istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/security/authz/builder/testdata/http/multiple-policies-out.yaml (about) 1 name: envoy.filters.http.rbac 2 typedConfig: 3 '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC 4 rules: 5 policies: 6 ns[foo]-policy[httpbin-1]-rule[0]: 7 permissions: 8 - andRules: 9 rules: 10 - orRules: 11 rules: 12 - header: 13 name: :method 14 stringMatch: 15 exact: GET 16 - header: 17 name: :method 18 stringMatch: 19 exact: POST 20 principals: 21 - andIds: 22 ids: 23 - any: true 24 ns[foo]-policy[httpbin-2]-rule[0]: 25 permissions: 26 - andRules: 27 rules: 28 - orRules: 29 rules: 30 - urlPath: 31 path: 32 exact: /v1 33 - urlPath: 34 path: 35 exact: /v2 36 principals: 37 - andIds: 38 ids: 39 - any: true 40 ns[foo]-policy[httpbin-3]-rule[0]: 41 permissions: 42 - andRules: 43 rules: 44 - orRules: 45 rules: 46 - header: 47 name: :authority 48 stringMatch: 49 exact: google.com 50 ignoreCase: true 51 - header: 52 name: :authority 53 stringMatch: 54 exact: httpbin.org 55 ignoreCase: true 56 principals: 57 - andIds: 58 ids: 59 - any: true 60 ns[foo]-policy[httpbin-4]-rule[0]: 61 permissions: 62 - andRules: 63 rules: 64 - orRules: 65 rules: 66 - destinationPort: 80 67 - destinationPort: 90 68 principals: 69 - andIds: 70 ids: 71 - any: true 72 ns[foo]-policy[httpbin-5]-rule[0]: 73 permissions: 74 - andRules: 75 rules: 76 - any: true 77 principals: 78 - andIds: 79 ids: 80 - orIds: 81 ids: 82 - authenticated: 83 principalName: 84 exact: spiffe://principals1 85 - authenticated: 86 principalName: 87 exact: spiffe://principals2 88 ns[foo]-policy[httpbin-6]-rule[0]: 89 permissions: 90 - andRules: 91 rules: 92 - any: true 93 principals: 94 - andIds: 95 ids: 96 - orIds: 97 ids: 98 - metadata: 99 filter: istio_authn 100 path: 101 - key: request.auth.principal 102 value: 103 stringMatch: 104 exact: requestPrincipals1 105 - metadata: 106 filter: istio_authn 107 path: 108 - key: request.auth.principal 109 value: 110 stringMatch: 111 exact: requestPrincipals2 112 ns[foo]-policy[httpbin-7]-rule[0]: 113 permissions: 114 - andRules: 115 rules: 116 - any: true 117 principals: 118 - andIds: 119 ids: 120 - orIds: 121 ids: 122 - authenticated: 123 principalName: 124 safeRegex: 125 regex: .*/ns/namespaces1/.* 126 - authenticated: 127 principalName: 128 safeRegex: 129 regex: .*/ns/namespaces2/.* 130 ns[foo]-policy[httpbin-8]-rule[0]: 131 permissions: 132 - andRules: 133 rules: 134 - any: true 135 principals: 136 - andIds: 137 ids: 138 - orIds: 139 ids: 140 - directRemoteIp: 141 addressPrefix: 1.2.3.4 142 prefixLen: 32 143 - directRemoteIp: 144 addressPrefix: 5.6.7.0 145 prefixLen: 24 146 ns[foo]-policy[httpbin-9]-rule[0]: 147 permissions: 148 - andRules: 149 rules: 150 - any: true 151 principals: 152 - andIds: 153 ids: 154 - orIds: 155 ids: 156 - header: 157 name: X-abc 158 stringMatch: 159 exact: abc1 160 - header: 161 name: X-abc 162 stringMatch: 163 exact: abc2 164 shadowRulesStatPrefix: istio_dry_run_allow_