- Sort Score
- Result 10 results
- Languages All
Results 41 - 50 of 369 for spiffe (0.18 sec)
-
security/pkg/pki/util/san_test.go
uriIdentity := Identity{Type: TypeURI, Value: []byte("spiffe://test.domain.com/ns/default/sa/default")} ipIdentity := Identity{Type: TypeIP, Value: netip.MustParseAddr("10.0.0.1").AsSlice()} dnsIdentity := Identity{Type: TypeDNS, Value: []byte("test.domain.com")} testCases := map[string]struct { hosts string expectedExt *pkix.Extension }{ "URI host": { hosts: "spiffe://test.domain.com/ns/default/sa/default",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Feb 12 17:36:33 UTC 2024 - 6.5K bytes - Viewed (0) -
manifests/charts/istiod-remote/templates/configmap.yaml
{{- define "mesh" }} # The trust domain corresponds to the trust root of a system. # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain trustDomain: "cluster.local" # The namespace to treat as the administrative root namespace for Istio configuration. # When processing a leaf namespace Istio will search for declarations in that namespace first
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 18 18:16:49 UTC 2024 - 4.9K bytes - Viewed (0) -
pilot/pkg/security/authz/builder/testdata/http/extended-multiple-policies-out.yaml
ids: - orIds: ids: - authenticated: principalName: exact: spiffe://principals1 - authenticated: principalName: exact: spiffe://principals2 ns[foo]-policy[httpbin-6]-rule[0]: permissions: - andRules: rules: - any: true
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Mar 25 10:39:25 UTC 2024 - 5.3K bytes - Viewed (0) -
tests/integration/security/file_mounted_certs/p2p_mtls_test.go
ClientCertsPath = "tests/testdata/certs/mountedcerts-client" // nolint: lll ExpectedXfccHeader = `By=spiffe://cluster.local/ns/mounted-certs/sa/server;Hash=86948ccdaf2de73b20d389dc212aaf2d72f9f1ca239327cc2e8b05e61b1676d1;Subject="CN=client.mounted-certs.svc.cluster.local";URI=spiffe://cluster.local/ns/mounted-certs/sa/client;DNS=client.mounted-certs.svc` ) func TestClientToServiceTls(t *testing.T) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 2.8K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/policies.go
return &security.StringMatch{MatchType: &security.StringMatch_Exact{ Exact: strings.TrimPrefix(spiffe.MustGenSpiffeURI(meshCfg.MeshConfig, waypoint.Namespace, sa), spiffe.URIPrefix), }} }), }, }, }, }, }}, }, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 16:51:29 UTC 2024 - 5.2K bytes - Viewed (0) -
security/pkg/server/ca/authenticate/kubeauth/kube_jwt.go
"net/http" "strings" "google.golang.org/grpc/metadata" "k8s.io/client-go/kubernetes" "istio.io/istio/pkg/cluster" "istio.io/istio/pkg/config/mesh" "istio.io/istio/pkg/security" "istio.io/istio/pkg/spiffe" "istio.io/istio/security/pkg/k8s/tokenreview" ) const ( KubeJWTAuthenticatorType = "KubeJWTAuthenticator" clusterIDMeta = "clusterid" )
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 23 21:07:03 UTC 2024 - 5K bytes - Viewed (0) -
samples/security/spire/sleep-spire.yaml
spec: replicas: 1 selector: matchLabels: app: sleep template: metadata: labels: app: sleep spiffe.io/spire-managed-identity: "true" # Injects custom sidecar template annotations: inject.istio.io/templates: "sidecar,spire" spec: terminationGracePeriodSeconds: 0 serviceAccountName: sleep containers: - name: sleep
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Feb 24 22:08:56 UTC 2023 - 1.8K bytes - Viewed (0) -
pilot/pkg/security/authz/builder/testdata/http/deny-and-allow-out2.yaml
principals: - andIds: ids: - orIds: ids: - authenticated: principalName: exact: spiffe://allow
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Oct 17 16:35:46 UTC 2023 - 524 bytes - Viewed (0) -
pilot/pkg/security/model/authentication_test.go
"istio.io/istio/pkg/security" "istio.io/istio/pkg/spiffe" ) func TestConstructSdsSecretConfig(t *testing.T) { testCases := []struct { name string secretName string expected *auth.SdsSecretConfig }{ { name: "ConstructSdsSecretConfig", secretName: "spiffe://cluster.local/ns/bar/sa/foo", expected: &auth.SdsSecretConfig{ Name: "spiffe://cluster.local/ns/bar/sa/foo",
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Feb 20 22:39:21 UTC 2024 - 18.9K bytes - Viewed (0) -
pilot/pkg/security/authz/builder/testdata/http/extended-deny-and-allow-out1.yaml
principals: - andIds: ids: - orIds: ids: - authenticated: principalName: exact: spiffe://deny
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Mar 25 10:39:25 UTC 2024 - 539 bytes - Viewed (0)