e4a1b46d09
Automator: update common-files@master in istio/api@master ( #3212 )
2024-05-22 10:12:02 -04:00
b9c26acf91
Generate alias for types instead of copies ( #3188 )
2024-05-20 11:48:31 -04:00
9d5445e3a9
update comment ( #3204 )
2024-05-20 09:25:31 -04:00
2b5bf4c8a0
Adds Service Type to PolicyTargetReference API Docs ( #3199 )
...
Previously, only a Gateway resource was defined as a supported
attachment type. This PR updates the API docs to include a Service
as a supported type and also fixes an incorrect link to Gateway API
documentation.
Signed-off-by: Daneyon Hansen <daneyon.hansen@solo.io>
2024-05-15 22:29:11 -04:00
9ed092e1a0
Allow defining CRDs from a single version ( #3186 )
...
* Allow defining CRDs from a single version
Part of https://github.com/istio/api/issues/3127 . Goes with a
corresponding tools change; this will fail until that merges.
This just shows DR. The tool will support both the new and old way (we
can remove the old way if we want), so we don't have to move everything
at once. We will, though. I kept it to one so its easy to review first.
* Move all APIs over
2024-05-14 15:09:49 -07:00
7dfab5580f
Place JWTRule under RequestAuthentication like every other API ( #3187 )
...
There is no reason for this to be split, it just makes the docs more
confusing.
I am fairly sure this change only impacts the HTML, merging two pages
into one. I tested with istio.io/istio still builds fine.
2024-05-13 08:22:20 -07:00
768c994129
sort JWTRule after RequestAuthentication in the Istio docs. ( #3179 )
...
* sort JWTRule after RequestAuthentication in the Istio docs.
* add make gen'd files
2024-05-08 20:42:51 -07:00
5b08a315cb
Add docs and examples for path templating ( #3162 )
...
* Add docs and examples for path templating
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* Clarify path segment vs glob
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* rebase
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* Update docs to reflect more restrictive path templating support
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* Clarify an invalid path template will result in a invalid auth
policy.
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
---------
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
2024-04-22 07:09:57 -07:00
fe48267f86
policy attachment: allow `targetRefs` ( #3159 )
...
* policy attachment: allow `targetRefs`
Based on https://github.com/kubernetes-sigs/gateway-api/pull/2966 . Note
that we do not HAVE to follow the GatewayAPI here; we can make our own
decision. There is, however, a general desire to allow multiple for
ergonomics.
In this proposal, I hide `targetRef`, but the API will remain + be
implemented forever. Implementation cost here is near zero, as we can
easily translate it to a single `targetRefs`; we just hide from docs to
push users toward the new ones.
* codegen
* Align documentation
* consistency
2024-04-12 13:44:31 -07:00
13544404d3
Fix description of PeerAuthentication example ( #3139 )
2024-03-25 10:22:17 -07:00
94d8c5322f
Resolves #3125 ( #3128 )
...
Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>
2024-03-21 09:52:07 -07:00
339eb52daa
PeerAuthentication Graduation to v1 ( #3112 )
...
* bump peer auth to v1
Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>
* update sync
Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>
* Add release notes
Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>
* run make gen
Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>
* Fix release notes
Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>
* Update release notes
Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>
* Update release notes
Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>
* make gen
Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>
* fix gen-check
Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>
---------
Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>
2024-03-13 16:19:34 -07:00
3d9a233170
Run make gen ( #3120 )
2024-03-11 17:59:56 -07:00
76d8e65ae7
docs: remove per-version API tabs ( #3100 )
...
Fixes https://github.com/istio/api/issues/2994
2024-03-05 07:22:21 -08:00
8c93bf5085
authz: add column for actions ( #3094 )
...
```
$ kag authorizationpolicies.security.istio.io
NAMESPACE NAME ACTION AGE
foo httpbin ALLOW 11m
```
Just a nice helper
2024-02-23 08:41:22 -08:00
bfa7ba498e
Add timeout field to JWTRule ( #3018 )
...
* Add timeout field to JWTRule
* Change timeout comment
* Sync gen files
* Sync gen files 2
* Adjust comment
* minor changes to comment
2024-02-20 12:30:40 -08:00
1b6aded783
docs: add notes for ports used in AuthPolicy/PeerAuth ( #3075 )
...
Signed-off-by: Peter Jausovec <peter.jausovec@solo.io>
2024-01-31 12:47:37 -08:00
62e5dd9150
add shortname for authz ( #3069 )
...
* add shortname for authz
* rename to ap
* release notes
2024-01-29 12:55:32 -08:00
796ac64a96
docs: field name and minor formatting fixes ( #3057 )
...
Signed-off-by: Peter Jausovec <peter.jausovec@solo.io>
2024-01-19 10:39:48 -08:00
06018d723c
Run make gen with new protoc ( #3051 )
...
