Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add istio.io docs test for security/authn-policy
- Loading branch information
Showing
40 changed files
with
531 additions
and
0 deletions.
There are no files selected for viewing
168 changes: 168 additions & 0 deletions
168
pkg/test/istio.io/tasks/security/authn-policy/authn-policy_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,168 @@ | ||
// Copyright 2019 Istio Authors | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
package tests | ||
|
||
import ( | ||
"testing" | ||
|
||
"istio.io/istio/pkg/test/framework" | ||
"istio.io/istio/pkg/test/framework/components/environment" | ||
"istio.io/istio/pkg/test/framework/components/istio" | ||
"istio.io/istio/pkg/test/istio.io/examples" | ||
) | ||
|
||
var ( | ||
ist istio.Instance | ||
) | ||
|
||
func TestMain(m *testing.M) { | ||
framework.NewSuite("authn-policy", m). | ||
SetupOnEnv(environment.Kube, istio.Setup(&ist, setupConfig)). | ||
RequireEnvironment(environment.Kube). | ||
Run() | ||
} | ||
|
||
func setupConfig(cfg *istio.Config) { | ||
if cfg == nil { | ||
return | ||
} | ||
// This is redundant, but setting it explicitly to match the docs as it's explicitly required | ||
// in the docs. | ||
cfg.Values["global.mtls.enabled"] = "false" | ||
} | ||
|
||
// https://preliminary.istio.io/docs/tasks/security/authn-policy/ | ||
// https://github.com/istio/istio.io/blob/master/content/docs/tasks/security/authn-policy/index.md | ||
func TestAuthnPolicy(t *testing.T) { | ||
ex := examples.New(t, "Setup") | ||
|
||
ex.AddScript("", "create-namespaces.sh", examples.TextOutput) | ||
ex.AddFile("foo", "samples/httpbin/httpbin.yaml") | ||
ex.AddFile("foo", "samples/sleep/sleep.yaml") | ||
ex.AddFile("bar", "samples/httpbin/httpbin.yaml") | ||
ex.AddFile("bar", "samples/sleep/sleep.yaml") | ||
ex.AddFile("legacy", "samples/httpbin/httpbin.yaml") | ||
ex.AddFile("legacy", "samples/sleep/sleep.yaml") | ||
|
||
// This is missing from the docs, but it is necessary before continuing. | ||
ex.AddScript("", "wait-for-containers.sh", examples.TextOutput) | ||
ex.AddScript("", "verify-reachability.sh", examples.TextOutput) | ||
|
||
// TODO: Update the docs to use commands that succeed or fail, to check the authentication | ||
// policies and destination rules, and use the same commands here. | ||
ex.Run() | ||
|
||
ex = examples.New(t, "Globally enabling Istio mutual TLS") | ||
|
||
ex.AddScript("", "part1-configure-authentication-meshpolicy.sh", examples.TextOutput) | ||
// TODO: Update the docs to add instructions to wait until the policy has been propagated, | ||
// and use the same commands here. | ||
|
||
// TODO: Check the output of the command. Fail if curl doesn't fail. | ||
ex.AddScript("", "part1-verify-reachability-from-istio.sh", examples.TextOutput) | ||
ex.AddScript("", "part1-configure-destinationrule-default.sh", examples.TextOutput) | ||
// TODO: Fail if curl fails. | ||
ex.AddScript("", "part1-verify-reachability-from-istio.sh", examples.TextOutput) | ||
// TODO: Fail if curl doesn't fail. | ||
ex.AddScript("", "part1-verify-reachability-from-non-istio.sh", examples.TextOutput) | ||
|
||
// TODO: Fail if curl doesn't fail. | ||
ex.AddScript("", "part1-verify-reachability-to-legacy.sh", examples.TextOutput) | ||
ex.AddScript("", "part1-configure-destinationrule-httpbin-legacy.sh", examples.TextOutput) | ||
// TODO: Fail if curl fails. | ||
ex.AddScript("", "part1-verify-reachability-to-legacy.sh", examples.TextOutput) | ||
|
||
// TODO: Fail if curl doesn't fail. | ||
ex.AddScript("", "part1-verify-reachability-to-k8s-api.sh", examples.TextOutput) | ||
ex.AddScript("", "part1-configure-destinationrule-api-server.sh", examples.TextOutput) | ||
