Search Options

Results per page
Sort
Preferred Languages
Advance

Results 11 - 20 of 31 for requestPrincipals (0.2 sec)

  2. github.com/istio/istio

    tests/integration/security/testdata/requestauthn/global-jwt.yaml.tmpl 

            - "example.{{ $svc.ServiceName }}.com"
{{- end }}
    from:
    - source:
        requestPrincipals: ["******@****.***/sub-1"]
  - to:
    - operation:
        hosts:
  {{- range $svc := .Services }}
        - "any-request-principal-ok.{{ $svc.ServiceName }}.com"
  {{- end }}
    from:
    - source:
        requestPrincipals: ["*"]
  - to:
    - operation:
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon May 08 07:03:01 UTC 2023
    - 1K bytes
    - Viewed (0)
  3. github.com/istio/istio

    tests/integration/ambient/testdata/requestauthn/waypoint-jwt.yaml.tmpl 

    spec:
  targetRefs:
  - kind: Gateway
    group: gateway.networking.k8s.io
    name: waypoint
  rules:
  - from:
    - source:
        requestPrincipals: ["******@****.***/sub-1"]
    - source:
        requestPrincipals: ["******@****.***/sub-1"]
  - to:
    - operation:
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Apr 15 16:23:36 UTC 2024
    - 1.3K bytes
    - Viewed (0)
  4. github.com/istio/istio

    tests/integration/security/testdata/requestauthn/authn-authz.yaml.tmpl 

    metadata:
  name: {{ .To.ServiceName }}
spec:
  selector:
    matchLabels:
      app: {{ .To.ServiceName }}
  rules:
  - to:
    - operation:
        methods: ["GET"]
    from:
    - source:
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon May 08 07:03:01 UTC 2023
    - 699 bytes
    - Viewed (0)
  5. github.com/istio/istio

    tests/integration/security/testdata/requestauthn/headers-params.yaml.tmpl 

    metadata:
  name: {{ .To.ServiceName }}
spec:
  selector:
    matchLabels:
      app: {{ .To.ServiceName }}
  rules:
  - to:
    - operation:
        methods: ["GET"]
    from:
    - source:
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon May 08 07:03:01 UTC 2023
    - 867 bytes
    - Viewed (0)
  6. github.com/istio/istio

    tests/integration/security/policy_attachment_only/testdata/authz/gateway-authz.yaml.tmpl 

      action: ALLOW
  rules:
  - to:
    - operation:
        hosts:
{{- range $svc := .Services }}
        - "example.{{ $svc.ServiceName }}.com"
{{- end }}
    from:
    - source:
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Oct 24 19:50:43 UTC 2023
    - 847 bytes
    - Viewed (0)
  7. github.com/istio/istio

    pilot/pkg/security/authz/model/model_test.go 

    				}
			}
		})
	}
}

func TestModel_Generate(t *testing.T) {
	rule := yamlRule(t, `
from:
- source:
    requestPrincipals: ["td-1/ns/foo/sa/sleep-1"]
    notRequestPrincipals: ["td-1/ns/foo/sa/sleep-2"]
- source:
    requestPrincipals: ["td-1/ns/foo/sa/sleep-3"]
    notRequestPrincipals: ["td-1/ns/foo/sa/sleep-4"]
to:
- operation:
    ports: ["8001"]
    notPorts: ["8002"]
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Nov 20 22:15:12 UTC 2023
    - 10K bytes
    - Viewed (0)
  8. github.com/istio/istio

    tests/integration/security/testdata/authz/jwt.yaml.tmpl 

        from:
    - source:
        requestPrincipals: ["******@****.***/sub-1"]
  - to:
    - operation:
        paths: ["/token2"]
        methods: ["GET"]
    when:
    - key: request.auth.claims[groups]
      values: ["group-2"]
  - to:
    - operation:
        paths: ["/tokenAny"]
        methods: ["GET"]
    from:
    - source:
        requestPrincipals: ["*"]
  - to:
    - operation:
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed May 08 23:36:51 UTC 2024
    - 3K bytes
    - Viewed (0)
  9. github.com/istio/istio

    tests/integration/security/testdata/authz/egress-gateway.yaml.tmpl 

          from:
        - source:
            requestPrincipals: [ "******@****.***/sub-1" ]
    - to: # checks only a can call 443 over istio mutual with JWT
        - operation:
            hosts: [ "jwt-and-{{ .Allowed.ServiceName }}-{{ .Allowed.NamespaceName }}-only.com" ]
      from:
        - source:
            requestPrincipals: [ "******@****.***/sub-1" ]
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Jul 31 15:08:52 UTC 2023
    - 5.2K bytes
    - Viewed (0)
  10. github.com/istio/istio

    pilot/pkg/security/authz/model/model.go 

    			if useExtendedJwt {
				merged.insertFrontExtended(requestPrincipalGenerator{}, attrRequestPrincipal, s.RequestPrincipals, s.NotRequestPrincipals)
			} else {
				merged.insertFront(requestPrincipalGenerator{}, attrRequestPrincipal, s.RequestPrincipals, s.NotRequestPrincipals)
			}
			merged.insertFront(srcPrincipalGenerator{}, attrSrcPrincipal, s.Principals, s.NotPrincipals)
		}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Mar 25 10:39:25 UTC 2024
    - 13.8K bytes
    - Viewed (0)
  11. github.com/istio/istio

    pilot/pkg/serviceregistry/kube/controller/ambient/authorization.go 

    	}
	fromMatches := []*security.Match{}
	for _, from := range rule.From {
		op := from.Source
		if action == security.Action_ALLOW && anyNonEmpty(op.RemoteIpBlocks, op.NotRemoteIpBlocks, op.RequestPrincipals, op.NotRequestPrincipals) {
			// L7 policies never match for ALLOW
			// For DENY they will always match, so it is more restrictive
			return nil
		}
		match := &security.Match{
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Apr 15 16:23:36 UTC 2024
    - 18.4K bytes
    - Viewed (0)
Back to top