istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/security/authz/builder/testdata/tcp/custom-both-http-tcp-out1.yaml (about) 1 name: envoy.filters.network.rbac 2 typedConfig: 3 '@type': type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC 4 shadowRules: 5 action: DENY 6 policies: 7 istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[0]: 8 permissions: 9 - andRules: 10 rules: 11 - any: true 12 principals: 13 - andIds: 14 ids: 15 - any: true 16 istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[1]: 17 permissions: 18 - andRules: 19 rules: 20 - any: true 21 principals: 22 - andIds: 23 ids: 24 - orIds: 25 ids: 26 - directRemoteIp: 27 addressPrefix: 1.2.3.4 28 prefixLen: 32 29 istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[2]: 30 permissions: 31 - andRules: 32 rules: 33 - orRules: 34 rules: 35 - destinationPort: 80 36 principals: 37 - andIds: 38 ids: 39 - orIds: 40 ids: 41 - directRemoteIp: 42 addressPrefix: 1.2.3.4 43 prefixLen: 32 44 istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[3]: 45 permissions: 46 - andRules: 47 rules: 48 - any: true 49 principals: 50 - andIds: 51 ids: 52 - any: true 53 istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[4]: 54 permissions: 55 - andRules: 56 rules: 57 - orRules: 58 rules: 59 - destinationPort: 80 60 principals: 61 - andIds: 62 ids: 63 - any: true 64 istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[5]: 65 permissions: 66 - andRules: 67 rules: 68 - orRules: 69 rules: 70 - destinationPort: 80 71 - notRule: 72 orRules: 73 rules: 74 - destinationPort: 8000 75 principals: 76 - andIds: 77 ids: 78 - orIds: 79 ids: 80 - remoteIp: 81 addressPrefix: 172.18.4.0 82 prefixLen: 22 83 - notId: 84 orIds: 85 ids: 86 - remoteIp: 87 addressPrefix: 192.168.244.139 88 prefixLen: 32 89 - orIds: 90 ids: 91 - directRemoteIp: 92 addressPrefix: 1.2.3.4 93 prefixLen: 32 94 - notId: 95 orIds: 96 ids: 97 - directRemoteIp: 98 addressPrefix: 9.0.0.1 99 prefixLen: 32 100 shadowRulesStatPrefix: istio_ext_authz_ 101 statPrefix: tcp.