- Sort Score
- Result 10 results
- Languages All
Results 51 - 60 of 215 for Authz (0.04 sec)
-
pilot/pkg/security/authz/builder/testdata/http/custom-bad-out.yaml
name: envoy.filters.http.rbac typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC rules: action: DENY policies: istio-ext-authz-ns[foo]-policy[httpbin-1]-rule[0]-deny-due-to-bad-CUSTOM-action: permissions: - andRules: rules: - orRules: rules: - urlPath: path: exact: /httpbin1
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri Sep 15 04:13:49 UTC 2023 - 885 bytes - Viewed (0) -
plugin/pkg/admission/certificates/util.go
// signerNames with a given 'domain portion'. func IsAuthorizedForSignerName(ctx context.Context, authz authorizer.Authorizer, info user.Info, verb, signerName string) bool { // First check if the user has explicit permission to 'verb' for the given signerName. attr := buildAttributes(info, verb, signerName) decision, reason, err := authz.Authorize(ctx, attr) switch { case err != nil:
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat May 16 11:54:27 UTC 2020 - 2.6K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_builder.go
authnBuilder *authn.Builder // authzBuilder provides access to authz configuration for the given proxy. authzBuilder *authz.Builder // authzCustomBuilder provides access to CUSTOM authz configuration for the given proxy. authzCustomBuilder *authz.Builder } // enabledInspector captures if for a given listener, listener filter inspectors are added type enabledInspector struct {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 06 04:44:06 UTC 2024 - 17.9K bytes - Viewed (0) -
pilot/pkg/networking/plugin/authz/authorization.go
// limitations under the License. package authz import ( listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/networking" "istio.io/istio/pilot/pkg/security/authz/builder" "istio.io/istio/pilot/pkg/security/trustdomain" )
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 2.7K bytes - Viewed (0) -
tests/integration/security/pass_through_filter_chain_test.go
}, }, { // There is only authZ policy that allows access to TCPWorkloadOnly should be allowed. name: "DISABLE with authz", config: `apiVersion: security.istio.io/v1beta1 kind: PeerAuthentication metadata: name: mtls spec: mtls: mode: DISABLE --- apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: authz spec: rules: - to: - operation:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 08 22:02:59 UTC 2024 - 11.9K bytes - Viewed (0) -
releasenotes/notes/37677.yaml
apiVersion: release-notes/v2 kind: feature area: security issue: - https://github.com/istio/istio/issues/36950 releaseNotes: - |
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 06 16:17:21 UTC 2022 - 217 bytes - Viewed (0) -
docs/iam/opa.md
``` ### 2. Create a sample OPA Policy In another terminal, create a policy that allows root user all access and for all other users denies `PutObject`: ```sh cat > example.rego <<EOF package httpapi.authz import input default allow = false # Allow the root user to perform any action. allow { input.owner == true } # All other users may do anything other than call PutObject allow {
Registered: Sun Jun 16 00:44:34 UTC 2024 - Last Modified: Sun Jul 17 15:43:14 UTC 2022 - 2.3K bytes - Viewed (0) -
pilot/pkg/networking/core/networkfilter.go
authzBuilder := lb.authzBuilder if policySvc != nil { useFilterState := lb.node.Type == model.Waypoint authzBuilder = authz.NewBuilderForService(authz.Local, lb.push, lb.node, useFilterState, policySvc) authzCustomBuilder = authz.NewBuilderForService(authz.Custom, lb.push, lb.node, useFilterState, policySvc) } var filters []*listener.Filter
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 13.7K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/admission/initializer/initializer.go
extInformers informers.SharedInformerFactory, authz authorizer.Authorizer, featureGates featuregate.FeatureGate, stopCh <-chan struct{}, restMapper meta.RESTMapper, ) pluginInitializer { return pluginInitializer{ externalClient: extClientset, dynamicClient: dynamicClient, externalInformers: extInformers, authorizer: authz, featureGates: featureGates, stopCh: stopCh,
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Mar 06 00:00:21 UTC 2024 - 3K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/admission/plugin/policy/validating/admission_test.go
versionedParams runtime.Object, namespace *v1.Namespace, runtimeCELCostBudget int64, authz authorizer.Authorizer, ) validating.ValidateResult { return f( ctx, matchResource, versionedAttr, versionedParams, namespace, runtimeCELCostBudget, authz, ) } var _ generic.PolicyMatcher = &fakeMatcher{} func (f *fakeMatcher) ValidateInitialization() error {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Mar 25 01:39:01 UTC 2024 - 63.8K bytes - Viewed (0)