zh-translation:/docs/reference/config/security/conditions/index.md (#5958)

* zh-translation:/docs/reference/config/security/conditions/index.md * Update index.md * Update index.md * Update index.md * Update index.md
2019-12-08 17:16:00 +08:00 · 2019-12-08 17:16:00 +08:00 · fba14e5f09
parent a91c1134fb
commit fba14e5f09
1 changed files with 20 additions and 22 deletions
--- a/content/zh/docs/reference/config/security/conditions/index.md
+++ b/content/zh/docs/reference/config/security/conditions/index.md
@ -1,38 +1,36 @@
 ---
-title: Authorization Policy Conditions
-description: Describes the supported conditions in authorization policies.
+title: 授权策略
+description: 授权策略中支持的条件。
 weight: 30
 aliases:
    - /zh/docs/reference/config/security/conditions/
 ---

-This page describes the supported keys and value formats you can use as conditions
-in the `when` field of [authorization policy resources](/zh/docs/reference/config/security/authorization-policy/).
+此页面描述了可以用作[授权策略](/zh/docs/reference/config/security/authorization-policy/) `when` 字段中所支持的键和值的格式。

 {{< warning >}}
-Unsupported keys and values are silently ignored.
+不支持的键和值将被忽略。
 {{< /warning >}}

-For more information, refer to the [authorization concept page](/zh/docs/concepts/security/#authorization).
+有关更多信息，请参阅[授权概念页面](/zh/docs/concepts/security/#authorization)。

-## Supported Conditions
+## 支持条件{#supported-conditions}

-| Name | Description | Supported Protocols | Example |
+| 名称 | 描述 | 支持的协议 | 示例 |
 |------|-------------|--------------------|---------|
-| `request.headers` | HTTP request headers. The actual header name is surrounded by brackets | HTTP only | `key: request.headers[User-Agent]`<br/>`values: ["Mozilla/*"]` |
-| `source.ip`  | Source workload instance IP address, supports single IP or CIDR | HTTP and TCP | `key: source.ip`<br/>`values: ["10.1.2.3"]` |
-| `source.namespace`  | Source workload instance namespace | HTTP and TCP | `key: source.namespace`<br/>`values: ["default"]` |
-| `source.principal` | The identity of the source workload | HTTP and TCP | `key: source.principal`<br/>`values: ["cluster.local/ns/default/sa/productpage"]` |
-| `request.auth.principal` | The authenticated principal of the request. | HTTP only | `key: request.auth.principal`<br/>`values: ["accounts.my-svc.com/104958560606"]` |
-| `request.auth.audiences` | The intended audience(s) for this authentication information | HTTP only | `key: request.auth.audiences`<br/>`values: ["my-svc.com"]` |
-| `request.auth.presenter` | The authorized presenter of the credential | HTTP only | `key: request.auth.presenter`<br/>`values: ["123456789012.my-svc.com"]` |
-| `request.auth.claims` | Claims from the origin JWT. The actual claim name is surrounded by brackets | HTTP only | `key: request.auth.claims[iss]`<br/>`values: ["*@foo.com"]` |
-| `destination.ip` | Destination workload instance IP address, supports single IP or CIDR | HTTP and TCP | `key: destination.ip`<br/>`values: ["10.1.2.3", "10.2.0.0/16"]` |
-| `destination.port` | The recipient port on the server IP address, must be in the range [0, 65535] | HTTP and TCP | `key: destination.port`<br/>`values: ["80", "443"]` |
-| `connection.sni` | The server name indication | HTTP and TCP | `key: connection.sni`<br/>`values: ["www.example.com"]` |
-| `experimental.envoy.filters.*` | Experimental metadata matching for filters, values wrapped in `[]` are matched as a list | HTTP and TCP | `key: experimental.envoy.filters.network.mysql_proxy[db.table]`<br/>`values: ["[update]"]` |
+| `request.headers` | `HTTP` 请求头，需要用 `[]` 括起来 | HTTP only | `key: request.headers[User-Agent]`<br/>`values: ["Mozilla/*"]` |
+| `source.ip`  | 源 `IP` 地址，支持单个 `IP` 或 `CIDR` | HTTP and TCP | `key: source.ip`<br/>`values: ["10.1.2.3"]` |
+| `source.namespace`  | 源负载实例命名空间 | HTTP and TCP | `key: source.namespace`<br/>`values: ["default"]` |
+| `source.principal` | 源负载的标识 | HTTP and TCP | `key: source.principal`<br/>`values: ["cluster.local/ns/default/sa/productpage"]` |
+| `request.auth.principal` | 已认证过 `principal` 的请求。 | HTTP only | `key: request.auth.principal`<br/>`values: ["accounts.my-svc.com/104958560606"]` |
+| `request.auth.audiences` | 此身份验证信息的目标主体 | HTTP only | `key: request.auth.audiences`<br/>`values: ["my-svc.com"]` |
+| `request.auth.presenter` | 证书的颁发者 | HTTP only | `key: request.auth.presenter`<br/>`values: ["123456789012.my-svc.com"]` |
+| `request.auth.claims` | `Claims` 来源于 `JWT`。需要用 `[]` 括起来 | HTTP only | `key: request.auth.claims[iss]`<br/>`values: ["*@foo.com"]` |
+| `destination.ip` | 目标 `IP` 地址，支持单个 `IP` 或 `CIDR` | HTTP and TCP | `key: destination.ip`<br/>`values: ["10.1.2.3", "10.2.0.0/16"]` |
+| `destination.port` | 目标 `IP` 地址上的端口，必须在 `[0，65535]` 范围内 | HTTP and TCP | `key: destination.port`<br/>`values: ["80", "443"]` |
+| `connection.sni` | 服务器名称指示 | HTTP and TCP | `key: connection.sni`<br/>`values: ["www.example.com"]` |
+| `experimental.envoy.filters.*` | 用于过滤器的实验性元数据匹配，包装的值 `[]` 作为列表匹配 | HTTP and TCP | `key: experimental.envoy.filters.network.mysql_proxy[db.table]`<br/>`values: ["[update]"]` |

 {{< warning >}}
-No backward compatibility is guaranteed for the `experimental.*` keys. They may be removed
-at any time, and customers are advised to use them at their own risk.
+无法保证 `experimental.*` 密钥向后的兼容性，可以随时将它们删除，但是须要谨慎操作。
 {{< /warning >}}