istio: Index | Files

package authz

import ""

The auth package provides support for checking the authentication and authorization policy applied in the mesh. It aims to increase the debuggability and observability of auth policies. Note: this is still under active development and is not ready for real use.


Package Files

analyzer.go listener.go util.go

func PrintParsedListeners Uses

func PrintParsedListeners(writer io.Writer, parsedListeners []*ParsedListener, printAll bool)

func StructToGoGoMessage Uses

func StructToGoGoMessage(pbst *structpb.Struct, out proto.Message) error

type Analyzer Uses

type Analyzer struct {
    // contains filtered or unexported fields

Analyzer that can be used to check authentication and authorization policy status.

func NewAnalyzer Uses

func NewAnalyzer(envoyConfig *configdump.Wrapper) (*Analyzer, error)

NewAnalyzer creates a new analyzer for a given pod based on its envoy config.

func (*Analyzer) Print Uses

func (a *Analyzer) Print(writer io.Writer, printAll bool)

Print checks the AuthZ setting for the given envoy config stored in the analyzer.

type ParsedListener Uses

type ParsedListener struct {
    // contains filtered or unexported fields

func ParseListener Uses

func ParseListener(listener *v2.Listener) *ParsedListener

ParseListener parses the envoy listener config by extracting the auth related config.

type PolicyTypeToConfigs Uses

type PolicyTypeToConfigs map[string][]model.Config

PolicyTypeToConfigs maps policy type (e.g. service-role) to a list of its config.

Package authz imports 28 packages (graph) and is imported by 2 packages. Updated 2019-12-09. Refresh now. Tools for package owners.