// TODO: Fail if curl fails. | ||
ex.AddScript("", "part1-verify-reachability-to-k8s-api.sh", examples.TextOutput) | ||
|
||
ex.AddScript("", "part1-cleanup.sh", examples.TextOutput) | ||
|
||
ex.Run() | ||
|
||
ex = examples.New(t, "Enable mutual TLS per namespace or service") | ||
|
||
ex.AddScript("", "part2-configure-authentication-policy-default.sh", examples.TextOutput) | ||
ex.AddScript("", "part2-configure-destinationrule-default.sh", examples.TextOutput) | ||
// TODO: Update the docs to add instructions to wait until the policy has been propagated, | ||
// and use the same commands here. | ||
|
||
// TODO: Fail if curl from foo or bar to any other namespace fails. | ||
// TODO: Fail if curl from legacy to foo succeeds. | ||
ex.AddScript("", "part2-verify-reachability.sh", examples.TextOutput) | ||
ex.AddScript("", "part2-configure-authentication-policy-httpbin.sh", examples.TextOutput) | ||
ex.AddScript("", "part2-configure-destinationrule-httpbin.sh", examples.TextOutput) | ||
// TODO: Fail if curl from foo or bar to any other namespace fails. | ||
// TODO: Fail if curl from legacy to foo OR bar succeeds. | ||
ex.AddScript("", "part2-verify-reachability.sh", examples.TextOutput) | ||
|
||
ex.AddScript("", "part2-configure-authentication-policy-httpbin-port.sh", examples.TextOutput) | ||
ex.AddScript("", "part2-configure-destinationrule-httpbin-port.sh", examples.TextOutput) | ||
// TODO: Fail if curl fails. | ||
ex.AddScript("", "part2-verify-reachability-to-bar-port-8000.sh", examples.TextOutput) | ||
|
||
ex.AddScript("", "part2-configure-authentication-policy-overwrite-example.sh", examples.TextOutput) | ||
ex.AddScript("", "part2-configure-destinationrule-overwrite-example.sh", examples.TextOutput) | ||
// TODO: Fail if curl fails. | ||
ex.AddScript("", "part2-verify-reachability-to-foo-port-8000.sh", examples.TextOutput) | ||
|
||
ex.AddScript("", "part2-cleanup.sh", examples.TextOutput) | ||
|
||
ex.Run() | ||
|
||
ex = examples.New(t, "End-user authentication") | ||
|
||
ex.AddScript("", "part3-configure-gateway-httpbin.sh", examples.TextOutput) | ||
ex.AddScript("", "part3-configure-virtualservice-httpbin.sh", examples.TextOutput) | ||
// TODO: Update the docs to add instructions to wait until the gateway is ready, | ||
// and use the same commands here. | ||
|
||
// TODO: Fail if curl fails. | ||
ex.AddScript("", "part3-verify-reachability-headers-without-token.sh", examples.TextOutput) | ||
ex.AddScript("", "part3-configure-authentication-policy-jwt-example.sh", examples.TextOutput) | ||
// TODO: Fail if curl succeeds. | ||
ex.AddScript("", "part3-verify-reachability-headers-without-token.sh", examples.TextOutput) | ||
// TODO: Fail if curl fails. | ||
ex.AddScript("", "part3-verify-reachability-headers-with-token.sh", examples.TextOutput) | ||
|
||
// TODO: Add the test that runs security/tools/jwt/samples/gen-jwt.py against | ||
// security/tools/jwt/samples/key.pem. | ||
// This requires having Python and the jwcrypto library installed locally. | ||
|
||
ex.AddScript("", "part3-configure-authentication-policy-jwt-example-exclude.sh", examples.TextOutput) | ||
// TODO: Fail if curl fails. | ||
ex.AddScript("", "part3-verify-reachability-useragent-without-token.sh", examples.TextOutput) | ||
// TODO: Fail if curl succeeds. | ||
ex.AddScript("", "part3-verify-reachability-headers-without-token.sh", examples.TextOutput) | ||
|
||
ex.AddScript("", "part3-configure-authentication-policy-jwt-example-include.sh", examples.TextOutput) | ||
// TODO: Fail if curl fails. | ||
ex.AddScript("", "part3-verify-reachability-useragent-without-token.sh", examples.TextOutput) | ||
