 2024 - 63.8K bytes - Viewed (0) -
plugin/pkg/auth/authorizer/node/node_authorizer_test.go
expect: authorizer.DecisionAllow, }, } for _, tc := range tests { t.Run(tc.name, func(t *testing.T) { if tc.features == nil { authz.features = utilfeature.DefaultFeatureGate } else { authz.features = tc.features } decision, _, _ := authz.Authorize(context.Background(), tc.attrs) if decision != tc.expect { t.Errorf("expected %v, got %v", tc.expect, decision) } }) } }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Mar 07 21:22:55 UTC 2024 - 40.5K bytes - Viewed (0) -
istioctl/cmd/root.go
experimentalCmd.AddCommand(injector.Cmd(ctx)) rootCmd.AddCommand(mesh.NewVerifyCommand(ctx)) rootCmd.AddCommand(mesh.UninstallCmd(ctx)) experimentalCmd.AddCommand(authz.AuthZ(ctx)) rootCmd.AddCommand(seeExperimentalCmd("authz")) experimentalCmd.AddCommand(metrics.Cmd(ctx)) experimentalCmd.AddCommand(describe.Cmd(ctx)) experimentalCmd.AddCommand(wait.Cmd(ctx)) experimentalCmd.AddCommand(config.Cmd())
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 06 15:59:33 UTC 2024 - 10K bytes - Viewed (0)