Search Options

Results per page
Sort
Preferred Languages
Advance

Results 91 - 100 of 104 for AuthorizationPolicy (1.39 sec)

  2. github.com/istio/istio

    pilot/pkg/networking/grpcgen/lds.go 

    // This should probably be done for the v2 API.
//
// nolint: unparam
func buildRBAC(node *model.Proxy, push *model.PushContext, suffix string, context *tls.DownstreamTlsContext,
	a rbacpb.RBAC_Action, policies []model.AuthorizationPolicy,
) *rbacpb.RBAC {
	rules := &rbacpb.RBAC{
		Action:   a,
		Policies: map[string]*rbacpb.Policy{},
	}
	for _, policy := range policies {
		for i, rule := range policy.Spec.Rules {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Apr 17 22:20:44 UTC 2024
    - 14.6K bytes
    - Viewed (0)
  3. github.com/istio/istio

    pkg/config/validation/validation.go 

    	}
	return
}

// ValidateAuthorizationPolicy checks that AuthorizationPolicy is well-formed.
var ValidateAuthorizationPolicy = RegisterValidateFunc("ValidateAuthorizationPolicy",
	func(cfg config.Config) (Warning, error) {
		in, ok := cfg.Spec.(*security_beta.AuthorizationPolicy)
		if !ok {
			return nil, fmt.Errorf("cannot cast to AuthorizationPolicy")
		}

		var errs error
		var warnings Warning
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Jun 12 04:03:33 UTC 2024
    - 107.2K bytes
    - Viewed (0)
  4. github.com/istio/istio

    pilot/test/xds/fake.go 

    			ConfigCluster:   k8sCluster == opts.DefaultClusterName,
			MeshWatcher:     mesh.NewFixedWatcher(m),
			CRDs: []schema.GroupVersionResource{
				// Install all CRDs used (mostly in Ambient)
				gvr.AuthorizationPolicy,
				gvr.PeerAuthentication,
				gvr.KubernetesGateway,
				gvr.KubernetesGateway,
				gvr.WorkloadEntry,
				gvr.ServiceEntry,
			},
		})
		stop := test.NewStop(t)
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Jun 10 16:08:52 UTC 2024
    - 18.4K bytes
    - Viewed (0)
  5. github.com/istio/istio

    pilot/pkg/networking/core/listener_test.go 

    		},
	},
	{
		Meta: config.Meta{Name: uuid.NewString(), Namespace: "istio-system", GroupVersionKind: gvk.AuthorizationPolicy},
		Spec: &security.AuthorizationPolicy{},
	},
	{
		Meta: config.Meta{Name: uuid.NewString(), Namespace: "istio-system", GroupVersionKind: gvk.AuthorizationPolicy},
		Spec: &security.AuthorizationPolicy{
			Selector:     nil,
			TargetRef:    nil,
			Rules:        nil,
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Jun 13 01:56:28 UTC 2024
    - 93.6K bytes
    - Viewed (0)
  6. github.com/istio/istio

    pilot/pkg/xds/bench_test.go 

    	},

	// Test usage of various APIs
	{
		Name:     "telemetry-api",
		Services: 100,
	},
	{
		Name:     "virtualservice",
		Services: 100,
	},
	{
		Name:        "authorizationpolicy",
		Services:    100,
		OnlyRunType: v3.ListenerType,
	},
	{
		Name:      "serviceentry-workloadentry",
		Services:  100,
		Instances: 1000,
	},
}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Apr 22 18:13:40 UTC 2024
    - 19.7K bytes
    - Viewed (0)
  7. github.com/istio/istio

    architecture/ambient/ztunnel.md 

    Most notably, this is only L4 resources.

Most of the API is fairly straight forward.
However, one interesting aspect is how these policies associate with workloads.
Istio's AuthorizationPolicy has label selectors.
However, we intentionally do not send those as part of the Workload API, in order to keep the size low.

The obvious solution to this is to put the list of selected workloads into the policy itself.
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Apr 25 22:35:16 UTC 2024
    - 16.6K bytes
    - Viewed (0)
  8. github.com/istio/istio

    pilot/pkg/model/sidecar.go 

    	// clusterScopedKnownConfigTypes includes configs when they are in root namespace,
	// they will be applied to all namespaces within the cluster.
	clusterScopedKnownConfigTypes = sets.New(
		kind.EnvoyFilter,
		kind.AuthorizationPolicy,
		kind.RequestAuthentication,
		kind.WasmPlugin,
	)
)

type hostClassification struct {
	exactHosts sets.Set[host.Name]
	allHosts   []host.Name
}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Jun 05 20:32:23 UTC 2024
    - 38.4K bytes
    - Viewed (0)
  9. github.com/istio/istio

    samples/addons/grafana.yaml 

    alcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"pluginVersion":"10.1.5","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"max(pilot_k8s_cfg_events{type=\"AuthorizationPolicy\", event=\"add\"}) - (max(pilot_k8s_cfg_events{type=\"AuthorizationPolicy\", event=\"delete\"}) or max(up * 0))","format":"time_series","intervalFactor":1,"refId":"A"}],"title":"Authorization Policies","type":"stat"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"f...
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Jun 12 20:46:28 UTC 2024
    - 242.3K bytes
    - Viewed (0)
  10. github.com/istio/istio

    pilot/pkg/model/push_context.go 

    			wasmPluginsChanged = true
		case kind.EnvoyFilter:
			envoyFiltersChanged = true
			if features.OptimizedConfigRebuild {
				changedEnvoyFilters.Insert(conf)
			}
		case kind.AuthorizationPolicy:
			authzChanged = true
		case kind.RequestAuthentication,
			kind.PeerAuthentication:
			authnChanged = true
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed May 15 09:02:11 UTC 2024
    - 91.8K bytes
    - Viewed (0)
  11. github.com/istio/istio

    pkg/test/framework/features/allowlist.txt 

    conformance_test,TestConformance/rbac/rbacConfig/basic
conformance_test,TestConformance/rbac/serviceRole/basic
conformance_test,TestConformance/rbac/serviceRoleBinding/basic
conformance_test,TestConformance/security/authorizationPolicy/basic
conformance_test,TestMissingMCPTests
dns_cert,TestDNSCert
dns_certificate_test,TestDNSCertificate
dns_certificate_test,TestDNSCertificate/generateDNSCertificates
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Oct 18 18:03:23 UTC 2022
    - 103.9K bytes
    - Viewed (0)
Back to top