istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/serviceregistry/kube/controller/ambient/testdata/deny-groups-in.yaml (about) 1 apiVersion: security.istio.io/v1beta1 2 kind: AuthorizationPolicy 3 metadata: 4 name: groups-deny 5 spec: 6 action: DENY 7 rules: 8 # Has mix of L4 and L7 in from 9 - from: 10 - source: 11 principals: ["from-mix-principal"] 12 requestPrincipals: ["from-mix-requestPrincipals"] 13 namespaces: ["from-mix-ns"] 14 to: 15 - operation: 16 ports: ["80"] 17 # Has mix of L4 and L7 in to 18 - from: 19 - source: 20 principals: ["to-mix-principal"] 21 namespaces: ["to-mix-ns"] 22 to: 23 - operation: 24 ports: ["80"] 25 methods: ["to-mix-method"] 26 # Only L4 27 - from: 28 - source: 29 principals: ["only-l4-principals"] 30 namespaces: ["only-l4-ns"] 31 to: 32 - operation: 33 ports: ["80"] 34 # Only L7 35 - from: 36 - source: 37 requestPrincipals: ["l7-principal"] 38 to: 39 - operation: 40 paths: ["/l7-foo"] 41 methods: ["l7-method"] 42 # L4 and L7 when 43 - when: 44 - key: "source.namespace" 45 values: ["when-l4-l7-ns"] 46 - key: "connection.sni" 47 values: [ "when-l4-l7-sni"] 48 # L4 only when 49 - when: 50 - key: "source.namespace" 51 values: ["when-l4-ns"] 52 - key: "source.ip" 53 values: ["10.10.10.10"] 54 notValues: ["20.20.20.20"] 55 # L7 only when 56 - when: 57 - key: "connection.sni" 58 values: [ "when-l7-sni"] 59 - key: "request.headers[X-header]" 60 values: ["when-l7-header"]