// TODO: Fail if curl succeeds. | ||
ex.AddScript("", "part3-verify-reachability-ip-without-token.sh", examples.TextOutput) | ||
// TODO: Fail if curl fails. | ||
ex.AddScript("", "part3-verify-reachability-ip-with-token.sh", examples.TextOutput) | ||
|
||
ex.AddScript("", "part3-configure-authentication-policy-jwt-mtls.sh", examples.TextOutput) | ||
ex.AddScript("", "part3-configure-destinationrule-httpbin.sh", examples.TextOutput) | ||
// TODO: Fail if curl fails. | ||
ex.AddScript("", "part3-verify-reachability-from-istio-with-token.sh", examples.TextOutput) | ||
// TODO: Fail if curl succeeds. | ||
ex.AddScript("", "part3-verify-reachability-from-non-istio-with-token.sh", examples.TextOutput) | ||
|
||
ex.AddScript("", "part3-cleanup.sh", examples.TextOutput) | ||
|
||
ex.Run() | ||
} |
5 changes: 5 additions & 0 deletions
5
pkg/test/istio.io/tasks/security/authn-policy/create-namespaces.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#!/bin/bash | ||
set -e | ||
kubectl create ns foo | ||
kubectl create ns bar | ||
kubectl create ns legacy |
5 changes: 5 additions & 0 deletions
5
pkg/test/istio.io/tasks/security/authn-policy/part1-cleanup.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#!/bin/bash | ||
kubectl delete meshpolicy default | ||
kubectl delete destinationrules httpbin-legacy -n legacy | ||
kubectl delete destinationrules api-server -n istio-system | ||
kubectl delete destinationrules default -n istio-system |
11 changes: 11 additions & 0 deletions
11
pkg/test/istio.io/tasks/security/authn-policy/part1-configure-authentication-meshpolicy.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
#!/bin/bash | ||
set -e | ||
kubectl apply -f - <<EOF | ||
apiVersion: "authentication.istio.io/v1alpha1" | ||
kind: "MeshPolicy" | ||
metadata: | ||
name: "default" | ||
spec: | ||
peers: | ||
- mtls: {} | ||
EOF |
14 changes: 14 additions & 0 deletions
14
pkg/test/istio.io/tasks/security/authn-policy/part1-configure-destinationrule-api-server.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
#!/bin/bash | ||
set -e | ||
kubectl apply -f - <<EOF | ||
apiVersion: networking.istio.io/v1alpha3 | ||
kind: DestinationRule | ||
metadata: | ||
name: "api-server" | ||
namespace: istio-system | ||
spec: | ||
host: "kubernetes.default.svc.cluster.local" | ||
trafficPolicy: | ||
tls: | ||
mode: DISABLE | ||
EOF |
14 changes: 14 additions & 0 deletions
14
pkg/test/istio.io/tasks/security/authn-policy/part1-configure-destinationrule-default.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
#!/bin/bash | ||
set -e | ||
kubectl apply -f - <<EOF | ||
apiVersion: "networking.istio.io/v1alpha3" | ||
kind: "DestinationRule" | ||
metadata: | ||
name: "default" | ||
namespace: "istio-system" | ||
spec: | ||
host: "*.local" | ||
trafficPolicy: | ||
tls: | ||
mode: ISTIO_MUTUAL | ||
EOF |
14 changes: 14 additions & 0 deletions
14
...st/istio.io/tasks/security/authn-policy/part1-configure-destinationrule-httpbin-legacy.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
#!/bin/bash | ||
set -e | ||
kubectl apply -f - <<EOF | ||
apiVersion: networking.istio.io/v1alpha3 | ||
kind: DestinationRule | ||
metadata: | ||
name: "httpbin-legacy" | ||
namespace: "legacy" | ||
spec: | ||
host: "httpbin.legacy.svc.cluster.local" | ||
trafficPolicy: | ||
tls: | ||
mode: DISABLE | ||
EOF |
2 changes: 2 additions & 0 deletions
2
pkg/test/istio.io/tasks/security/authn-policy/part1-verify-reachability-from-istio.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash | ||
for from in "foo" "bar"; do for to in "foo" "bar"; do kubectl exec $(kubectl get pod -l app=sleep -n ${from} -o jsonpath={.items..metadata.name}) -c sleep -n ${from} -- curl "http://httpbin.${to}:8000/ip" -s -o /dev/null -w "sleep.${from} to httpbin.${to}: %{http_code}\n"; done; done |
