AuthorizationPolicy - Code Search

pilot/pkg/serviceregistry/kube/controller/ambient/testdata/allow-groups-in.yaml

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: groups
spec:
  rules:
  # Has mix of L4 and L7 in from
  - from:
    - source:
        principals: ["from-mix-principal"]
        requestPrincipals: ["from-mix-requestPrincipals"]
        namespaces: ["from-mix-ns"]
    to:
    - operation:
        ports: ["80"]
  # Has mix of L4 and L7 in to
  - from:
    - source:

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Thu Feb 29 18:40:34 UTC 2024

- 1.3K bytes

- Viewed (0)

github.com/istio/istio

tests/integration/ambient/testdata/requestauthn/waypoint-jwt.yaml.tmpl

  jwtRules:
  - issuer: "******@****.***"
    jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json"
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: authz-gateway-{{ .To.ServiceName }}
spec:
  targetRefs:
  - kind: Gateway
    group: gateway.networking.k8s.io
    name: waypoint
  rules:
  - from:
    - source:

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Mon Apr 15 16:23:36 UTC 2024

- 1.3K bytes

- Viewed (0)

github.com/istio/istio

pilot/pkg/security/authz/builder/testdata/tcp/audit-both-http-tcp-in.yaml

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: httpbin-audit
  namespace: foo
spec:
  action: AUDIT
  rules:
  # rule[0] `from`: all fields, `to`: all fields, `when`: all fields.
  - from:
    - source:
        principals: ["principal"]
        requestPrincipals: ["requestPrincipals"]
        namespaces: ["ns"]
        ipBlocks: ["1.2.3.4"]
        remoteIpBlocks: ["10.250.90.4"]

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Thu Apr 01 19:25:01 UTC 2021

- 2.1K bytes

- Viewed (0)

github.com/istio/istio

pkg/config/analysis/analyzers/analyzers_test.go

			{msg.NoMatchingWorkloadsFound, "AuthorizationPolicy istio-system/meshwide-httpbin-v1"},
			{msg.NoMatchingWorkloadsFound, "AuthorizationPolicy httpbin-empty/httpbin-empty-namespace-wide"},
			{msg.NoMatchingWorkloadsFound, "AuthorizationPolicy httpbin/httpbin-nopods"},
			{msg.ReferencedResourceNotFound, "AuthorizationPolicy httpbin/httpbin-bogus-ns"},
			{msg.ReferencedResourceNotFound, "AuthorizationPolicy httpbin/httpbin-bogus-ns"},

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Fri Jun 14 07:22:31 UTC 2024

- 42.6K bytes

- Viewed (0)

github.com/istio/istio

tests/integration/security/testdata/authz/ingress-gateway.yaml.tmpl

# and denies access to "remoteipattr.{{ .To.ServiceName }}.company.com" when the
# remote ip is 10.242.5.7 or in the network 10.124.99.0/24.

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: policy-{{ .To.ServiceName }}
  namespace: {{ .SystemNamespace.Name }}
spec:
  action: DENY
  selector:
    matchLabels:
      app: {{.GatewayIstioLabel | default "istio-ingressgateway"}}

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Mon May 08 07:03:01 UTC 2023

- 2.5K bytes

- Viewed (0)

github.com/istio/istio

pkg/config/analysis/analyzers/testdata/k8sgateway-selector.yaml

spec:
  selector:
    matchLabels:
      gateway.networking.k8s.io/gateway-name: bookinfo-gateway
---
# only selector is set, should be ineffective
apiVersion: security.istio.io/v1
kind: AuthorizationPolicy
metadata:
  namespace: default
  name: ap-ineffective
spec:
  selector:
    matchLabels:
      gateway.networking.k8s.io/gateway-name: bookinfo-gateway
---
# only selector is set, should be ineffective

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Fri Dec 15 01:19:33 UTC 2023

- 1.6K bytes

- Viewed (0)

github.com/istio/istio

istioctl/pkg/authz/analyzer_test.go

				},
				ClientStatus: 453,
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			var buf bytes.Buffer
			a.Print(&buf)
			expectedOutput := "ACTION   AuthorizationPolicy   RULES\n"
			actualOutput := buf.String()
			if !reflect.DeepEqual(expectedOutput, actualOutput) {
				t.Errorf("Found %v, wanted %v", actualOutput, expectedOutput)
			}
		})
	}

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Sun Apr 21 17:42:54 UTC 2024

- 2.8K bytes

- Viewed (0)

github.com/istio/istio

pilot/pkg/xds/workload_test.go

func createAuthorizationPolicy(s *xds.FakeDiscoveryServer, name string, ns string) {
	clienttest.NewWriter[*securityclient.AuthorizationPolicy](s.T(), s.KubeClient()).Create(&securityclient.AuthorizationPolicy{
		ObjectMeta: metav1.ObjectMeta{
			Name:      name,
			Namespace: ns,
		},
		Spec: v1beta1.AuthorizationPolicy{},
	})
}

func deletePeerAuthentication(s *xds.FakeDiscoveryServer, name string, ns string) {

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Thu Apr 18 19:09:43 UTC 2024

- 15.9K bytes

- Viewed (0)

github.com/istio/istio

pilot/pkg/serviceregistry/kube/controller/ambient/ambientindex.go

	authzPolicies := kclient.NewDelayedInformer[*securityclient.AuthorizationPolicy](options.Client,
		gvr.AuthorizationPolicy, kubetypes.StandardInformer, filter)
	AuthzPolicies := krt.WrapClient[*securityclient.AuthorizationPolicy](authzPolicies, krt.WithName("AuthorizationPolicies"))

	peerAuths := kclient.NewDelayedInformer[*securityclient.PeerAuthentication](options.Client,

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Fri Apr 19 17:19:41 UTC 2024

- 15.8K bytes

- Viewed (0)

github.com/istio/istio

pilot/test/mock/config.go

			LoadBalancer: &networking.LoadBalancerSettings{
				LbPolicy: new(networking.LoadBalancerSettings_Simple),
			},
		},
	}

	// ExampleAuthorizationPolicy is an example AuthorizationPolicy
	ExampleAuthorizationPolicy = &authz.AuthorizationPolicy{
		Selector: &api.WorkloadSelector{
			MatchLabels: map[string]string{
				"app":     "httpbin",
				"version": "v1",
			},
		},
	}

Registered: Fri Jun 14 15:00:06 UTC 2024

- Last Modified: Tue May 23 17:08:31 UTC 2023

- 13.2K bytes

- Viewed (0)

Search Options