istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/serviceregistry/kube/controller/ambient/testdata/allow-groups-in.yaml (about) 1 apiVersion: security.istio.io/v1beta1 2 kind: AuthorizationPolicy 3 metadata: 4 name: groups 5 spec: 6 rules: 7 # Has mix of L4 and L7 in from 8 - from: 9 - source: 10 principals: ["from-mix-principal"] 11 requestPrincipals: ["from-mix-requestPrincipals"] 12 namespaces: ["from-mix-ns"] 13 to: 14 - operation: 15 ports: ["80"] 16 # Has mix of L4 and L7 in to 17 - from: 18 - source: 19 principals: ["to-mix-principal"] 20 namespaces: ["to-mix-ns"] 21 to: 22 - operation: 23 ports: ["80"] 24 methods: ["to-mix-method"] 25 # Only L4 26 - from: 27 - source: 28 principals: ["only-l4-principals"] 29 namespaces: ["only-l4-ns"] 30 to: 31 - operation: 32 ports: ["80"] 33 # Only L7 34 - from: 35 - source: 36 requestPrincipals: ["l7-principal"] 37 to: 38 - operation: 39 paths: ["/l7-foo"] 40 methods: ["l7-method"] 41 # L4 and L7 when 42 - when: 43 - key: "source.namespace" 44 values: ["when-l4-l7-ns"] 45 - key: "connection.sni" 46 values: [ "when-l4-l7-sni"] 47 # L4 only when 48 - when: 49 - key: "source.namespace" 50 values: ["when-l4-ns"] 51 - key: "source.ip" 52 values: ["10.10.10.10"] 53 # L7 only when 54 - when: 55 - key: "connection.sni" 56 values: [ "when-l7-sni"] 57 - key: "request.headers[X-header]" 58 values: ["when-l7-header"]