istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/security/authz/builder/testdata/http/extended-multiple-policies-out.yaml (about) 1 name: envoy.filters.http.rbac 2 typedConfig: 3 '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC 4 rules: 5 policies: 6 ns[foo]-policy[httpbin-1]-rule[0]: 7 permissions: 8 - andRules: 9 rules: 10 - orRules: 11 rules: 12 - header: 13 name: :method 14 stringMatch: 15 exact: GET 16 - header: 17 name: :method 18 stringMatch: 19 exact: POST 20 principals: 21 - andIds: 22 ids: 23 - any: true 24 ns[foo]-policy[httpbin-2]-rule[0]: 25 permissions: 26 - andRules: 27 rules: 28 - orRules: 29 rules: 30 - urlPath: 31 path: 32 exact: /v1 33 - urlPath: 34 path: 35 exact: /v2 36 principals: 37 - andIds: 38 ids: 39 - any: true 40 ns[foo]-policy[httpbin-3]-rule[0]: 41 permissions: 42 - andRules: 43 rules: 44 - orRules: 45 rules: 46 - header: 47 name: :authority 48 stringMatch: 49 exact: google.com 50 ignoreCase: true 51 - header: 52 name: :authority 53 stringMatch: 54 exact: httpbin.org 55 ignoreCase: true 56 principals: 57 - andIds: 58 ids: 59 - any: true 60 ns[foo]-policy[httpbin-4]-rule[0]: 61 permissions: 62 - andRules: 63 rules: 64 - orRules: 65 rules: 66 - destinationPort: 80 67 - destinationPort: 90 68 principals: 69 - andIds: 70 ids: 71 - any: true 72 ns[foo]-policy[httpbin-5]-rule[0]: 73 permissions: 74 - andRules: 75 rules: 76 - any: true 77 principals: 78 - andIds: 79 ids: 80 - orIds: 81 ids: 82 - authenticated: 83 principalName: 84 exact: spiffe://principals1 85 - authenticated: 86 principalName: 87 exact: spiffe://principals2 88 ns[foo]-policy[httpbin-6]-rule[0]: 89 permissions: 90 - andRules: 91 rules: 92 - any: true 93 principals: 94 - andIds: 95 ids: 96 - orIds: 97 ids: 98 - andIds: 99 ids: 100 - metadata: 101 filter: envoy.filters.http.jwt_authn 102 path: 103 - key: payload 104 - key: iss 105 value: 106 stringMatch: 107 exact: requestPrincipals1 108 - metadata: 109 filter: envoy.filters.http.jwt_authn 110 path: 111 - key: payload 112 - key: sub 113 value: 114 stringMatch: 115 exact: "" 116 - andIds: 117 ids: 118 - metadata: 119 filter: envoy.filters.http.jwt_authn 120 path: 121 - key: payload 122 - key: iss 123 value: 124 stringMatch: 125 exact: requestPrincipals2 126 - metadata: 127 filter: envoy.filters.http.jwt_authn 128 path: 129 - key: payload 130 - key: sub 131 value: 132 stringMatch: 133 exact: "" 134 ns[foo]-policy[httpbin-7]-rule[0]: 135 permissions: 136 - andRules: 137 rules: 138 - any: true 139 principals: 140 - andIds: 141 ids: 142 - orIds: 143 ids: 144 - authenticated: 145 principalName: 146 safeRegex: 147 regex: .*/ns/namespaces1/.* 148 - authenticated: 149 principalName: 150 safeRegex: 151 regex: .*/ns/namespaces2/.* 152 ns[foo]-policy[httpbin-8]-rule[0]: 153 permissions: 154 - andRules: 155 rules: 156 - any: true 157 principals: 158 - andIds: 159 ids: 160 - orIds: 161 ids: 162 - directRemoteIp: 163 addressPrefix: 1.2.3.4 164 prefixLen: 32 165 - directRemoteIp: 166 addressPrefix: 5.6.7.0 167 prefixLen: 24 168 ns[foo]-policy[httpbin-9]-rule[0]: 169 permissions: 170 - andRules: 171 rules: 172 - any: true 173 principals: 174 - andIds: 175 ids: 176 - orIds: 177 ids: 178 - header: 179 name: X-abc 180 stringMatch: 181 exact: abc1 182 - header: 183 name: X-abc 184 stringMatch: 185 exact: abc2 186 shadowRulesStatPrefix: istio_dry_run_allow_