Codecov Report

Merging #4246 into master will decrease coverage by 1%.
The diff coverage is 73%.

@@           Coverage Diff           @@
##           master   #4246    +/-   ##
=======================================
- Coverage      74%     74%   -<1%     
=======================================
  Files         313     313            
  Lines       29039   28968    -71     
=======================================
- Hits        21269   21164   -105     
- Misses       6451    6490    +39     
+ Partials     1319    1314     -5

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 88cf557...3eeab4e. Read the comment docs.

The code LGTM. General question: what does Pilot do with this new configuration, i.e. who is the consumer?

Thanks for the review! Currently pilot doesn't handle the new configuration other than the validation (both in admission controller and istioctl). There is a RBAC mixer adapter to consume these actual resources and apply the corresponding RBAC rules.
We have plans to implement the local RBAC and we'll need to change the pilot to directly consume these configuration at that time.

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ayj

The full list of commands accepted by this bot can be found here.

/test all [submit-queue is verifying that this PR is safe to merge]

Automatic merge from submit-queue.

@diemtvu Thanks for catching this!
I just realized that the istioctl has 2 different sources of scheme definition. The validation part actually works as the readInputs() is using model.IstioConfigTypes, but other parts of istioctl is using newClient().