2 changes: 2 additions & 0 deletions
2
pkg/test/istio.io/tasks/security/authn-policy/part1-verify-reachability-from-non-istio.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash | ||
for from in "legacy"; do for to in "foo" "bar"; do kubectl exec $(kubectl get pod -l app=sleep -n ${from} -o jsonpath={.items..metadata.name}) -c sleep -n ${from} -- curl "http://httpbin.${to}:8000/ip" -s -o /dev/null -w "sleep.${from} to httpbin.${to}: %{http_code}\n"; done; done |
3 changes: 3 additions & 0 deletions
3
pkg/test/istio.io/tasks/security/authn-policy/part1-verify-reachability-to-k8s-api.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
#!/bin/bash | ||
TOKEN=$(kubectl describe secret $(kubectl get secrets | grep default-token | cut -f1 -d ' ' | head -1) | grep -E '^token' | cut -f2 -d':' | tr -d '\t') | ||
kubectl exec $(kubectl get pod -l app=sleep -n foo -o jsonpath={.items..metadata.name}) -c sleep -n foo -- curl https://kubernetes.default/api --header "Authorization: Bearer $TOKEN" --insecure -s -o /dev/null -w "%{http_code}\n" |
2 changes: 2 additions & 0 deletions
2
pkg/test/istio.io/tasks/security/authn-policy/part1-verify-reachability-to-legacy.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash | ||
for from in "foo" "bar"; do for to in "legacy"; do kubectl exec $(kubectl get pod -l app=sleep -n ${from} -o jsonpath={.items..metadata.name}) -c sleep -n ${from} -- curl "http://httpbin.${to}:8000/ip" -s -o /dev/null -w "sleep.${from} to httpbin.${to}: %{http_code}\n"; done; done |
5 changes: 5 additions & 0 deletions
5
pkg/test/istio.io/tasks/security/authn-policy/part2-cleanup.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#!/bin/bash | ||
kubectl delete policy default overwrite-example -n foo | ||
kubectl delete policy httpbin -n bar | ||
kubectl delete destinationrules default overwrite-example -n foo | ||
kubectl delete destinationrules httpbin -n bar |
12 changes: 12 additions & 0 deletions
12
...est/istio.io/tasks/security/authn-policy/part2-configure-authentication-policy-default.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
#!/bin/bash | ||
set -e | ||
kubectl apply -f - <<EOF | ||
apiVersion: "authentication.istio.io/v1alpha1" | ||
kind: "Policy" | ||
metadata: | ||
name: "default" | ||
namespace: "foo" | ||
spec: | ||
peers: | ||
- mtls: {} | ||
EOF |
15 changes: 15 additions & 0 deletions
15
...stio.io/tasks/security/authn-policy/part2-configure-authentication-policy-httpbin-port.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
#!/bin/bash | ||
set -e | ||
cat <<EOF | kubectl apply -n bar -f - | ||
apiVersion: "authentication.istio.io/v1alpha1" | ||
kind: "Policy" | ||
metadata: | ||
name: "httpbin" | ||
spec: | ||
targets: | ||
- name: httpbin | ||
ports: | ||
- number: 1234 | ||
peers: | ||
- mtls: {} | ||
EOF |
13 changes: 13 additions & 0 deletions
13
...est/istio.io/tasks/security/authn-policy/part2-configure-authentication-policy-httpbin.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
#!/bin/bash | ||
set -e | ||
cat <<EOF | kubectl apply -n bar -f - | ||
apiVersion: "authentication.istio.io/v1alpha1" | ||
kind: "Policy" | ||
metadata: | ||
name: "httpbin" | ||
spec: | ||
targets: | ||
- name: httpbin | ||
peers: | ||
- mtls: {} | ||
EOF |
11 changes: 11 additions & 0 deletions
11
...io/tasks/security/authn-policy/part2-configure-authentication-policy-overwrite-example.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
#!/bin/bash | ||
set -e | ||
cat <<EOF | kubectl apply -n foo -f - | ||
apiVersion: "authentication.istio.io/v1alpha1" | ||
