istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/security/authz/builder/testdata/http/extended-td-aliases-source-principal-out.yaml (about) 1 name: envoy.filters.http.rbac 2 typedConfig: 3 '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC 4 rules: 5 policies: 6 ns[foo]-policy[httpbin]-rule[0]: 7 permissions: 8 - andRules: 9 rules: 10 - any: true 11 principals: 12 - andIds: 13 ids: 14 - orIds: 15 ids: 16 - authenticated: 17 principalName: 18 safeRegex: 19 regex: .*/ns/istio-system/.* 20 - orIds: 21 ids: 22 - authenticated: 23 principalName: 24 safeRegex: 25 regex: .+ 26 - authenticated: 27 principalName: 28 safeRegex: 29 regex: spiffe://.*/ns/foo/sa/all-td 30 - authenticated: 31 principalName: 32 safeRegex: 33 regex: spiffe://.*-td/ns/foo/sa/prefix-td 34 - authenticated: 35 principalName: 36 exact: spiffe://some-trustdomain/ns/foo/sa/prefix-td 37 shadowRulesStatPrefix: istio_dry_run_allow_