on-policy | official implementation of Multi-Agent PPO | Reinforcement Learning library

Getting following error from the console window after updating the chrome to version 88.0.4324.104

I am very new to Istio Authorization policies, I need some help with setting up authorization policies :

Here is the scenario:

1. I have a namespace called namespace1 which has 4 Microservices running in them. For the context, let's call them A,B,C,D. And all 4 microservices have istio-sidecar injection enabled.

2. have a namespace called namespace2 which has 2 Microservices running in them. For the context, let's call them E,F. And both microservices have istio-sidecar injection enabled.

3. Now I have deployed Memcached service by following Memcached using mcrouter to namespace memcached. And all the pods of Memcached are also having istio-sidecar injection enabled.

Now I have a scenario where I have to allow only calls from B and C microservices in namespace1 to be made to memcached services and deny calls from A and D in namespace1 along with calls coming from any other namespaces. Is it possible to achieve this using istio authorization policies?

According to this https://medium.com/@bekahlundy/google-cloud-platform-fundamentals-for-aws-professionals-week-2-bbee857472f5 Policies are a union of those applied on the resource itself and those inherited from higher levels in the hierarchy. If a parent policy is less restrictive, it overrides a more restrictive policy applied on the resource. If a parent policy is more restrictive, it does not override a less restrictive policy applied on the resource. Therefore, access granted at a higher level in the hierarchy cannot be taken away by policies applied at a lower level in the hierarchy.

But according to the diagram here https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy Parent allows red+green, child denies green, and the result is red?

Seems to conflict. Appreciate any input. Thanks!

I have a requirement where I want to restrict certain service account from creating key (json/yaml file) but that restriction should only affect specific service account in a specific project which belongs to an organization.

I did go through the following documentation, but It did not match the requirement of restricting only certain service account rather than all service account in that particular organization.

I have a working Troposphere template that brings up my environment with a classic load balancer. I am modifying it to have the load balancer port 443 listener come up using the SSL Negotiation policy(cypher) ELBSecurityPolicy-TLS-1-2-2017-01.

It will let me generate the cloudformation yaml but when I try to create the stack using the generated yaml I get the error "Encountered unsupported property PolicyType" while it is trying to create the load balancer.

PolicyType is supported by Troposphere but not in AWS CF??

Any clues as to what I am doing wrong? Is there a better way?

I can not find any examples of updating the SSL negotiation using the Troposphere framework.

Here is the snippet of my Troposphere ELB listener code section that I think should do the magic -

I have a similar issue to this post How to make my Android app comply with the "Background Location Policy" but that post doesn't have an answer.

I have a web browser app, which on occasion will ask for location permissions if the user visits a website that requests that. App targets API 29. The app manifest has which is API 23 and higher because I didn't want to force location permission on older phones.

Today I got an email saying I have until March to fix this, but I don't understand what I have to do, I'm not requesting background location anywhere.

Anyone have any idea what I have to do?

Edit: I have read the help center, and I'm wondering if that my issue is the ACCESS_FINE_LOCATION, maybe something is accessing it on the background. I don't know how I would prevent ad networks from that if they do it. I already pause the WebViews the app is not on the foreground so websites should not be using it.

Edit2: Is there maybe a way I can log background location access so that I can monitor my app a few days to see if it happens?

I want to have a one liner for setting properties to AWS Cloudwatch loggroups. I came across the xargs command. But I do not understand what am I doing wrong:

If I turn on the Organization Policy constraint "Domain Restricted Sharing" (doc) and set it to allow only my org domain foo.com, will this prevent the slew of platform service accounts from getting their IAM permissions granted? For instance, accounts in the domain @iam.gserviceaccount.com or @developer.gserviceaccount.com. These service accounts get provisioned and given permissions all over the place. My worry is that enabling "Domain Restricted Sharing" will block these accounts from having IAM access.

Another way to ask this is: does "Domain Restricted Sharing" ignore these sorts of platform-based service accounts? If it doesn't, I feel like it would be difficult to maintain a list of exceptions.

A more fundamental question - does "Domain Restricted Sharing" only apply to Cloud Identity / Google Workspace accounts, and is hence not relevant when it comes to service accounts?

This is official page: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret

I created these files:

variables.tf