istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/security/authz/builder/testdata/http/extended-simple-policy-multiple-td-aliases-out.yaml (about) 1 name: envoy.filters.http.rbac 2 typedConfig: 3 '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC 4 rules: 5 policies: 6 ns[foo]-policy[httpbin]-rule[0]: 7 permissions: 8 - andRules: 9 rules: 10 - any: true 11 principals: 12 - andIds: 13 ids: 14 - orIds: 15 ids: 16 - authenticated: 17 principalName: 18 exact: spiffe://td1/ns/rule[0]/sa/from[0]-principal[0] 19 - authenticated: 20 principalName: 21 exact: spiffe://cluster.local/ns/rule[0]/sa/from[0]-principal[0] 22 - authenticated: 23 principalName: 24 exact: spiffe://some-td/ns/rule[0]/sa/from[0]-principal[0] 25 - andIds: 26 ids: 27 - orIds: 28 ids: 29 - authenticated: 30 principalName: 31 exact: spiffe://td1/ns/rule[0]/sa/from[1]-principal[0] 32 - authenticated: 33 principalName: 34 exact: spiffe://cluster.local/ns/rule[0]/sa/from[1]-principal[0] 35 - authenticated: 36 principalName: 37 exact: spiffe://some-td/ns/rule[0]/sa/from[1]-principal[0] 38 - authenticated: 39 principalName: 40 exact: spiffe://td1/ns/rule[0]/sa/from[1]-principal[1] 41 - authenticated: 42 principalName: 43 exact: spiffe://cluster.local/ns/rule[0]/sa/from[1]-principal[1] 44 - authenticated: 45 principalName: 46 exact: spiffe://some-td/ns/rule[0]/sa/from[1]-principal[1] 47 - orIds: 48 ids: 49 - authenticated: 50 principalName: 51 safeRegex: 52 regex: .*/ns/rule[0]-from[1]-ns[0]/.* 53 shadowRulesStatPrefix: istio_dry_run_allow_