-
Notifications
You must be signed in to change notification settings - Fork 7.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add regex function in string matcher #27984
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should update the tests under the builder, see all the golden files in testdata.
Also add a new global environment flag to make this behavior opt-in.
This is also user-facing changes (even guarded by flag and disabled by default), it needs an item for the release notes. |
8e190fe
to
ded4954
Compare
I prefer to keep original policy, you can add the regex to existing policy
or in a new one.
…On Wed, Oct 28, 2020 at 12:46 PM Linggg ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In tests/integration/security/testdata/authz/v1beta1-conditions.yaml.tmpl
<#27984 (comment)>:
> - to:
- operation:
paths: ["/source-namespace-b"]
when:
- key: source.namespace
values: ["{{ .NamespaceB }}"]
----
-
-apiVersion: security.istio.io/v1beta1
It seems simplified the yaml file. Do you prefer I keep original policy or
merge them together?
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub
<#27984 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAQWO2DR2TPVWQEPIXRJNOTSNBYIFANCNFSM4SRUL4MQ>
.
|
3aac4d3
to
068635b
Compare
/retest |
2 similar comments
/retest |
/retest |
--- | ||
|
||
# Each of the following authorization policy uses a different condition on the given path. | ||
|
||
apiVersion: security.istio.io/v1beta1 | ||
kind: AuthorizationPolicy | ||
metadata: | ||
name: condition-request-headers-notvalues | ||
name: condition-request-headers |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why change the name here? It's duplicate of the other policy and will override it.
/retest |
@xulingqing: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@xulingqing: The following test failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
🚧 This issue or pull request has been closed due to not having had activity from an Istio team member since 2020-10-30. If you feel this issue or pull request deserves attention, please reopen the issue. Please see this wiki page for more information. Thank you for your contributions. Created by the issue and PR lifecycle manager. |
@xulingqing xulingqing and @howardjohn. Any chance to bring this to life? |
Add regex matching for Authz policies:
istio.io website change:
[ ] Configuration Infrastructure
[ ] Docs
[ ] Installation
[ ] Networking
[ ] Performance and Scalability
[ ] Policies and Telemetry
[X] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure
Pull Request Attributes
Please check any characteristics that apply to this pull request.
[X] Does not have any changes that may affect Istio users.