Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewPolicyApplier ¶
func NewPolicyApplier(rootNamespace string, jwtPolicies []*config.Config, peerPolicies []*config.Config, push *model.PushContext, ) authn.PolicyApplier
NewPolicyApplier returns new applier for v1beta1 authentication policies.
Types ¶
type MergedPeerAuthentication ¶
type MergedPeerAuthentication struct {
// Mode is the overall mode of policy. May be overridden by PerPort
Mode model.MutualTLSMode
// PerPort is the per-port policy
PerPort map[uint32]model.MutualTLSMode
}
func ComposePeerAuthentication ¶
func ComposePeerAuthentication(rootNamespace string, configs []*config.Config) MergedPeerAuthentication
ComposePeerAuthentication returns the effective PeerAuthentication given the list of applicable configs. This list should contains at most 1 mesh-level and 1 namespace-level configs. Workload-level configs should not be in root namespace (this should be guaranteed by the caller, though they will be safely ignored in this function). If the input config list is empty, returns a default policy set to a PERMISSIVE. If there is at least one applicable config, returns should not be nil, and is a combined policy based on following rules: - It should have the setting from the most narrow scope (i.e workload-level is preferred over namespace-level, which is preferred over mesh-level). - When there are more than one policy in the same scope (i.e workload-level), the oldest one win. - UNSET will be replaced with the setting from the parent. I.e UNSET port-level config will be replaced with config from workload-level, UNSET in workload-level config will be replaced with one in namespace-level and so on.
Source Files