Commit Graph

138 Commits

Author SHA1 Message Date
Eric Van Norman 93ea5bb3ae
Update values so istioctl x wait works (#12508)
* Update values so istioctl x wait works

* Remove extra values

* Update all snippet instances of `istio install` for wait_for_istio

* Fix value
2023-01-24 15:46:18 -08:00
Eric Van Norman cb3aebc837
Update istio.io to prepare for 1.17 (#12487) 2023-01-19 10:53:13 -08:00
Aryan Gupta 60eb0e4474
udocs upddate for policies graduation (#12320) 2022-12-06 13:49:06 -08:00
Bo-Cheng Chu 27c2aa9d04
Update index.md (#12243) 2022-11-15 20:52:16 -08:00
Eric Van Norman 1f12d8f392
Release 1.16 istio.io branch cut (#12239)
* build an archive of v1.15 in master

* update data/versions.yml and archive index page

* advance master to release-1.17

* Fix lint error
2022-11-15 13:25:34 -08:00
Eric Van Norman 14f8c33a8a
Minor correction submitted in 12203 - no CLA (#12231) 2022-11-14 10:35:33 -08:00
Aryan Gupta f2baf1228b
updated authz docs (#12178)
* updated authz docs

* removed extra spaces

* updated authz-tcp task tests

* minor yaml fixes
2022-11-08 16:04:55 -08:00
Bo-Cheng Chu 813337f378
Add performance expectations in ext-authz page (#12176)
* add performance benchmarking

* fix typo
2022-11-08 16:04:47 -08:00
Eric Van Norman 8b95b8eb57
Prepare for release 1.16.0 (#12138)
* Prepare for release 1.16.0

* Update for 1.160.0-beta.1

* Update reference docs with new beta.1 build
2022-10-21 20:30:38 -07:00
Bo-Cheng Chu e859278609
Remove restart requirement for ext-authz (#12106)
* rm restart

* update snip
2022-10-18 17:29:51 -07:00
Eric Van Norman 68fb4ec77a
advance master to release-1.16 (#11778)
* build an archive of v1.14 in master

* update data/versions.yml and archive index page

* advance master to release-1.16

* Rerun `make update_ref_docs

* Update to commit on main branch to fix tests

* Disable failing test (temporary)
2022-09-01 07:25:41 -07:00
Tong Li 46eb244468
Replace experimental uninstall command with uninstall command (#11736)
* Replace experimental uninstall command with uninstall command

Signed-off-by: Tong Li <litong01@us.ibm.com>

* Update content/en/docs/setup/upgrade/canary/index.md

Replace experimental uninstall command with uninstall command

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Apply suggestions from code review

Replace experimental uninstall command with uninstall command

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Replace experimental uninstall command with uninstall command

Signed-off-by: Tong Li <litong01@us.ibm.com>

* Replace experimental uninstall command with uninstall command

Signed-off-by: Tong Li <litong01@us.ibm.com>

* Replace experimental uninstall command with uninstall command

Signed-off-by: Tong Li <litong01@us.ibm.com>

* Replace experimental uninstall command with uninstall command

Signed-off-by: Tong Li <litong01@us.ibm.com>

* Update content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Replace experimental uninstall command with uninstall command

Signed-off-by: Tong Li <litong01@us.ibm.com>

Signed-off-by: Tong Li <litong01@us.ibm.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
2022-08-25 08:00:21 -07:00
Istio Automation 15a3975599
Remove 2 year old security warning (#11747)
Was fixed long ago

Co-authored-by: John Howard <howardjohn@google.com>
2022-08-24 14:15:06 -07:00
Eric Van Norman da73c24218
Prepare for the 1.15.0 release (#11684) 2022-08-07 13:23:45 -07:00
Eric Van Norman b5e32c648a
Additional updates to use the master branches in other repos (#11431) 2022-06-15 03:34:22 -07:00
Eric Van Norman 84c40da017
Prepare for version 1.14 as istio source is already branched (#11212)
* Prepare for version 1.14 as istio source is already branched

* Missed make gen
2022-04-25 10:24:04 -07:00
Eric Van Norman fc515c8166
Replay yq v3 which is deprecated with yq v4 (#11202)
* Replay yq v3 which is deprecated with yq v4

