- Sort Score
- Result 10 results
- Languages All
Results 91 - 100 of 104 for AuthorizationPolicy (1.39 sec)
-
pilot/pkg/networking/grpcgen/lds.go
// This should probably be done for the v2 API. // // nolint: unparam func buildRBAC(node *model.Proxy, push *model.PushContext, suffix string, context *tls.DownstreamTlsContext, a rbacpb.RBAC_Action, policies []model.AuthorizationPolicy, ) *rbacpb.RBAC { rules := &rbacpb.RBAC{ Action: a, Policies: map[string]*rbacpb.Policy{}, } for _, policy := range policies { for i, rule := range policy.Spec.Rules {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Apr 17 22:20:44 UTC 2024 - 14.6K bytes - Viewed (0) -
pkg/config/validation/validation.go
} return } // ValidateAuthorizationPolicy checks that AuthorizationPolicy is well-formed. var ValidateAuthorizationPolicy = RegisterValidateFunc("ValidateAuthorizationPolicy", func(cfg config.Config) (Warning, error) { in, ok := cfg.Spec.(*security_beta.AuthorizationPolicy) if !ok { return nil, fmt.Errorf("cannot cast to AuthorizationPolicy") } var errs error var warnings Warning
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 04:03:33 UTC 2024 - 107.2K bytes - Viewed (0) -
pilot/test/xds/fake.go
ConfigCluster: k8sCluster == opts.DefaultClusterName, MeshWatcher: mesh.NewFixedWatcher(m), CRDs: []schema.GroupVersionResource{ // Install all CRDs used (mostly in Ambient) gvr.AuthorizationPolicy, gvr.PeerAuthentication, gvr.KubernetesGateway, gvr.KubernetesGateway, gvr.WorkloadEntry, gvr.ServiceEntry, }, }) stop := test.NewStop(t)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Jun 10 16:08:52 UTC 2024 - 18.4K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_test.go
}, }, { Meta: config.Meta{Name: uuid.NewString(), Namespace: "istio-system", GroupVersionKind: gvk.AuthorizationPolicy}, Spec: &security.AuthorizationPolicy{}, }, { Meta: config.Meta{Name: uuid.NewString(), Namespace: "istio-system", GroupVersionKind: gvk.AuthorizationPolicy}, Spec: &security.AuthorizationPolicy{ Selector: nil, TargetRef: nil, Rules: nil,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 93.6K bytes - Viewed (0) -
pilot/pkg/xds/bench_test.go
}, // Test usage of various APIs { Name: "telemetry-api", Services: 100, }, { Name: "virtualservice", Services: 100, }, { Name: "authorizationpolicy", Services: 100, OnlyRunType: v3.ListenerType, }, { Name: "serviceentry-workloadentry", Services: 100, Instances: 1000, }, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Apr 22 18:13:40 UTC 2024 - 19.7K bytes - Viewed (0) -
architecture/ambient/ztunnel.md
Most notably, this is only L4 resources. Most of the API is fairly straight forward. However, one interesting aspect is how these policies associate with workloads. Istio's AuthorizationPolicy has label selectors. However, we intentionally do not send those as part of the Workload API, in order to keep the size low. The obvious solution to this is to put the list of selected workloads into the policy itself.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Apr 25 22:35:16 UTC 2024 - 16.6K bytes - Viewed (0) -
pilot/pkg/model/sidecar.go
// clusterScopedKnownConfigTypes includes configs when they are in root namespace, // they will be applied to all namespaces within the cluster. clusterScopedKnownConfigTypes = sets.New( kind.EnvoyFilter, kind.AuthorizationPolicy, kind.RequestAuthentication, kind.WasmPlugin, ) ) type hostClassification struct { exactHosts sets.Set[host.Name] allHosts []host.Name }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 05 20:32:23 UTC 2024 - 38.4K bytes - Viewed (0) -
samples/addons/grafana.yaml
alcs":["lastNotNull"],"fields":"","values":false},"textMode":"auto"},"pluginVersion":"10.1.5","targets":[{"datasource":{"type":"prometheus","uid":"${datasource}"},"expr":"max(pilot_k8s_cfg_events{type=\"AuthorizationPolicy\", event=\"add\"}) - (max(pilot_k8s_cfg_events{type=\"AuthorizationPolicy\", event=\"delete\"}) or max(up * 0))","format":"time_series","intervalFactor":1,"refId":"A"}],"title":"Authorization Policies","type":"stat"},{"datasource":{"type":"prometheus","uid":"${datasource}"},"f...
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Jun 12 20:46:28 UTC 2024 - 242.3K bytes - Viewed (0) -
pilot/pkg/model/push_context.go
wasmPluginsChanged = true case kind.EnvoyFilter: envoyFiltersChanged = true if features.OptimizedConfigRebuild { changedEnvoyFilters.Insert(conf) } case kind.AuthorizationPolicy: authzChanged = true case kind.RequestAuthentication, kind.PeerAuthentication: authnChanged = true
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 15 09:02:11 UTC 2024 - 91.8K bytes - Viewed (0) -
pkg/test/framework/features/allowlist.txt
conformance_test,TestConformance/rbac/rbacConfig/basic conformance_test,TestConformance/rbac/serviceRole/basic conformance_test,TestConformance/rbac/serviceRoleBinding/basic conformance_test,TestConformance/security/authorizationPolicy/basic conformance_test,TestMissingMCPTests dns_cert,TestDNSCert dns_certificate_test,TestDNSCertificate dns_certificate_test,TestDNSCertificate/generateDNSCertificates
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Oct 18 18:03:23 UTC 2022 - 103.9K bytes - Viewed (0)