istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/security/authz/builder/testdata/http/allow-host-before-111-out.yaml (about) 1 name: envoy.filters.http.rbac 2 typedConfig: 3 '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC 4 rules: 5 policies: 6 ns[foo]-policy[httpbin-1]-rule[0]: 7 permissions: 8 - andRules: 9 rules: 10 - orRules: 11 rules: 12 - header: 13 name: :authority 14 safeRegexMatch: 15 regex: (?i)example\.com 16 - header: 17 name: :authority 18 safeRegexMatch: 19 regex: (?i)prefix\.example\..* 20 - header: 21 name: :authority 22 safeRegexMatch: 23 regex: (?i).*\.example\.com 24 - header: 25 name: :authority 26 presentMatch: true 27 - notRule: 28 orRules: 29 rules: 30 - header: 31 name: :authority 32 safeRegexMatch: 33 regex: (?i)not-example\.com 34 - header: 35 name: :authority 36 safeRegexMatch: 37 regex: (?i)prefix\.not-example\..* 38 - header: 39 name: :authority 40 safeRegexMatch: 41 regex: (?i).*\.not-example\.com 42 - header: 43 name: :authority 44 presentMatch: true 45 principals: 46 - andIds: 47 ids: 48 - any: true 49 shadowRulesStatPrefix: istio_dry_run_allow_