Search Options

Results per page
Sort
Preferred Languages
Advance

Results 41 - 50 of 369 for spiffe (0.18 sec)

  2. github.com/istio/istio

    security/pkg/pki/util/san_test.go 

    	uriIdentity := Identity{Type: TypeURI, Value: []byte("spiffe://test.domain.com/ns/default/sa/default")}
	ipIdentity := Identity{Type: TypeIP, Value: netip.MustParseAddr("10.0.0.1").AsSlice()}
	dnsIdentity := Identity{Type: TypeDNS, Value: []byte("test.domain.com")}

	testCases := map[string]struct {
		hosts       string
		expectedExt *pkix.Extension
	}{
		"URI host": {
			hosts:       "spiffe://test.domain.com/ns/default/sa/default",
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Feb 12 17:36:33 UTC 2024
    - 6.5K bytes
    - Viewed (0)
  3. github.com/istio/istio

    manifests/charts/istiod-remote/templates/configmap.yaml 

    {{- define "mesh" }}
    # The trust domain corresponds to the trust root of a system.
    # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain
    trustDomain: "cluster.local"

    # The namespace to treat as the administrative root namespace for Istio configuration.
    # When processing a leaf namespace Istio will search for declarations in that namespace first
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Apr 18 18:16:49 UTC 2024
    - 4.9K bytes
    - Viewed (0)
  4. github.com/istio/istio

    pilot/pkg/security/authz/builder/testdata/http/extended-multiple-policies-out.yaml 

                ids:
            - orIds:
                ids:
                - authenticated:
                    principalName:
                      exact: spiffe://principals1
                - authenticated:
                    principalName:
                      exact: spiffe://principals2
      ns[foo]-policy[httpbin-6]-rule[0]:
        permissions:
        - andRules:
            rules:
            - any: true
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Mar 25 10:39:25 UTC 2024
    - 5.3K bytes
    - Viewed (0)
  5. github.com/istio/istio

    tests/integration/security/file_mounted_certs/p2p_mtls_test.go 

    	ClientCertsPath  = "tests/testdata/certs/mountedcerts-client"

	// nolint: lll
	ExpectedXfccHeader = `By=spiffe://cluster.local/ns/mounted-certs/sa/server;Hash=86948ccdaf2de73b20d389dc212aaf2d72f9f1ca239327cc2e8b05e61b1676d1;Subject="CN=client.mounted-certs.svc.cluster.local";URI=spiffe://cluster.local/ns/mounted-certs/sa/client;DNS=client.mounted-certs.svc`
)

func TestClientToServiceTls(t *testing.T) {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Apr 08 22:02:59 UTC 2024
    - 2.8K bytes
    - Viewed (0)
  6. github.com/istio/istio

    pilot/pkg/serviceregistry/kube/controller/ambient/policies.go 

    									return &security.StringMatch{MatchType: &security.StringMatch_Exact{
										Exact: strings.TrimPrefix(spiffe.MustGenSpiffeURI(meshCfg.MeshConfig, waypoint.Namespace, sa), spiffe.URIPrefix),
									}}
								}),
							},
						},
					},
				},
			}},
		},
	}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Jun 13 16:51:29 UTC 2024
    - 5.2K bytes
    - Viewed (0)
  7. github.com/istio/istio

    security/pkg/server/ca/authenticate/kubeauth/kube_jwt.go 

    	"net/http"
	"strings"

	"google.golang.org/grpc/metadata"
	"k8s.io/client-go/kubernetes"

	"istio.io/istio/pkg/cluster"
	"istio.io/istio/pkg/config/mesh"
	"istio.io/istio/pkg/security"
	"istio.io/istio/pkg/spiffe"
	"istio.io/istio/security/pkg/k8s/tokenreview"
)

const (
	KubeJWTAuthenticatorType = "KubeJWTAuthenticator"

	clusterIDMeta = "clusterid"
)
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu May 23 21:07:03 UTC 2024
    - 5K bytes
    - Viewed (0)
  8. github.com/istio/istio

    samples/security/spire/sleep-spire.yaml 

    spec:
  replicas: 1
  selector:
    matchLabels:
      app: sleep
  template:
    metadata:
      labels:
        app: sleep
        spiffe.io/spire-managed-identity: "true"
      # Injects custom sidecar template
      annotations:
        inject.istio.io/templates: "sidecar,spire"
    spec:
      terminationGracePeriodSeconds: 0
      serviceAccountName: sleep
      containers:
      - name: sleep
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri Feb 24 22:08:56 UTC 2023
    - 1.8K bytes
    - Viewed (0)
  9. github.com/istio/istio

    pilot/pkg/security/authz/builder/testdata/http/deny-and-allow-out2.yaml 

            principals:
        - andIds:
            ids:
            - orIds:
                ids:
                - authenticated:
                    principalName:
                      exact: spiffe://allow
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Oct 17 16:35:46 UTC 2023
    - 524 bytes
    - Viewed (0)
  10. github.com/istio/istio

    pilot/pkg/security/model/authentication_test.go 

    	"istio.io/istio/pkg/security"
	"istio.io/istio/pkg/spiffe"
)

func TestConstructSdsSecretConfig(t *testing.T) {
	testCases := []struct {
		name       string
		secretName string
		expected   *auth.SdsSecretConfig
	}{
		{
			name:       "ConstructSdsSecretConfig",
			secretName: "spiffe://cluster.local/ns/bar/sa/foo",
			expected: &auth.SdsSecretConfig{
				Name: "spiffe://cluster.local/ns/bar/sa/foo",
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Feb 20 22:39:21 UTC 2024
    - 18.9K bytes
    - Viewed (0)
  11. github.com/istio/istio

    pilot/pkg/security/authz/builder/testdata/http/extended-deny-and-allow-out1.yaml 

            principals:
        - andIds:
            ids:
            - orIds:
                ids:
                - authenticated:
                    principalName:
                      exact: spiffe://deny
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Mar 25 10:39:25 UTC 2024
    - 539 bytes
    - Viewed (0)
Back to top