istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/security/authz/builder/testdata/http/extended-custom-http-provider-out2.yaml (about) 1 name: envoy.filters.http.ext_authz 2 typedConfig: 3 '@type': type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz 4 allowedHeaders: 5 patterns: 6 - exact: x-custom-id 7 ignoreCase: true 8 - ignoreCase: true 9 prefix: x-prefix- 10 - ignoreCase: true 11 suffix: -suffix 12 failureModeAllow: true 13 filterEnabledMetadata: 14 filter: envoy.filters.http.rbac 15 path: 16 - key: istio_ext_authz_shadow_effective_policy_id 17 value: 18 stringMatch: 19 prefix: istio-ext-authz 20 httpService: 21 authorizationRequest: 22 headersToAdd: 23 - key: x-header-1 24 value: value-1 25 - key: x-header-2 26 value: value-2 27 authorizationResponse: 28 allowedClientHeaders: 29 patterns: 30 - exact: Set-cookie 31 ignoreCase: true 32 - ignoreCase: true 33 prefix: x-prefix- 34 - ignoreCase: true 35 suffix: -suffix 36 allowedClientHeadersOnSuccess: 37 patterns: 38 - exact: Set-cookie 39 ignoreCase: true 40 - ignoreCase: true 41 prefix: x-prefix- 42 - ignoreCase: true 43 suffix: -suffix 44 allowedUpstreamHeaders: 45 patterns: 46 - exact: Authorization 47 ignoreCase: true 48 - ignoreCase: true 49 prefix: x-prefix- 50 - ignoreCase: true 51 suffix: -suffix 52 pathPrefix: /check 53 serverUri: 54 cluster: outbound|9000||my-custom-ext-authz.foo.svc.cluster.local 55 timeout: 10s 56 uri: http://my-custom-ext-authz.foo.svc.cluster.local 57 statusOnError: 58 code: Forbidden 59 transportApiVersion: V3 60 withRequestBody: 61 allowPartialMessage: true 62 maxRequestBytes: 2048 63 packAsBytes: true