* Update yq key
2022-04-20 13:37:30 -07:00
Eric Van Norman 08fe6be739
Updates to use fix main branch post release branching (#10894)
* Update to use main branch for reference docs

* Updates to fix this for next time (not moving to master)

* Run `make gen`

* Update master istio test reference

* Ingore one shellcheck, SC1091, for now. Not sure why it just showed up
2022-02-11 16:28:20 -08:00
Deepak Pakhale 29f0d809f3
Fixes #10813 (#10819)
Adding files generated after "make gen"
2022-01-23 14:40:13 -08:00
Eric Van Norman 68f0f07545
Prepare for v1.13 as istio source is already branched (#10808)
* Prepare for v1.13 as istio source is already branched

* Update VM test image from 1.11 to current to test

* Rename tests to temporaily disable Issue created to reanble before 1.13
2022-01-21 09:52:46 -08:00
Yangmin Zhu 84a63d0e33
add test for the dry-run task (#10526)
* add test for the dry-run task

* Update content/en/docs/tasks/security/authorization/authz-dry-run/index.md

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
2021-12-08 07:50:27 -08:00
Yangmin Zhu 81e896486b
update release note for external authz (#10527)
* update release note for external authz

* address comment

* Update content/en/news/releases/1.12.x/announcing-1.12/change-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
2021-11-23 11:30:07 -08:00
Eric Van Norman 72de90d75b
Advance master to release-1.13 (#10516)
* build an archive of v1.11 in master

* update data/versions.yml and archive index page

* advance master to release-1.13

* ANother script update

* go get remaing istio repos to satisfy linter

* Temporarily fix link broken by istio/api #2148

* Temporarily disable istioctl analyze test.
2021-11-19 06:52:51 -08:00
Eric Van Norman 4c16b9a65e
Prepare for v1.12 as Istio source is already branched (#10455)
* prepare for v1.12 as istio source is already branched

* Fixup script output

* Removing validatingwebhookconfiguration if it exists.
2021-11-01 12:27:58 -07:00
Istio Automation 07cf4f6b68
[master] Fix in attribute "name" on "metadata". (#10361)
* Fix in attribute "name" on "metadata".

Missing tab in attribute "name" at section "Define the external authorizer" in ServiceEntry example.

* command make gen

Co-authored-by: Igor Agueme <igoragueme@outlook.com>
2021-09-17 08:31:35 -07:00
Sungyun Hur 4b6489305b
docs: update broken OPA links (#10320)
* docs: update broken OPA links

* fix: typo
2021-09-09 21:40:51 -07:00
Eric Van Norman 327bd45dbe
Advance master to 1.12 (#10176)
* build an archive of v1.10 in master

* update data/versions.yml and archive index page

* advance master to release-1.12

* Update istio test reference to pick up 1.12 in istioctl messages

* Fix lint and IMAGE_VERSION

* MOre changes for lint

* Use correct IMAGE_VERSION

* Skip virtual machines test - Release Blocker issue created
2021-08-13 08:58:35 -07:00
Eric Van Norman a3f2c5a0dd
Update for branch cut (#10082)
* prepare for v1.11 as istio source is already branched

* Update test ref to 1.11.0-beta.0

* Remove extraneous added files
2021-07-15 11:58:54 -07:00
ChristinaMak 9b02f2f215
Flag experimental pages with dagger (#9895)
* Flag experimental pages with dagger

* Use dagger symbol in title

* Dagger in navigation titles for experimental status

* Experimental asterisk note

* Asterisk with space

* Spacing between title and asterisk

* Flag experimental and alpha status
2021-06-23 04:46:20 -07:00
Eric Van Norman 9308f25ab9
Restore external authorization tests (#9788)
* Restore external authorization tests

* Remove extra echo's
2021-05-19 08:44:15 -07:00
Eric Van Norman ae7939eabe
Update master after 1.10 release (#9779)
* build an archive of v1.9 in master

* update data/versions.yml and archive index page

* advance master to release-1.11

* Update the istio test reference to master

* Remove failing deny test

* Remove another test

* Remove a third test
2021-05-18 15:57:52 -07:00
craigbox 8554c3e941
Experimental tidy-ups (#9772)
* Experimental tidy-ups

