istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/security/authz/builder/testdata/tcp/custom-both-http-tcp-in.yaml (about) 1 apiVersion: security.istio.io/v1beta1 2 kind: AuthorizationPolicy 3 metadata: 4 name: httpbin-deny 5 namespace: foo 6 spec: 7 action: CUSTOM 8 provider: 9 name: default 10 rules: 11 # rule[0] `from`: nil, `to`: HTTP field. 12 - to: 13 - operation: 14 methods: ["GET"] 15 # rule[1] `from`: TCP field, `to`: HTTP field. 16 - from: 17 - source: 18 ipBlocks: ["1.2.3.4"] 19 to: 20 - operation: 21 methods: ["GET"] 22 # rule[2] `from`: TCP field, `to`: TCP field. 23 - from: 24 - source: 25 ipBlocks: ["1.2.3.4"] 26 to: 27 - operation: 28 ports: ["80"] 29 # rule[3] `from`: nil, `to`: nil, `when`: HTTP field. 30 - when: 31 - key: "request.headers[:method]" 32 values: ["GET"] 33 # rule[4] `from`: nil, `to`: nil, `when`: TCP field. 34 - when: 35 - key: "destination.port" 36 values: ["80"] 37 # rule[5] `from`: all fields, `to`: all fields, `when`: all fields. 38 - from: 39 - source: 40 ipBlocks: ["1.2.3.4"] 41 remoteIpBlocks: ["172.18.4.0/22"] 42 notIpBlocks: ["9.0.0.1"] 43 notRemoteIpBlocks: ["192.168.244.139"] 44 to: 45 - operation: 46 methods: ["method"] 47 hosts: ["exact.com"] 48 ports: ["80"] 49 paths: ["/exact"] 50 notMethods: ["not-method"] 51 notHosts: ["not-exact.com"] 52 notPorts: ["8000"] 53 notPaths: ["/not-exact"] 54 when: 55 - key: "request.headers[X-header]" 56 values: ["header"] 57 notValues: ["not-header"]