istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/security/authz/builder/testdata/tcp/audit-both-http-tcp-in.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/security/authz/builder/testdata/tcp/audit-both-http-tcp-in.yaml (about)

     1  apiVersion: security.istio.io/v1beta1
     2  kind: AuthorizationPolicy
     3  metadata:
     4    name: httpbin-audit
     5    namespace: foo
     6  spec:
     7    action: AUDIT
     8    rules:
     9    # rule[0] `from`: all fields, `to`: all fields, `when`: all fields.
    10    - from:
    11      - source:
    12          principals: ["principal"]
    13          requestPrincipals: ["requestPrincipals"]
    14          namespaces: ["ns"]
    15          ipBlocks: ["1.2.3.4"]
    16          remoteIpBlocks: ["10.250.90.4"]
    17          notPrincipals: ["not-principal"]
    18          notRequestPrincipals: ["not-requestPrincipals"]
    19          notNamespaces: ["not-ns"]
    20          notIpBlocks: ["9.0.0.1"]
    21          notRemoteIpBlocks: ["10.133.154.65"]
    22      to:
    23      - operation:
    24          methods: ["method"]
    25          hosts: ["exact.com"]
    26          ports: ["80"]
    27          paths: ["/exact"]
    28          notMethods: ["not-method"]
    29          notHosts: ["not-exact.com"]
    30          notPorts: ["8000"]
    31          notPaths: ["/not-exact"]
    32      when:
    33        - key: "request.headers[X-header]"
    34          values: ["header"]
    35          notValues: ["not-header"]
    36        - key: "source.ip"
    37          values: ["10.10.10.10"]
    38          notValues: ["90.10.10.10"]
    39        - key: "remote.ip"
    40          values: ["192.168.7.7"]
    41          notValues: ["192.168.10.9"]
    42        - key: "source.namespace"
    43          values: ["ns"]
    44          notValues: ["not-ns"]
    45        - key: "source.principal"
    46          values: ["principal"]
    47          notValues: ["not-principal"]
    48        - key: "request.auth.principal"
    49          values: ["requestPrincipals"]
    50          notValues: ["not-requestPrincipals"]
    51        - key: "request.auth.audiences"
    52          values: ["audiences"]
    53          notValues: ["not-audiences"]
    54        - key: "request.auth.presenter"
    55          values: ["presenter"]
    56          notValues: ["not-presenter"]
    57        - key: "request.auth.claims[iss]"
    58          values: ["iss"]
    59          notValues: ["not-iss"]
    60        - key: "destination.ip"
    61          values: ["10.10.10.10"]
    62          notValues: ["90.10.10.10"]
    63        - key: "destination.port"
    64          values: ["91"]
    65          notValues: ["9001"]
    66        - key: "connection.sni"
    67          values: ["exact.com"]
    68          notValues: ["not-exact.com"]
    69        - key: "experimental.envoy.filters.a.b[c]"
    70          values: ["exact"]
    71          notValues: ["not-exact"]