Details
-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
maistra-0.9.0
Description
The Istio task: Denials and White/Black Listing
We didn't get the expected review-v3 denial after applying the mixer-rule-deny-label.yaml
We didn't get the expected productpage no starts without logging in after applying attributed-based whilte/black lists.
We didn't get the expected produtpage error message "PERMISSION_DENIED:staticversion.istio-system:<your mesh source ip> is not whitelisted" after applying IP-based white/black lists.
In previous TP8, this task shows a long delay time for applying each configuration. However, we can see the expected review-v3 denial and productpage no starts without logging in results after sleeping 90 seconds.
In TP9, all these three sub tasks are not working as expected.
Build: istio maistra-0.9.0
Environment: OCP 3.11
OCP console: https://tmor2-master.bc.jonqe.lab.eng.bos.redhat.com:8443/console/catalog
Test steps: https://preliminary.istio.io/docs/tasks/policy-enforcement/denial-and-list/
Test script: https://gitlab.cee.redhat.com/istio/istio-tasks-test-tools/blob/master/tests/TC_20_Denials_White_Black_Listing.sh
Results:
After applying denial, productpage still shows review-v3 red stars without logging in.
After applying white/black list, productpage still shows review-v3 red stars without logging in.
After applying ip-based white/black list, productpage still shows review-v3 red stars.
