istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/ambient/testdata/requestauthn/waypoint-jwt.yaml.tmpl

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/ambient/testdata/requestauthn/waypoint-jwt.yaml.tmpl (about)

     1  apiVersion: security.istio.io/v1beta1
     2  kind: RequestAuthentication
     3  metadata:
     4    name: default-{{ .To.ServiceName }}
     5  spec:
     6    targetRefs:
     7    - kind: Gateway
     8      group: gateway.networking.k8s.io
     9      name: waypoint
    10    jwtRules:
    11    - issuer: "test-issuer-1@istio.io"
    12      jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json"
    13    - issuer: "test-issuer-2@istio.io"
    14      jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json"
    15  ---
    16  apiVersion: security.istio.io/v1beta1
    17  kind: RequestAuthentication
    18  metadata:
    19    name: ignored-{{ .To.ServiceName }}
    20  spec:
    21    selector:
    22      matchLabels:
    23        gateway.networking.k8s.io/gateway-name: waypoint # This should be ignored because it's not a targetRef
    24    jwtRules:
    25    - issuer: "test-issuer-3@istio.io"
    26      jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json"
    27  ---
    28  apiVersion: security.istio.io/v1beta1
    29  kind: AuthorizationPolicy
    30  metadata:
    31    name: authz-gateway-{{ .To.ServiceName }}
    32  spec:
    33    targetRefs:
    34    - kind: Gateway
    35      group: gateway.networking.k8s.io
    36      name: waypoint
    37    rules:
    38    - from:
    39      - source:
    40          requestPrincipals: ["test-issuer-1@istio.io/sub-1"]
    41      - source:
    42          requestPrincipals: ["test-issuer-3@istio.io/sub-1"]
    43    - to:
    44      - operation:
    45          paths: ["/healthz"]