credentialName - Code Search

tests/integration/security/sds_ingress/ingress_test.go

				echotest.New(t, instances).
					SetupForDestination(func(t framework.TestContext, to echo.Target) error {
						ingressutil.SetupConfig(t, echo1NS, ingressutil.TestConfig{
							Mode:           "SIMPLE",
							CredentialName: credName,
							Host:           host,
							ServiceName:    to.Config().Service,
							GatewayLabel:   inst.Settings().IngressGatewayIstioLabel,
						})
						return nil
					}).

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Mon Apr 08 22:02:59 UTC 2024

- 32.7K bytes

- Viewed (0)

github.com/istio/istio

pkg/config/validation/validation_test.go

			&networking.ServerTLSSettings{
				Mode:           networking.ServerTLSSettings_ISTIO_MUTUAL,
				CredentialName: "some-cred",
			},
			"cannot have associated credentialName", "",
		},
		{
			"invalid cipher suites",
			&networking.ServerTLSSettings{
				Mode:           networking.ServerTLSSettings_SIMPLE,
				CredentialName: "sds-name",
				CipherSuites:   []string{"not-a-cipher-suite"},
			},
			"", "not-a-cipher-suite",

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Tue Apr 30 03:11:45 UTC 2024

- 196K bytes

- Viewed (0)

github.com/istio/istio

pkg/config/analysis/analyzers/analyzers_test.go

		},
	},
	{
		name: "destinationrule with credentialname, simple at destinationlevel, workloadSelector",
		inputFiles: []string{
			"testdata/destinationrule-simple-destination-credentialname-selector.yaml",
		},
		analyzer: &destinationrule.CaCertificateAnalyzer{},
		expected: []message{},
	},
	{
		name: "destinationrule with credentialname, simple at portlevel, no workloadSelector",
		inputFiles: []string{

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Fri Jun 14 07:22:31 UTC 2024

- 42.6K bytes

- Viewed (0)

github.com/istio/istio

pilot/pkg/model/credentials/resource.go

	if strings.HasPrefix(name, BuiltinGatewaySecretTypeURI) {
		return BuiltinGatewaySecretTypeURI
	}
	return fmt.Sprintf("%s://%s/%s", KubernetesGatewaySecretType, namespace, name)
}

// ToResourceName turns a `credentialName` into a resource name used for SDS
func ToResourceName(name string) string {
	if strings.HasPrefix(name, BuiltinGatewaySecretTypeURI) {
		return "default"
	}
	// If they explicitly defined the type, keep it

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Tue Feb 28 20:33:15 UTC 2023

- 5.1K bytes

- Viewed (0)

github.com/istio/istio

pkg/config/validation/validation.go

		}
		if tls.CaCertificates != "" {
			v = AppendValidation(v, fmt.Errorf("ISTIO_MUTUAL TLS cannot have associated CA bundle"))
		}
		if tls.CredentialName != "" {
			v = AppendValidation(v, fmt.Errorf("ISTIO_MUTUAL TLS cannot have associated credentialName"))
		}
		return
	}

	if tls.Mode == networking.ServerTLSSettings_PASSTHROUGH || tls.Mode == networking.ServerTLSSettings_AUTO_PASSTHROUGH {

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Wed Jun 12 04:03:33 UTC 2024

- 107.2K bytes

- Viewed (0)

github.com/istio/istio

pilot/pkg/config/kube/ingress/conversion.go

			},
			Hosts: tls.Hosts,
			Tls: &networking.ServerTLSSettings{
				HttpsRedirect:  false,
				Mode:           networking.ServerTLSSettings_SIMPLE,
				CredentialName: tls.SecretName,
			},
		})
	}

	gateway.Servers = append(gateway.Servers, &networking.Server{
		Port: &networking.Port{
			Number:   80,
			Protocol: string(protocol.HTTP),

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Wed Oct 25 07:19:43 UTC 2023

- 12.5K bytes

- Viewed (0)

github.com/istio/istio

istioctl/pkg/precheck/precheck.go

		if tls == nil {
			return false
		}
		if tls.Mode == networking.ClientTLSSettings_DISABLE || tls.Mode == networking.ClientTLSSettings_ISTIO_MUTUAL {
			return false
		}
		return tls.CaCertificates == "" && tls.CredentialName == "" && !tls.InsecureSkipVerify.GetValue()
	}
	checkSNI := func(tls *networking.ClientTLSSettings) bool {
		if tls == nil {
			return false
		}

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Fri Apr 12 02:57:30 UTC 2024

- 19.3K bytes

- Viewed (0)

github.com/istio/istio

manifests/charts/istiod-remote/templates/crd-all.gen.yaml

                                  clientCertificate:
                                    description: REQUIRED if mode is `MUTUAL`.
                                    type: string
                                  credentialName:
                                    description: The name of the secret that holds
                                      the TLS certs for the client including the CA
                                      certificates.

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Thu Jun 06 21:31:42 UTC 2024

- 671.7K bytes

- Viewed (0)

github.com/istio/istio

pkg/security/security.go

	// SDSExternalClusterName is the name of the cluster for external SDS connections which is defined via CredentialNameSocketPath
	SDSExternalClusterName = "sds-external"

	// SDSExternalCredentialPrefix is the prefix for the credentialName which will utilize external SDS connections defined via CredentialNameSocketPath
	SDSExternalCredentialPrefix = "sds://"

	// WorkloadIdentityCredentialsPath is the well-known path to a folder with workload certificate files.

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Thu Jun 13 17:48:28 UTC 2024

- 19.1K bytes

- Viewed (0)

github.com/istio/istio

manifests/charts/base/crds/crd-all.gen.yaml

                                  clientCertificate:
                                    description: REQUIRED if mode is `MUTUAL`.
                                    type: string
                                  credentialName:
                                    description: The name of the secret that holds
                                      the TLS certs for the client including the CA
                                      certificates.

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Thu Jun 06 21:31:42 UTC 2024

- 671.6K bytes

- Viewed (0)

Search Options