- Sort Score
- Result 10 results
- Languages All
Results 11 - 20 of 22 for trustDomainAliases (0.26 sec)
-
pkg/spiffe/spiffe.go
// // {"spiffe://td1/ns/def/sa/a", "spiffe://td2/ns/def/sa/a", "spiffe://td1/ns/def/sa/b", "spiffe://td2/ns/def/sa/b"}. func ExpandWithTrustDomains(spiffeIdentities sets.String, trustDomainAliases []string) sets.String { if len(trustDomainAliases) == 0 { return spiffeIdentities } out := sets.New[string]() for id := range spiffeIdentities { out.Insert(id)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 23 21:07:03 UTC 2024 - 11.1K bytes - Viewed (0) -
pilot/pkg/security/model/authentication_test.go
} }) } } func TestApplyToCommonTLSContext(t *testing.T) { testCases := []struct { name string node *model.Proxy trustDomainAliases []string crl string validateClient bool expected *auth.CommonTlsContext }{ { name: "MTLSStrict using SDS", node: &model.Proxy{ Metadata: &model.NodeMetadata{},
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Feb 20 22:39:21 UTC 2024 - 18.9K bytes - Viewed (0) -
pilot/pkg/networking/plugin/authz/authorization.go
} func NewBuilderForService(actionType ActionType, push *model.PushContext, proxy *model.Proxy, useFilterState bool, svc *model.Service) *Builder { tdBundle := trustdomain.NewBundle(push.Mesh.TrustDomain, push.Mesh.TrustDomainAliases) option := builder.Option{ IsCustomBuilder: actionType == Custom, UseFilterState: useFilterState, UseExtendedJwt: proxy.SupportsEnvoyExtendedJwt(), }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 2.7K bytes - Viewed (0) -
pilot/pkg/security/authn/factory.go
type PolicyApplier interface { // InboundMTLSSettings returns inbound mTLS settings for a given workload port InboundMTLSSettings(endpointPort uint32, node *model.Proxy, trustDomainAliases []string, modeOverride model.MutualTLSMode) MTLSSettings // JwtFilter returns the JWT HTTP filter to enforce the underlying authentication policy. // It may return nil, if no JWT validation is needed.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 3K bytes - Viewed (0) -
pilot/pkg/serviceregistry/aggregate/controller_test.go
"istio.io/istio/pkg/config/host" "istio.io/istio/pkg/test/util/retry" ) type mockMeshConfigHolder struct { trustDomainAliases []string } func (mh mockMeshConfigHolder) Mesh() *meshconfig.MeshConfig { return &meshconfig.MeshConfig{ TrustDomainAliases: mh.trustDomainAliases, } } func buildMockController() *Controller { discovery1 := memory.NewServiceDiscovery(mock.ReplicatedFooServiceV1.DeepCopy(),
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 15 06:28:11 UTC 2024 - 14.5K bytes - Viewed (0) -
tests/integration/security/external_ca/main_test.go
cfgYaml := tmpl.MustEvaluate(` values: pilot: env: EXTERNAL_CA: ISTIOD_RA_KUBERNETES_API meshConfig: defaultConfig: proxyMetadata: ISTIO_META_CERT_SIGNER: signer1 trustDomainAliases: [some-other, trust-domain-foo] caCertificates: - pem: | {{.rootcert1 | indent 8}} certSigners: - {{.signer1}} - pem: | {{.rootcert2 | indent 8}} certSigners:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Mar 22 14:18:21 UTC 2023 - 4.7K bytes - Viewed (0) -
pilot/pkg/security/authn/policy_applier.go
Port: endpointPort, Mode: effectiveMTLSMode, TCP: authn_utils.BuildInboundTLS(effectiveMTLSMode, node, networking.ListenerProtocolTCP, trustDomainAliases, minTLSVersion, mc), HTTP: authn_utils.BuildInboundTLS(effectiveMTLSMode, node, networking.ListenerProtocolHTTP, trustDomainAliases, minTLSVersion, mc), } } // convertToEnvoyJwtConfig converts a list of JWT rules into Envoy JWT filter config to enforce it.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 23 09:47:21 UTC 2024 - 19.2K bytes - Viewed (0) -
pkg/config/validation/agent/validation_test.go
"discovery address must be set to the proxy discovery service", "invalid proxy admin port", "invalid status port", "trustDomain: empty domain name not allowed", "trustDomainAliases[0]", "trustDomainAliases[1]", "trustDomainAliases[2]", "mesh TLS does not support ECDH curves configuration", } switch err := err.(type) { case *multierror.Error: // each field must cause an error in the field
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 20:06:41 UTC 2024 - 39.1K bytes - Viewed (0) -
tests/integration/security/ca_custom_root/main_test.go
cfgYaml := tmpl.MustEvaluate(` values: pilot: env: ISTIO_MULTIROOT_MESH: true meshConfig: defaultConfig: proxyMetadata: PROXY_CONFIG_XDS_AGENT: "true" trustDomainAliases: [some-other, trust-domain-foo] caCertificates: - pem: | {{.pem | indent 8}} `, map[string]string{"pem": rootPEM}) cfg.ControlPlaneValues = cfgYaml }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 02 21:29:40 UTC 2024 - 9.2K bytes - Viewed (0) -
pkg/config/validation/agent/validation.go
errs = multierror.Append(errs, fmt.Errorf("trustDomain: %v", err)) } for i, tda := range config.TrustDomainAliases { if err := ValidateTrustDomain(tda); err != nil { errs = multierror.Append(errs, fmt.Errorf("trustDomainAliases[%d], domain `%s` : %v", i, tda, err)) } } return } func ValidateMeshTLSConfig(mesh *meshconfig.MeshConfig) (errs error) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 20:06:41 UTC 2024 - 30.9K bytes - Viewed (0)