- Sort Score
- Result 10 results
- Languages All
Results 21 - 30 of 67 for Authz (0.08 sec)
-
pkg/kubeapiserver/options/authorization.go
return append(allErrors, fmt.Errorf("--%s can not be specified when --%s or --authorization-webhook-* flags are defined", authorizationConfigFlag, authorizationModeFlag)) } // load/validate kube-apiserver authz config with no opinion about required modes _, err := authorizer.LoadAndValidateFile(o.AuthorizationConfigurationFile, nil) if err != nil { return append(allErrors, err) } return allErrors }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Feb 14 23:09:15 UTC 2024 - 12K bytes - Viewed (0) -
cluster/gce/gci/configure-kubeapiserver.sh
# Create the ABAC file if it doesn't exist yet, or if we have a KUBE_USER set (to ensure the right user is given permissions) if [[ -n "${KUBE_USER:-}" || ! -e /etc/srv/kubernetes/abac-authz-policy.jsonl ]]; then local -r abac_policy_json="${src_dir}/abac-authz-policy.jsonl" if [[ -n "${KUBE_USER:-}" ]]; then sed -i -e "s/{{kube_user}}/${KUBE_USER}/g" "${abac_policy_json}" else
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Jun 07 11:08:30 UTC 2024 - 25.8K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_inbound.go
TrafficDirection: core.TrafficDirection_INBOUND, ContinueOnListenerFiltersTimeout: true, } // Flush authz cache since we need filter state for the principal. oldBuilder := lb.authzBuilder lb.authzBuilder = authz.NewBuilder(authz.Local, lb.push, lb.node, true) inboundChainConfigs := lb.buildInboundChainConfigs() for _, cc := range inboundChainConfigs { cc.hbone = true
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 35.1K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_builder_test.go
t.Run(tt.name, func(t *testing.T) { push.Networks = tt.networks lb := &ListenerBuilder{ push: push, node: sidecarProxy, authzCustomBuilder: &authz.Builder{}, authzBuilder: &authz.Builder{}, } httpConnManager := lb.buildHTTPConnectionManager(&httpListenerOpts{}) if !reflect.DeepEqual(tt.expectedconfig, httpConnManager.InternalAddressConfig) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 24.7K bytes - Viewed (0) -
cmd/kube-scheduler/app/server.go
func buildHandlerChain(handler http.Handler, authn authenticator.Request, authz authorizer.Authorizer) http.Handler { requestInfoResolver := &apirequest.RequestInfoFactory{} failedHandler := genericapifilters.Unauthorized(scheme.Codecs) handler = genericapifilters.WithAuthorization(handler, authz, scheme.Codecs) handler = genericapifilters.WithAuthentication(handler, authn, failedHandler, nil, nil)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon May 27 19:11:24 UTC 2024 - 14.3K bytes - Viewed (0) -
pilot/pkg/networking/grpcgen/lds.go
"istio.io/api/label" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/networking/util" "istio.io/istio/pilot/pkg/security/authn" authzmodel "istio.io/istio/pilot/pkg/security/authz/model" "istio.io/istio/pilot/pkg/util/protoconv" xdsfilters "istio.io/istio/pilot/pkg/xds/filters" "istio.io/istio/pkg/istio-agent/grpcxds" "istio.io/istio/pkg/util/sets" )
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 14.6K bytes - Viewed (0) -
pilot/test/mock/config.go
// limitations under the License. package mock import ( "fmt" "reflect" "strconv" "testing" "time" "go.uber.org/atomic" networking "istio.io/api/networking/v1alpha3" authz "istio.io/api/security/v1beta1" api "istio.io/api/type/v1beta1" "istio.io/istio/pilot/pkg/model" config2 "istio.io/istio/pkg/config" "istio.io/istio/pkg/config/schema/collections"
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue May 23 17:08:31 UTC 2023 - 13.2K bytes - Viewed (0) -
pilot/pkg/xds/sds.go
} else { authzError = err } authzResult = &res return res } // There are 4 cases of secret reference // Verified cross namespace (by ReferencePolicy). No Authz needed. // Verified same namespace (implicit). No Authz needed. // Unverified cross namespace. Never allowed. // Unverified same namespace. Allowed if authorized. allowedResources := make([]SecretResource, 0, len(resources))
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 15 23:04:36 UTC 2024 - 15.8K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/server/config.go
// authz is nil, this function won't add a token authenticator or authorizer. func AuthorizeClientBearerToken(loopback *restclient.Config, authn *AuthenticationInfo, authz *AuthorizationInfo) { if loopback == nil || len(loopback.BearerToken) == 0 { return } if authn == nil || authz == nil { // prevent nil pointer panic return }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 28 08:48:22 UTC 2024 - 47.7K bytes - Viewed (0) -
pkg/test/framework/components/echo/common/deployment/echos.go
// will be generated unless NoExternalNamespace is specified. ExternalNamespace namespace.Getter // IncludeExtAuthz if enabled, an additional ext-authz container will be included in the deployment. // This is mainly used to test the CUSTOM authorization policy when the ext-authz server is deployed // locally with the application container in the same pod. IncludeExtAuthz bool
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon May 20 16:01:31 UTC 2024 - 16K bytes - Viewed (0)