* Run make gen with new protoc
* Update dependencies
2024-01-17 09:03:58 -08:00
bb3cb9c034
Add note on targetRef + authorization policy in multi-revision environment ( #3021 )
...
Signed-off-by: Keith Mattix II <keithmattix@microsoft.com>
2023-12-08 11:57:07 -08:00
7aaf411469
Added retrieve JWT from cookies support ( #2997 )
...
* Add retrieve jwt from cookies support
* Add retrieve jwt from cookies support
* make gen
2023-11-28 10:29:12 -08:00
2c49e44609
Update authz document ( #2954 )
...
* update authorizationPolicy CUSTOM action feature status
* update authorizationPolicy CUSTOM action feature status
2023-10-12 09:43:42 -07:00
685ef7d06b
Migrate to protoc-gen-crd ( #2941 )
2023-10-05 16:16:01 -07:00
283cc40b07
Define targetRef proto ( #2888 )
...
* Define protobuf for PolicyTargetReference
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* Add targetRef to AuthorizationPolicy, Telemetry, WasmPlugin,
ProxyConfig, and RequestAuthentication.
Need more examples.
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* Add examples
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* Moved targetRef def to selector.proto. Removed kubebuilder
comments. Added release note for targetRef.
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* Add oneof to CRD protos. Add clarifying comments about intended
use of taretRef.
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* Remove targetRef from ProxyConfig
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* Removed root namespace references and ingress gateway targetRef
examples.
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* Hide API changes from docs and remove examples until impl is
complete
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* Remove telemtry example until impl complete
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* add clarification resource must be in same ns as policy and add
oneof to wasm plugin.
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* Remove oneof in to avoid go changes.
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* update release note to clarify scope is limited to waypoints
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* Update authorizationPolicy selector comment
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* clarify in targetRef description only waypoint is supported as a
targeted resource
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* add k8s gateway references
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* Respond to PR feedback and add selector example.
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
* Address nits
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
---------
Signed-off-by: Jackie Elliott <jaellio@microsoft.com>
2023-09-05 15:45:52 -07:00
68bd84f7b0
fix JWT claim based routing doc ( #2918 )
2023-08-29 02:48:34 -07:00
dc0f5cf640
Fix typo Authorizaion to Authorization ( #2909 )
...
* Fix typo Authorizaion to Authorization
* Update authorization_policy.proto
Fix typo from Authorizaion to Authorization
2023-08-24 06:01:59 -07:00
86459b6f41
Fix AuthorizationPolicy typo ( #2894 )
...
Signed-off-by: Faseela K <faseela.k@est.tech>
2023-08-10 10:21:08 -07:00
064529d3bb
chore: Fix typo in VirtualService docs ( #2847 )
...
* Fix typo in VirtualService docs
* Run make gen
2023-07-06 13:44:32 -07:00
f8ef33f530
fixes for Duplicate reference docs overwriting each other ( #2811 )
...
* change page
* changes for docs to sync the needed ones
* fix tabset error
* fix spacing issue
* add checks to sync.sh to ensure mode is set
* fix changes from merge
* fix missing tabset
* fix tabset again
2023-06-22 06:41:07 -07:00
89e0db7ec4
Add authz dry-run example ( #2761 )
...
* add authz dry-run example
* make gen
* add experimental note
2023-06-20 08:52:09 -07:00
c899271129
Replace 1.2.3.4 with RFC5737 address ( #2774 ) ( #2777 )
2023-05-02 18:45:05 -07:00
49a8f67e97
update `proxy_inbound_listen_port` doc ( #2735 )
...
* update doc
* fix make gen
* fix gencheck
2023-03-21 19:43:21 -07:00
d80de99025
Format corrections of JWTRule document ( #2720 )
...
* Fix indentation of jwt doc
* Update comment line of jwtrule
* Fix indentation of jwt doc
* Update comment line of jwtrule
* Rebase with latest master
---------
Co-authored-by: Sathish Swaminathan <sathish.swaminathan@ibm.com>
2023-03-13 12:07:22 -07:00
3c7d940965
replace quotes with backticks when referring to values ( #2687 )
2023-02-21 13:47:33 -08:00
7300918fbd
Fix link ( #2683 )
2023-02-16 10:39:23 -08:00
aa0187a0dc
Fix link ( #2681 )
2023-02-16 08:17:22 -08:00
b214fbae4c
small fix in authz docs ( #2658 )
2023-01-27 14:11:32 -08:00
63c80143ed
Correct confusing typo in the authz policy proto ( #2598 )
...
* Correct confusing typo in the authz policy proto
* make gen
2022-12-15 07:28:09 -08:00
82e7f2d88e
added L7 deny tcp info in v1 authz ( #2579 )
2022-12-05 13:01:05 -08:00
bd9c37f95e
security policy graduation to v1 ( #2553 )
2022-11-22 12:03:23 -08:00
Istio Automation