- Sort Score
- Result 10 results
- Languages All
Results 61 - 70 of 106 for AuthorizationPolicy (0.23 sec)
-
tests/integration/security/testdata/authz/ingress-gateway.yaml.tmpl
# and denies access to "remoteipattr.{{ .To.ServiceName }}.company.com" when the # remote ip is 10.242.5.7 or in the network 10.124.99.0/24. apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: policy-{{ .To.ServiceName }} namespace: {{ .SystemNamespace.Name }} spec: action: DENY selector: matchLabels: app: {{.GatewayIstioLabel | default "istio-ingressgateway"}}
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 08 07:03:01 UTC 2023 - 2.5K bytes - Viewed (0) -
pkg/config/analysis/analyzers/testdata/k8sgateway-selector.yaml
spec: selector: matchLabels: gateway.networking.k8s.io/gateway-name: bookinfo-gateway --- # only selector is set, should be ineffective apiVersion: security.istio.io/v1 kind: AuthorizationPolicy metadata: namespace: default name: ap-ineffective spec: selector: matchLabels: gateway.networking.k8s.io/gateway-name: bookinfo-gateway --- # only selector is set, should be ineffective
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Dec 15 01:19:33 UTC 2023 - 1.6K bytes - Viewed (0) -
istioctl/pkg/authz/analyzer_test.go
}, ClientStatus: 453, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { var buf bytes.Buffer a.Print(&buf) expectedOutput := "ACTION AuthorizationPolicy RULES\n" actualOutput := buf.String() if !reflect.DeepEqual(expectedOutput, actualOutput) { t.Errorf("Found %v, wanted %v", actualOutput, expectedOutput) } }) }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sun Apr 21 17:42:54 UTC 2024 - 2.8K bytes - Viewed (0) -
pilot/pkg/xds/workload_test.go
func createAuthorizationPolicy(s *xds.FakeDiscoveryServer, name string, ns string) { clienttest.NewWriter[*securityclient.AuthorizationPolicy](s.T(), s.KubeClient()).Create(&securityclient.AuthorizationPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: name, Namespace: ns, }, Spec: v1beta1.AuthorizationPolicy{}, }) } func deletePeerAuthentication(s *xds.FakeDiscoveryServer, name string, ns string) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 18 19:09:43 UTC 2024 - 15.9K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/ambientindex.go
authzPolicies := kclient.NewDelayedInformer[*securityclient.AuthorizationPolicy](options.Client, gvr.AuthorizationPolicy, kubetypes.StandardInformer, filter) AuthzPolicies := krt.WrapClient[*securityclient.AuthorizationPolicy](authzPolicies, krt.WithName("AuthorizationPolicies")) peerAuths := kclient.NewDelayedInformer[*securityclient.PeerAuthentication](options.Client,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Apr 19 17:19:41 UTC 2024 - 15.8K bytes - Viewed (0) -
pilot/test/mock/config.go
LoadBalancer: &networking.LoadBalancerSettings{ LbPolicy: new(networking.LoadBalancerSettings_Simple), }, }, } // ExampleAuthorizationPolicy is an example AuthorizationPolicy ExampleAuthorizationPolicy = &authz.AuthorizationPolicy{ Selector: &api.WorkloadSelector{ MatchLabels: map[string]string{ "app": "httpbin", "version": "v1", }, }, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue May 23 17:08:31 UTC 2023 - 13.2K bytes - Viewed (0) -
pilot/pkg/xds/rds.go
} var _ model.XdsResourceGenerator = &RdsGenerator{} // Map of all configs that do not impact RDS var skippedRdsConfigs = sets.New[kind.Kind]( kind.WorkloadEntry, kind.WorkloadGroup, kind.AuthorizationPolicy, kind.RequestAuthentication, kind.PeerAuthentication, kind.Secret, kind.WasmPlugin, kind.Telemetry, kind.ProxyConfig, kind.DNSName, ) func rdsNeedsPush(req *model.PushRequest) bool {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Feb 27 07:19:38 UTC 2024 - 1.9K bytes - Viewed (0) -
pilot/pkg/security/authz/builder/testdata/http/allow-full-rule-in.yaml
apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: httpbin-1 namespace: foo spec: selector: matchLabels: app: httpbin version: v1 rules: - from: - source: principals: ["principal", "principal-prefix-*", "*-suffix-principal", "*"] requestPrincipals: ["requestPrincipals", "requestPrincipals-prefix-*", "*-suffix-requestPrincipals", "*"]
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Apr 20 01:58:53 UTC 2024 - 4.1K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/testdata/allow-full-in.yaml
apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: allow spec: action: ALLOW rules: - from: - source: principals: [ "principal", "principal-prefix-*", "*-suffix-principal", "*" ] notPrincipals: [ "not-principal", "not-principal-prefix-*", "*-suffix-not-principal", "*" ] - from: - source:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Feb 29 18:40:34 UTC 2024 - 4K bytes - Viewed (0) -
tests/integration/security/testdata/authz/jwt.yaml.tmpl
# - Allow request with valid JWT token of audiences foo to access path with suffix "/audiences" apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: {{ .To.ServiceName }} spec: selector: matchLabels: "app": "{{ .To.ServiceName }}" rules: - to: - operation: paths: ["/token1"]
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 08 23:36:51 UTC 2024 - 3K bytes - Viewed (0)