* replace #8980

* add one that's Alpha; should possibly change word?
2021-05-18 06:46:43 -07:00
Yangmin Zhu d20bce3176
add dry-run task (#9564)
* add dry-run task

* update

* update

* update

* update
2021-04-28 10:41:00 -07:00
Eric Van Norman e575b768fa
prepare for v1.10 as istio source is already branched (#9469) 2021-04-07 12:04:45 -07:00
Yangmin Zhu 92cbff4247
fix the ext-authz test flaky (#9438)
* fix the ext-authz test flaky

* check deny first

* check more specifc response

* remove typo
2021-04-02 07:58:56 -07:00
Yangmin Zhu 85f9c64f42
add test for the external authorization task (#9422)
* add test for the external authorization task

* check logs
2021-03-30 13:43:55 -07:00
Yangmin Zhu 85a6002789
update security doc with evaluation order, common patterns, shoter task names and some small updates (#9127)
* update security doc with evaluation order, common patterns, shoter task names and some small updates

* update

* update

* add link

* update

* update

* fix lint

* Apply suggestions from code review

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* update

* Apply suggestions from code review

Co-authored-by: John Howard <howardjohn@google.com>

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
Co-authored-by: John Howard <howardjohn@google.com>
2021-03-24 09:16:41 -07:00
John Howard 4396197f50
Use consistent quoting in API examples (#9373)
This matches istio/api examples and all Kubernetes best practices. This
quoting sets a bad precedent that is copy and pasted around the web.
2021-03-23 09:33:57 -07:00
lei-tang 104e06a868
Fix the client IP addresses for the authz ingress task (#9002) 2021-02-19 06:33:03 -08:00
davidhauck 8140906812
Update master to 1.10 (#8931)
* build an archive of v1.8 in master

* update data/versions.yml and archive index page

* advance master to release-1.10

* run make gen
2021-02-09 12:46:44 -08:00
Eric Van Norman bea8d187e5
Silence curl command (#8773)
* Silence curl command

* Update more files with -sS (adding S to show errors)

* Over-agressive on the -S and causing some tests to fail.

* Remove more curl -S flags
2021-01-20 09:45:50 -08:00
davidhauck 394e58e271
prepare for v1.9 as istio source is already branched (#8777) 2021-01-14 12:06:22 -08:00
Yangmin Zhu ca8b101dfa
add external authorization task (#8751)
* add external authorization task

* Apply suggestions from code review

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* address comments

* Apply suggestions from code review

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* address comment

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
2021-01-14 11:01:54 -08:00
Frank Budinsky a70e78f25e
Test cleanup (#8564)
* Framework inject set +e at start of cleanup test script

* tabs

* fix typo

* add nl

* fix doc
2020-11-24 16:26:19 -05:00
Yangmin Zhu 4c02c73112
update release notes and authz task for a critical bug (#8543) 2020-11-20 21:32:30 -08:00
davidhauck cf0add291f
Update master for 1.9 (#8528)
* build an archive of v1.7 in master

* update data/versions.yml and archive index page

* advance master to release-1.9

* run make gen
2020-11-19 10:42:01 -08:00
Kyle Evans 9c0549ad8a
Make proxy protocol EnvoyFilter consistent with Network Topology doc (#8472)
* update proxy protocol EnvoyFilter to be consistent

Make the proxy protocol EnvoyFilter identical to the one in
docs/ops/configuration/traffic-management/network-topologies/

* fix arch mistake
2020-11-11 06:24:58 -08:00
Eric Van Norman 456039c26a
Add in removed tests (had regression failure) to verify fix (#8482)
* Add in removed tests (had regression failure) to verify fix

* Update test to redeploy istiod
2020-11-11 06:16:05 -08:00
Kyle Evans d237f976c3
update authz docs for remote.ip (#8390)
* update authz docs for remote.ip

remote.ip has been added as an Authorization Condition and the Ingress
Gateway Authorization task has been updated to include it.

* fix relative link to network topologies

* add more verification and use tabs

* remove mixer reference and put LB table below tabset

* move INGRESS_HOST info to top, add LB decision-making table

* clean up bash commands
2020-11-03 11:00:50 -08:00
Eric Van Norman 9f6a0aa9a2
Update test reference to 1.8.0-alpha.2 (#8399)
* Update test reference to 1.8.0-alpha.2

* Fix access-log test for new behavior

* Update to remove deprecated parameter

* More updates for deprecated (already removed) values

* Enable test, disable failing tests (#8405) open for fix.

