samples/bookinfo/platform/kube/rbac/details-reviews-policy-permissive.yaml has the following Spec:
spec: subjects: - user: "cluster.local/ns/default/sa/bookinfo-productpage" roleRef: kind: ServiceRole name: "details-reviews-viewer" mode: PERMISSIVE
I wondered what ‘mode: PERMISSIVE’ means. It is not documented at istio.io. api/rbac/v1alpha1/rbac.pb.go flags it
$hide_from_docs so this is not a problem with documentation.
Why are there fields in samples that are not documented? Aren’t users going to wonder what these fields mean and try to look them up and get discouraged?