istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/security/authz/builder/testdata/http/single-policy-in.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/security/authz/builder/testdata/http/single-policy-in.yaml (about)

     1  apiVersion: security.istio.io/v1beta1
     2  kind: AuthorizationPolicy
     3  metadata:
     4    name: httpbin
     5    namespace: foo
     6  spec:
     7    selector:
     8      matchLabels:
     9        app: httpbin
    10        version: v1
    11    rules:
    12      - from:
    13          - source:
    14              principals: ["rule[0]-from[0]-principal[1]", "rule[0]-from[0]-principal[2]"]
    15              requestPrincipals: ["rule[0]-from[0]-requestPrincipal[1]", "rule[0]-from[0]-requestPrincipal[2]"]
    16              namespaces: ["rule[0]-from[0]-ns[1]", "rule[0]-from[0]-ns[2]"]
    17              ipBlocks: ["10.0.0.1", "10.0.0.2"]
    18              remoteIpBlocks: ["172.16.10.10"]
    19          - source:
    20              principals: ["rule[0]-from[1]-principal[1]", "rule[0]-from[1]-principal[2]"]
    21              requestPrincipals: ["rule[0]-from[1]-requestPrincipal[1]", "rule[0]-from[1]-requestPrincipal[2]"]
    22              namespaces: ["rule[0]-from[1]-ns[1]", "rule[0]-from[1]-ns[2]"]
    23              ipBlocks: ["10.0.1.1", "192.0.1.2"]
    24              remoteIpBlocks: ["172.17.8.0/24", "172.17.9.4"]
    25        to:
    26          - operation:
    27              methods: ["rule[0]-to[0]-method[1]", "rule[0]-to[0]-method[2]"]
    28              hosts: ["rule[0]-to[0]-host[1]", "rule[0]-to[0]-host[2]"]
    29              ports: ["9001", "9002"]
    30              paths: ["rule[0]-to[0]-path[1]", "rule[0]-to[0]-path[2]"]
    31          - operation:
    32              methods: ["rule[0]-to[1]-method[1]", "rule[0]-to[1]-method[2]"]
    33              hosts: ["rule[0]-to[1]-host[1]", "rule[0]-to[1]-host[2]"]
    34              ports: ["9011", "9012"]
    35              paths: ["rule[0]-to[1]-path[1]", "rule[0]-to[1]-path[2]"]
    36        when:
    37          - key: "request.headers[X-header]"
    38            values: ["header", "header-prefix-*", "*-suffix-header", "*"]
    39          - key: "destination.ip"
    40            values: ["10.10.10.10", "192.168.10.0/24"]
    41          - key: "remote.ip"
    42            values: ["10.99.10.8", "10.80.64.0/18"]
    43      - from:
    44          - source:
    45              principals: ["rule[1]-from[0]-principal[1]", "rule[1]-from[0]-principal[2]"]
    46              requestPrincipals: ["rule[1]-from[0]-requestPrincipal[1]", "rule[1]-from[0]-requestPrincipal[2]"]
    47              namespaces: ["rule[1]-from[0]-ns[1]", "rule[1]-from[0]-ns[2]"]
    48              ipBlocks: ["10.1.0.1", "10.1.0.2"]
    49              remoteIpBlocks: ["172.22.2.0/23", "172.21.234.254"]
    50          - source:
    51              principals: ["rule[1]-from[1]-principal[1]", "rule[1]-from[1]-principal[2]"]
    52              requestPrincipals: ["rule[1]-from[1]-requestPrincipal[1]", "rule[1]-from[1]-requestPrincipal[2]"]
    53              namespaces: ["rule[1]-from[1]-ns[1]", "rule[1]-from[1]-ns[2]"]
    54              ipBlocks: ["10.1.1.1", "192.1.1.2"]
    55              remoteIpBlocks: ["192.168.4.0/24", "192.168.7.8"]
    56        to:
    57          - operation:
    58              methods: ["rule[1]-to[0]-method[1]", "rule[1]-to[0]-method[2]"]
    59              hosts: ["rule[1]-to[0]-host[1]", "rule[1]-to[0]-host[2]"]
    60              ports: ["9101", "9102"]
    61              paths: ["rule[1]-to[0]-path[1]", "rule[1]-to[0]-path[2]"]
    62          - operation:
    63              methods: ["rule[1]-to[1]-method[1]", "rule[1]-to[1]-method[2]"]
    64              hosts: ["rule[1]-to[1]-host[1]", "rule[1]-to[1]-host[2]"]
    65              ports: ["9111", "9112"]
    66              paths: ["rule[1]-to[1]-path[1]", "rule[1]-to[1]-path[2]"]