Search Options

Results per page
Sort
Preferred Languages
Advance

Results 61 - 70 of 106 for AuthorizationPolicy (0.23 sec)

  2. github.com/istio/istio

    tests/integration/security/testdata/authz/ingress-gateway.yaml.tmpl 

    # and denies access to "remoteipattr.{{ .To.ServiceName }}.company.com" when the
# remote ip is 10.242.5.7 or in the network 10.124.99.0/24.

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: policy-{{ .To.ServiceName }}
  namespace: {{ .SystemNamespace.Name }}
spec:
  action: DENY
  selector:
    matchLabels:
      app: {{.GatewayIstioLabel | default "istio-ingressgateway"}}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon May 08 07:03:01 UTC 2023
    - 2.5K bytes
    - Viewed (0)
  3. github.com/istio/istio

    pkg/config/analysis/analyzers/testdata/k8sgateway-selector.yaml 

    spec:
  selector:
    matchLabels:
      gateway.networking.k8s.io/gateway-name: bookinfo-gateway
---
# only selector is set, should be ineffective
apiVersion: security.istio.io/v1
kind: AuthorizationPolicy
metadata:
  namespace: default
  name: ap-ineffective
spec:
  selector:
    matchLabels:
      gateway.networking.k8s.io/gateway-name: bookinfo-gateway
---
# only selector is set, should be ineffective
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri Dec 15 01:19:33 UTC 2023
    - 1.6K bytes
    - Viewed (0)
  4. github.com/istio/istio

    istioctl/pkg/authz/analyzer_test.go 

    				},
				ClientStatus: 453,
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			var buf bytes.Buffer
			a.Print(&buf)
			expectedOutput := "ACTION   AuthorizationPolicy   RULES\n"
			actualOutput := buf.String()
			if !reflect.DeepEqual(expectedOutput, actualOutput) {
				t.Errorf("Found %v, wanted %v", actualOutput, expectedOutput)
			}
		})
	}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Sun Apr 21 17:42:54 UTC 2024
    - 2.8K bytes
    - Viewed (0)
  5. github.com/istio/istio

    pilot/pkg/xds/workload_test.go 

    func createAuthorizationPolicy(s *xds.FakeDiscoveryServer, name string, ns string) {
	clienttest.NewWriter[*securityclient.AuthorizationPolicy](s.T(), s.KubeClient()).Create(&securityclient.AuthorizationPolicy{
		ObjectMeta: metav1.ObjectMeta{
			Name:      name,
			Namespace: ns,
		},
		Spec: v1beta1.AuthorizationPolicy{},
	})
}

func deletePeerAuthentication(s *xds.FakeDiscoveryServer, name string, ns string) {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Apr 18 19:09:43 UTC 2024
    - 15.9K bytes
    - Viewed (0)
  6. github.com/istio/istio

    pilot/pkg/serviceregistry/kube/controller/ambient/ambientindex.go 

    	authzPolicies := kclient.NewDelayedInformer[*securityclient.AuthorizationPolicy](options.Client,
		gvr.AuthorizationPolicy, kubetypes.StandardInformer, filter)
	AuthzPolicies := krt.WrapClient[*securityclient.AuthorizationPolicy](authzPolicies, krt.WithName("AuthorizationPolicies"))

	peerAuths := kclient.NewDelayedInformer[*securityclient.PeerAuthentication](options.Client,
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri Apr 19 17:19:41 UTC 2024
    - 15.8K bytes
    - Viewed (0)
  7. github.com/istio/istio

    pilot/test/mock/config.go 

    			LoadBalancer: &networking.LoadBalancerSettings{
				LbPolicy: new(networking.LoadBalancerSettings_Simple),
			},
		},
	}

	// ExampleAuthorizationPolicy is an example AuthorizationPolicy
	ExampleAuthorizationPolicy = &authz.AuthorizationPolicy{
		Selector: &api.WorkloadSelector{
			MatchLabels: map[string]string{
				"app":     "httpbin",
				"version": "v1",
			},
		},
	}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue May 23 17:08:31 UTC 2023
    - 13.2K bytes
    - Viewed (0)
  8. github.com/istio/istio

    pilot/pkg/xds/rds.go 

    }

var _ model.XdsResourceGenerator = &RdsGenerator{}

// Map of all configs that do not impact RDS
var skippedRdsConfigs = sets.New[kind.Kind](
	kind.WorkloadEntry,
	kind.WorkloadGroup,
	kind.AuthorizationPolicy,
	kind.RequestAuthentication,
	kind.PeerAuthentication,
	kind.Secret,
	kind.WasmPlugin,
	kind.Telemetry,
	kind.ProxyConfig,
	kind.DNSName,
)

func rdsNeedsPush(req *model.PushRequest) bool {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Feb 27 07:19:38 UTC 2024
    - 1.9K bytes
    - Viewed (0)
  9. github.com/istio/istio

    pilot/pkg/security/authz/builder/testdata/http/allow-full-rule-in.yaml 

    apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: httpbin-1
  namespace: foo
spec:
  selector:
    matchLabels:
      app: httpbin
      version: v1
  rules:
    - from:
        - source:
            principals: ["principal", "principal-prefix-*", "*-suffix-principal", "*"]
            requestPrincipals: ["requestPrincipals", "requestPrincipals-prefix-*", "*-suffix-requestPrincipals", "*"]
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Sat Apr 20 01:58:53 UTC 2024
    - 4.1K bytes
    - Viewed (0)
  10. github.com/istio/istio

    pilot/pkg/serviceregistry/kube/controller/ambient/testdata/allow-full-in.yaml 

    apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: allow
spec:
  action: ALLOW
  rules:
  - from:
    - source:
        principals: [ "principal", "principal-prefix-*", "*-suffix-principal", "*" ]
        notPrincipals: [ "not-principal", "not-principal-prefix-*", "*-suffix-not-principal", "*" ]
  - from:
    - source:
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Feb 29 18:40:34 UTC 2024
    - 4K bytes
    - Viewed (0)
  11. github.com/istio/istio

    tests/integration/security/testdata/authz/jwt.yaml.tmpl 

    # - Allow request with valid JWT token of audiences foo to access path with suffix "/audiences"

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: {{ .To.ServiceName }}
spec:
  selector:
    matchLabels:
      "app": "{{ .To.ServiceName }}"
  rules:
  - to:
    - operation:
        paths: ["/token1"]
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed May 08 23:36:51 UTC 2024
    - 3K bytes
    - Viewed (0)
Back to top