* Review comment

* Remove extraneous old-td
2020-10-30 09:36:38 -07:00
Nathan Mittler 132c2375bc
Add wait for gateway to multicluster tests (#8346)
This required some other changes WRT verification:

- Change __cmp_like to allow for not accepting <pending> for an IP address.

- Change __verify_with_retry to use a timeout rathan than number of retries. This is a more intuitive interface and aligns with the way we do retries in istio/istio. I also got rid of exponential backoff and allow both the timeout and delay between retries to be configured.
2020-10-26 06:45:38 -07:00
Eric Van Norman da0a004694
prepare for v${VERSION} as istio source is already branched" (#8328) 2020-10-21 10:49:24 -07:00
Eric Van Norman 4b4e395c68
Increase retry count for test flakiness (#8206) 2020-09-24 13:51:56 -07:00
Eric Van Norman cc1a34f99c
Update test reference - master (#8103)
* Update test reference

* Test framework changes

* Another required change

* Update Tag to 1.8

* Pick istio/istio commit that actually exists

* Disable ISTIO_META_DNS_CAPTURE

* Add --skip-confirmation to istioctl installl commands

* Increase test timeout. First pass at fixes.

* Update to later istio/istio that fixes DNS and minor fixes

* test fixes

* Pick up go.mod `replace` changes from #8118

* Fix istioctl-analayze and mirror

* Fix mtls-migration test

* Update istio to include commit to fix egress

* Re-enable verify with fix

* Update istio/istio ref for egress fix

* Fix tasks/security/authorization/authz-td-migration - remove ns

* Shorten wait timeout so tests complete in under an hr

* Let tests continue after wait timeout

* Fix --skip-confirmation to -y and use yes | in tests

* revert yes | to echo y |

* Additional echo y fix

* Code review comments

* Change verify from same to contains as k8s 1.19 has extra warning lines.
2020-09-16 11:44:20 -07:00
Upo 8cfcfa5802
Add additional info about troubleshooting JWTs. (#8128)
* add note about istio protocol detection

* fix accidental replace

* fix extra dot in filename

* path fixes

* add note about how to field authz in effect

* fix typos and add a note on the claims

* undo file rename

* Update content/en/docs/ops/common-problems/security-issues/index.md

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Update content/en/docs/ops/common-problems/security-issues/index.md

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Apply suggestions from code review

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
2020-09-14 10:45:42 -07:00
Eric Van Norman 1020de7a56
Update master branch to release-1.8 after publishing 1.7 (#7997)
* build an archive of v1.6 in master

* update data/versions.yml and archive index page

* advance master to release-1.8

* Missing `make snips` in script
2020-08-21 20:23:38 -07:00
Eric Van Norman db796eab17
Branch cut changes for release-1.7 (#7767)
* Branch cut changes for release-1.7

* Missed make gen
2020-07-22 09:12:06 -07:00
Frank Budinsky e9a89c879f
Add owner attribute to docs (#7737)
* Add owner attribute to docs

* remove @
2020-07-15 15:19:40 -07:00
Eric Van Norman 78088360fe
Update istio/istio ref and reenable tests (#7669)
* Update istio/istio ref and reenable tests

* Update istio/istio reference

* Update istioctl build to have version for images

* Fix lint and pull a newer istio/istio

* Disable egress tests
2020-07-09 13:29:32 -07:00
Frank Budinsky 93458dd587
Temporarily disable broken tests (#7667)
* Temporarily disable broken tests

* use @setup

* use @setup

* another one
2020-07-06 16:56:19 -07:00
Frank Budinsky eadc0629dc
Authz TD migration test (#7653)
* Authz TD migration tests

* cleanup

* remove samples source
2020-06-30 20:23:20 -07:00
Frank Budinsky 01c4cce951
Add proper wait for config calls to tests (#7620)
* Add wait for config calls to tests

* two more
2020-06-24 09:48:29 -07:00
Hongyi Zhang 5fbb14bedc
Convert all old tests to new tests (#7522)
* add an example task to test

