istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix formatting errors (#123)

This commit is contained in:
mandarjog 2017-05-06 07:30:35 -07:00 committed by GitHub
parent 0a1e1b6a9d
commit ad43baa856
1 changed files with 21 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
_docs/tasks/basic-access-control.md
View File

@ -28,7 +28,7 @@ This task shows how to use Istio to control access to a service.
``` ```
* Ensure that you can use [istioctl mixer]({{home}}/docs/reference/commands/istioctl/istioctl_mixer.html#synopsis) by setting up port forwarding if needed. * Ensure that you can use [istioctl mixer]({{home}}/docs/reference/commands/istioctl/istioctl_mixer.html#synopsis) by setting up port forwarding if needed.
## Access control using `denials` ## Access control using _denials_
Using Istio you can control access to a service based on any attributes that are available within Mixer. Using Istio you can control access to a service based on any attributes that are available within Mixer.
This simple form of access control is based on conditionally denying requests using Mixer selectors. This simple form of access control is based on conditionally denying requests using Mixer selectors.
@ -58,33 +58,34 @@ of the `reviews` service. We would like to cut off access to version `v3` of thi
The status code and the message is specified in the [DenyChecker]({{home}}/docs/reference/api/adapters/denyChecker.html) The status code and the message is specified in the [DenyChecker]({{home}}/docs/reference/api/adapters/denyChecker.html)
adapter configuration. adapter configuration.
## Access control using `whitelists` ## Access control using _whitelists_
Istio also supports attribute-based white and blacklists. Istio also supports attribute-based white and blacklists.
Using a whitelist is a two step process. Using a whitelist is a two step process.
1 Add an adapter definition for the [`genericListChecker`]({{home}}/docs/reference/api/adapters/genericListChecker.html)) adapter that lists versions `v1, v2`: 1. Add an adapter definition for the [`genericListChecker`]({{home}}/docs/reference/api/adapters/genericListChecker.html) adapter that lists versions `v1, v2`:
```yaml ```yaml
- name: versionList - name: versionList
impl: genericListChecker impl: genericListChecker
params: params:
listEntries: ["v1", "v2"] listEntries: ["v1", "v2"]
``` ```
2 Enable whitelist checking by using the [`lists`]({{home}}/docs/reference/api/mixer-aspects.html#lists) aspect: 2. Enable `whitelist` checking by using the [`lists`]({{home}}/docs/reference/api/mixer-aspects.html#lists) aspect:
```yaml
rules:
aspects:
- kind: lists
adapter: versionList
params:
blacklist: false
checkExpression: source.labels["version"]
```
```yaml
rules:
aspects:
- kind: lists
adapter: versionList
params:
blacklist: false
checkExpression: source.labels["version"]
```
`checkExpression` is evaluated and checked against the list `[v1, v2]`. The check behavior can be changed to a blacklist by specifying `checkExpression` is evaluated and checked against the list `[v1, v2]`. The check behavior can be changed to a blacklist by specifying
`blacklist: true`. The expression evaluator returns the value of the `version` label as specified by the `checkExpression`. `blacklist: true`. The expression evaluator returns the value of the `version` label as specified by the `checkExpression` key.
## What's next ## What's next