-
Notifications
You must be signed in to change notification settings - Fork 2.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
policy: implement DefaultAction: Pass
This adjusts the policy enablement calculation to take in to account Pass rules. If an endpoint has a mix of Pass and Deny rules, then there is a default-deny rule created, as expected. If an endpoint has only Pass Allow rules, that is equivalent to an open policy, and no default-deny rule is added. As a special case, if an endpoint has only Deny - Pass rules, we need to synthesize a default-allow rule as well. Signed-off-by: Casey Callendrello <cdc@isovalent.com>
- Loading branch information
Showing
2 changed files
with
355 additions
and
51 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.