* main test function: save progress

* a working example: routing request

* improve log info and error handling

* introduce makefile

* run each test as a subtest; remove common setup from test.sh

* add another test.sh: fault-injection

* improve error handling

* check test environment

* add two more test.sh files

* fix make command for istio setup

* update two test.sh files from upstream

* add comments and update README.md

* update test.sh files from upstream

* support multiple test names

* update README

* update README.md for new framework

* remove documentation of migration steps

* undo format changes

* change separation line to '# @cleanup'

* move go code and makefile from content/ to tests/

* change package name

* make for loop more readable

* change the set of auto-sourced scripts

* add docs for all functions

* approach to deal with folders with the same name

* minor fixes to ensure everything still runs

* fix make gen error

* add a TIMEOUT argument

* make sure util/debug.sh works with new framework

* make lint-go happy

* [BIG CHANGE] allow different istio setup configs

* make linters happy

* make linters happier

* changed wording and function orders

* make error return as the 2nd argument

* add TODOs

* Update content/en/docs/tasks/traffic-management/traffic-shifting/test.sh

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Update tests/README.md

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Update tests/README.md

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Update tests/README.md

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Update tests/README.md

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Update tests/README.md

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Update tests/README.md

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* only test english docs

* Update tests/README.md

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* allow test.sh as suffix

* move adding setup configs to tests/setup

* recommend full paths

* Update tests/README.md

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* require full test paths

* converting old tests to new tests: traffic-management and misc

* converting old tests to new tests: security

* remove old tests

* Update content/en/docs/tasks/security/cert-management/dns-cert/test.sh

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* simplify setup configs

* Update content/en/docs/tasks/security/authentication/authn-policy/test.sh

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Update content/en/docs/tasks/security/authentication/mtls-migration/test.sh

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Update content/en/docs/tasks/security/authorization/authz-http/test.sh

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* do not let istioctl prompt y/n

* Update content/en/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/test.sh

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Update content/en/docs/tasks/traffic-management/ingress/secure-ingress/test.sh

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Update content/en/docs/tasks/security/cert-management/plugin-ca-cert/test.sh

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* simplify stuff

* rename dns-cert test.sh to test_broken.sh

* fix dns-cert doc and test

* remove egress=disabled

* fix test

* Update content/en/docs/tasks/observability/logs/access-log/test.sh

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Update content/en/docs/tasks/security/authentication/authn-policy/test.sh

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
2020-06-11 11:15:48 -07:00
Navraj Singh Chhina e7616b2ac0
Disable ShellChecking for SC2164 (#7507)
* add missing cleanup for vs nginx

* disable SC2164 which checks safe cd

* make gen
2020-06-08 13:56:32 -07:00
Shamsher Ansari 9fe272272b
update doc to use istioctl install (#7396) 2020-06-01 11:02:27 -07:00
Frank Budinsky e11cf24f0d
Add test: attribute to all md files (#7413) 2020-05-27 09:11:26 -07:00
Justin Pettit 21e03db9d9
Add authz-ingress user guide test. (#7407) 2020-05-27 06:40:06 -07:00
Justin Pettit 46607a1c43
authz-td-migration: Don't error when deleting non-existent items. (#7361) 2020-05-19 18:20:20 -07:00
Justin Pettit 7782eb1d0a
Authz jwt (#7338)
* snip.py: Replace github file token with release-specific URL.

* verify.sh: Show the expected output as well as the actual output.

* snip.py: Update the githubfile regex to not include email addresses.

When generating snip scripts, pairs of "@" signs indicate a link to
GitHub repo content.  However, JWT attribute values contained pairs of
email addresses such as:

    `testing@secure.istio.io/testing@secure.istio.io`

which would be treated as an email address and mangled.  This commit
rewrites the regex to not match on email addresses.

* Add authz-jwt user guide test.
2020-05-17 13:51:45 -04:00
Justin Pettit 8cacec48de
Authz deny (#7315)
* Add authz-tcp user guide test.

* Add run and verify functions for user doc tests.
2020-05-14 16:10:20 -07:00
Justin Pettit e77f3e8e2d
Add authz-tcp user guide test. (#7176)
Force merge because of netlify flake
2020-05-11 10:25:00 -04:00
Frank Budinsky f45bc9e1a8
Remove obsolete '# ' uses from all tests (#7233) 2020-05-06 19:17:11 -04:00
Oliver Liu 1e73594260
Restructure the cert management tasks. (#7209)
* Restructure the cert management tasks.

