istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/security/authz/builder/testdata/http/simple-policy-td-aliases-out.yaml (about) 1 name: envoy.filters.http.rbac 2 typedConfig: 3 '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC 4 rules: 5 policies: 6 ns[foo]-policy[httpbin]-rule[0]: 7 permissions: 8 - andRules: 9 rules: 10 - orRules: 11 rules: 12 - header: 13 name: :method 14 stringMatch: 15 exact: rule[0]-to[0]-method[0] 16 principals: 17 - andIds: 18 ids: 19 - orIds: 20 ids: 21 - authenticated: 22 principalName: 23 exact: spiffe://td1/ns/rule[0]/sa/from[0]-principal[0] 24 - authenticated: 25 principalName: 26 exact: spiffe://cluster.local/ns/rule[0]/sa/from[0]-principal[0] 27 - andIds: 28 ids: 29 - orIds: 30 ids: 31 - authenticated: 32 principalName: 33 exact: spiffe://td1/ns/rule[0]/sa/from[1]-principal[0] 34 - authenticated: 35 principalName: 36 exact: spiffe://cluster.local/ns/rule[0]/sa/from[1]-principal[0] 37 - authenticated: 38 principalName: 39 exact: spiffe://td1/ns/rule[0]/sa/from[1]-principal[1] 40 - authenticated: 41 principalName: 42 exact: spiffe://cluster.local/ns/rule[0]/sa/from[1]-principal[1] 43 - orIds: 44 ids: 45 - authenticated: 46 principalName: 47 safeRegex: 48 regex: .*/ns/rule[0]-from[1]-ns[0]/.* 49 ns[foo]-policy[httpbin]-rule[1]: 50 permissions: 51 - andRules: 52 rules: 53 - orRules: 54 rules: 55 - header: 56 name: :method 57 stringMatch: 58 exact: rule[1]-to[0]-method[0] 59 principals: 60 - andIds: 61 ids: 62 - orIds: 63 ids: 64 - authenticated: 65 principalName: 66 exact: spiffe://td1/ns/rule[1]/sa/from[0]-principal[0] 67 - authenticated: 68 principalName: 69 exact: spiffe://cluster.local/ns/rule[1]/sa/from[0]-principal[0] 70 shadowRulesStatPrefix: istio_dry_run_allow_