istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/security/authz/builder/testdata/tcp/audit-both-http-tcp-out.yaml (about) 1 name: envoy.filters.network.rbac 2 typedConfig: 3 '@type': type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC 4 rules: 5 action: LOG 6 policies: 7 ns[foo]-policy[httpbin-audit]-rule[0]: 8 permissions: 9 - andRules: 10 rules: 11 - orRules: 12 rules: 13 - destinationPort: 80 14 - notRule: 15 orRules: 16 rules: 17 - destinationPort: 8000 18 - orRules: 19 rules: 20 - destinationIp: 21 addressPrefix: 10.10.10.10 22 prefixLen: 32 23 - notRule: 24 orRules: 25 rules: 26 - destinationIp: 27 addressPrefix: 90.10.10.10 28 prefixLen: 32 29 - orRules: 30 rules: 31 - destinationPort: 91 32 - notRule: 33 orRules: 34 rules: 35 - destinationPort: 9001 36 - orRules: 37 rules: 38 - requestedServerName: 39 exact: exact.com 40 - notRule: 41 orRules: 42 rules: 43 - requestedServerName: 44 exact: not-exact.com 45 - orRules: 46 rules: 47 - metadata: 48 filter: envoy.filters.a.b 49 path: 50 - key: c 51 value: 52 stringMatch: 53 exact: exact 54 - notRule: 55 orRules: 56 rules: 57 - metadata: 58 filter: envoy.filters.a.b 59 path: 60 - key: c 61 value: 62 stringMatch: 63 exact: not-exact 64 principals: 65 - andIds: 66 ids: 67 - orIds: 68 ids: 69 - authenticated: 70 principalName: 71 exact: spiffe://principal 72 - notId: 73 orIds: 74 ids: 75 - authenticated: 76 principalName: 77 exact: spiffe://not-principal 78 - orIds: 79 ids: 80 - authenticated: 81 principalName: 82 safeRegex: 83 regex: .*/ns/ns/.* 84 - notId: 85 orIds: 86 ids: 87 - authenticated: 88 principalName: 89 safeRegex: 90 regex: .*/ns/not-ns/.* 91 - orIds: 92 ids: 93 - remoteIp: 94 addressPrefix: 10.250.90.4 95 prefixLen: 32 96 - notId: 97 orIds: 98 ids: 99 - remoteIp: 100 addressPrefix: 10.133.154.65 101 prefixLen: 32 102 - orIds: 103 ids: 104 - directRemoteIp: 105 addressPrefix: 1.2.3.4 106 prefixLen: 32 107 - notId: 108 orIds: 109 ids: 110 - directRemoteIp: 111 addressPrefix: 9.0.0.1 112 prefixLen: 32 113 - orIds: 114 ids: 115 - directRemoteIp: 116 addressPrefix: 10.10.10.10 117 prefixLen: 32 118 - notId: 119 orIds: 120 ids: 121 - directRemoteIp: 122 addressPrefix: 90.10.10.10 123 prefixLen: 32 124 - orIds: 125 ids: 126 - remoteIp: 127 addressPrefix: 192.168.7.7 128 prefixLen: 32 129 - notId: 130 orIds: 131 ids: 132 - remoteIp: 133 addressPrefix: 192.168.10.9 134 prefixLen: 32 135 - orIds: 136 ids: 137 - authenticated: 138 principalName: 139 safeRegex: 140 regex: .*/ns/ns/.* 141 - notId: 142 orIds: 143 ids: 144 - authenticated: 145 principalName: 146 safeRegex: 147 regex: .*/ns/not-ns/.* 148 - orIds: 149 ids: 150 - authenticated: 151 principalName: 152 exact: spiffe://principal 153 - notId: 154 orIds: 155 ids: 156 - authenticated: 157 principalName: 158 exact: spiffe://not-principal 159 shadowRulesStatPrefix: istio_dry_run_allow_ 160 statPrefix: tcp.