-
Notifications
You must be signed in to change notification settings - Fork 474
/
authorization_policy_data.go
82 lines (76 loc) · 2.18 KB
/
authorization_policy_data.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
package data
import (
api_security_v1beta1 "istio.io/api/security/v1beta1"
api_v1beta1 "istio.io/api/type/v1beta1"
security_v1beta1 "istio.io/client-go/pkg/apis/security/v1beta1"
)
func CreateAuthorizationPolicy(sourceNamespaces, operationMethods, operationHosts []string, selector map[string]string) *security_v1beta1.AuthorizationPolicy {
ap := security_v1beta1.AuthorizationPolicy{}
ap.Name = "auth-policy"
ap.Namespace = "bookinfo"
ap.Spec.Selector = &api_v1beta1.WorkloadSelector{
MatchLabels: selector,
}
ap.Spec.Rules = []*api_security_v1beta1.Rule{
{
From: []*api_security_v1beta1.Rule_From{
{
Source: &api_security_v1beta1.Source{
Namespaces: sourceNamespaces,
},
},
},
To: []*api_security_v1beta1.Rule_To{
{
Operation: &api_security_v1beta1.Operation{
Methods: operationMethods,
Hosts: operationHosts,
},
},
},
When: []*api_security_v1beta1.Condition{
{
Key: "request.headers",
Values: []string{"HTTP"},
},
},
},
}
return &ap
}
func CreateEmptyAuthorizationPolicy(name, namespace string) *security_v1beta1.AuthorizationPolicy {
ap := security_v1beta1.AuthorizationPolicy{}
ap.Name = name
ap.Namespace = namespace
ap.Spec = api_security_v1beta1.AuthorizationPolicy{}
return &ap
}
func CreateEmptyMeshAuthorizationPolicy(name string) *security_v1beta1.AuthorizationPolicy {
return CreateEmptyAuthorizationPolicy(name, "istio-system")
}
func CreateAuthorizationPolicyWithMetaAndSelector(name, namespace string, selector map[string]string) *security_v1beta1.AuthorizationPolicy {
ap := security_v1beta1.AuthorizationPolicy{}
ap.Name = name
ap.Namespace = namespace
ap.Spec.Selector = &api_v1beta1.WorkloadSelector{
MatchLabels: selector,
}
return &ap
}
func CreateAuthorizationPolicyWithPrincipals(name, namespace string, principalsList []string) *security_v1beta1.AuthorizationPolicy {
ap := security_v1beta1.AuthorizationPolicy{}
ap.Name = name
ap.Namespace = namespace
ap.Spec.Rules = []*api_security_v1beta1.Rule{
{
From: []*api_security_v1beta1.Rule_From{
{
Source: &api_security_v1beta1.Source{
Principals: principalsList,
},
},
},
},
}
return &ap
}