* Small fix.

* Fix references.

* Fix links

* Small fix.

* Update content/en/docs/tasks/security/cert-management/plugin-ca-cert/index.md

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>

* Small fix.

* Change the weights.

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
2020-05-04 14:57:29 -04:00
Istio Automation 9071b1f385
Fix code in 'Authorization for TCP traffic' (#7117)
The pod of tcp-echo which is asked its podIP is in `foo` namespace, so  the `kubectl get` should specify the namespace as `foo`.

Co-authored-by: Koki Tomoshige <36136133+tomocy@users.noreply.github.com>
2020-04-21 16:00:16 -04:00
Eric Van Norman 55accd83b4
Update base64 -d to --decode (#7039)
* Update base64 -d to --decode

* Fix additional -d to --decode change
2020-04-09 06:41:44 -07:00
Yangmin Zhu 686f3b7967
authz: update TCP task to use tcp-echo (#6754) 2020-03-06 11:33:38 -08:00
Istio Automation 5f6d0712b8
Add a guide of plugging in CA cert to istiod and update CA documents (#6644)
Co-authored-by: lei-tang <lei-tang@users.noreply.github.com>
2020-03-05 10:42:54 -08:00
Yangmin Zhu fa8a1f5da1
authz: update authz JWT task (#6693)
* authz: update authz JWT task

* address comments

* Update content/en/docs/tasks/security/authorization/authz-jwt/index.md

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

* Update content/en/docs/tasks/security/authorization/authz-jwt/index.md

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
2020-03-03 17:42:11 -08:00
Yangmin Zhu cba7f0fdfc
authz: add task for IP allow list and black list on ingress gateway (#6692)
* authz: add task for IP whitelist/blacklist on ingress gateway

* allow list and deny list

* Small grammar adjustments

* address comments

* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

* Update content/en/docs/tasks/security/authorization/authz-ingress/index.md

Co-Authored-By: Frank Budinsky <frankb@ca.ibm.com>

Co-authored-by: Adam Miller <1402860+adammil2000@users.noreply.github.com>
Co-authored-by: Frank Budinsky <frankb@ca.ibm.com>
2020-03-03 17:42:03 -08:00
Jimmy Chen ca72d2997d
Updated guide for Authorization Policy Trust Domain Migration (#6694)
Remove an outdated step from the guide.
2020-03-03 16:27:45 -08:00
Adam Miller f387200b5c
Typo fixes for issue #6487 (#6526)
* Typo fixes

* Fix linter error

* Typo

* Clarification
2020-02-25 14:58:45 -08:00
Yangmin Zhu c399db1761
authz: add task for deny policy (#6552)
* authz: add task for deny policy

* fix lint
2020-02-25 06:16:27 -08:00
Xinnan Wen ae181e8274
update operator api ver and fix (#6529) 2020-02-24 08:22:26 -08:00
Yangmin Zhu 362a64cf95 add notes for enabling mTLS for authz (#6280) 2020-01-06 08:09:25 -08:00
Martin Taillefer 6165cb9821
Replace cookies with local storage. (#5949)
- We don't need cookies for istio.io, the few settings we do have should be
managed with browser-local storage instead. This is a better privacy posture,
and avoids sending needless data to the server for every request.
2019-12-02 13:02:51 -08:00
Phillip Quy Le bc16c4c4a7 Create trust domain migration task for authz (#5486)
* Create trust domain migration task for authz

* Revise content and address comments

* Remove httpbin and sleep from example
2019-11-15 10:14:46 -08:00
Oliver Liu ef1ffd4cfd Fix auth installation and its references. (#5482)
* Fix auth installation and its references.

* Apply suggestions from code review

Fix according to the feedback.

Co-Authored-By: Martin Taillefer <geeknoid@users.noreply.github.com>
2019-11-08 16:51:19 -05:00
Frank Budinsky a6a5769f12
Organize security tasks (#5474)
* Organize security tasks

* lint errors

* fixes

* more fixes
2019-11-07 15:54:27 -05:00