istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/security/authz/builder/testdata/http/extended-simple-policy-principal-with-wildcard-out.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/security/authz/builder/testdata/http/extended-simple-policy-principal-with-wildcard-out.yaml (about)

     1  name: envoy.filters.http.rbac
     2  typedConfig:
     3    '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC
     4    rules:
     5      policies:
     6        ns[foo]-policy[httpbin]-rule[0]:
     7          permissions:
     8          - andRules:
     9              rules:
    10              - any: true
    11          principals:
    12          - andIds:
    13              ids:
    14              - orIds:
    15                  ids:
    16                  - authenticated:
    17                      principalName:
    18                        safeRegex:
    19                          regex: .+
    20          - andIds:
    21              ids:
    22              - orIds:
    23                  ids:
    24                  - authenticated:
    25                      principalName:
    26                        safeRegex:
    27                          regex: spiffe://.*/ns/foo/sa/rule[0]-from[1]-principal[0]
    28                  - authenticated:
    29                      principalName:
    30                        exact: spiffe://td1/ns/foo/sa/rule[0]-from[1]-principal[1]
    31                  - authenticated:
    32                      principalName:
    33                        safeRegex:
    34                          regex: spiffe://.*bar/ns/foo/sa/rule[0]-from[1]-principal[1]
    35    shadowRulesStatPrefix: istio_dry_run_allow_