kind: "Policy" | ||
metadata: | ||
name: "overwrite-example" | ||
spec: | ||
targets: | ||
- name: httpbin | ||
EOF |
14 changes: 14 additions & 0 deletions
14
pkg/test/istio.io/tasks/security/authn-policy/part2-configure-destinationrule-default.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
#!/bin/bash | ||
set -e | ||
kubectl apply -f - <<EOF | ||
apiVersion: "networking.istio.io/v1alpha3" | ||
kind: "DestinationRule" | ||
metadata: | ||
name: "default" | ||
namespace: "foo" | ||
spec: | ||
host: "*.foo.svc.cluster.local" | ||
trafficPolicy: | ||
tls: | ||
mode: ISTIO_MUTUAL | ||
EOF |
18 changes: 18 additions & 0 deletions
18
...test/istio.io/tasks/security/authn-policy/part2-configure-destinationrule-httpbin-port.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
#!/bin/bash | ||
set -e | ||
cat <<EOF | kubectl apply -n bar -f - | ||
apiVersion: "networking.istio.io/v1alpha3" | ||
kind: "DestinationRule" | ||
metadata: | ||
name: "httpbin" | ||
spec: | ||
host: httpbin.bar.svc.cluster.local | ||
trafficPolicy: | ||
tls: | ||
mode: DISABLE | ||
portLevelSettings: | ||
- port: | ||
number: 1234 | ||
tls: | ||
mode: ISTIO_MUTUAL | ||
EOF |
13 changes: 13 additions & 0 deletions
13
pkg/test/istio.io/tasks/security/authn-policy/part2-configure-destinationrule-httpbin.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
#!/bin/bash | ||
set -e | ||
cat <<EOF | kubectl apply -n bar -f - | ||
apiVersion: "networking.istio.io/v1alpha3" | ||
kind: "DestinationRule" | ||
metadata: | ||
name: "httpbin" | ||
spec: | ||
host: "httpbin.bar.svc.cluster.local" | ||
trafficPolicy: | ||
tls: | ||
mode: ISTIO_MUTUAL | ||
EOF |
13 changes: 13 additions & 0 deletions
13
...istio.io/tasks/security/authn-policy/part2-configure-destinationrule-overwrite-example.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
#!/bin/bash | ||
set -e | ||
cat <<EOF | kubectl apply -n foo -f - | ||
apiVersion: "networking.istio.io/v1alpha3" | ||
kind: "DestinationRule" | ||
metadata: | ||
name: "overwrite-example" | ||
spec: | ||
host: httpbin.foo.svc.cluster.local | ||
trafficPolicy: | ||
tls: | ||
mode: DISABLE | ||
EOF |
2 changes: 2 additions & 0 deletions
2
pkg/test/istio.io/tasks/security/authn-policy/part2-verify-reachability-to-bar-port-8000.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash | ||
kubectl exec $(kubectl get pod -l app=sleep -n legacy -o jsonpath={.items..metadata.name}) -c sleep -n legacy -- curl http://httpbin.bar:8000/ip -s -o /dev/null -w "%{http_code}\n" |
2 changes: 2 additions & 0 deletions
2
pkg/test/istio.io/tasks/security/authn-policy/part2-verify-reachability-to-foo-port-8000.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash | ||
kubectl exec $(kubectl get pod -l app=sleep -n legacy -o jsonpath={.items..metadata.name}) -c sleep -n legacy -- curl http://httpbin.foo:8000/ip -s -o /dev/null -w "%{http_code}\n" |
2 changes: 2 additions & 0 deletions
2
pkg/test/istio.io/tasks/security/authn-policy/part2-verify-reachability.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash | ||
for from in "foo" "bar" "legacy"; do for to in "foo" "bar" "legacy"; do kubectl exec $(kubectl get pod -l app=sleep -n ${from} -o jsonpath={.items..metadata.name}) -c sleep -n ${from} -- curl "http://httpbin.${to}:8000/ip" -s -o /dev/null -w "sleep.${from} to httpbin.${to}: %{http_code}\n"; done; done |
4 changes: 4 additions & 0 deletions
4
pkg/test/istio.io/tasks/security/authn-policy/part3-cleanup.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#!/bin/bash | ||
kubectl -n foo delete policy jwt-example | ||
kubectl -n foo delete destinationrule httpbin | ||
kubectl delete ns foo bar legacy |
Oops, something went wrong.