istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/pilot/testdata/authz-b.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/pilot/testdata/authz-b.yaml (about)

     1  apiVersion: security.istio.io/v1beta1
     2  kind: AuthorizationPolicy
     3  metadata:
     4    name: allow-policy
     5  spec:
     6    action: ALLOW
     7    selector:
     8      matchLabels:
     9        "istio": {{.GatewayIstioLabel | default "ingressgateway"}}
    10    rules:
    11    - to:
    12      - operation:
    13          notPorts: ["100"]
    14  ---
    15  apiVersion: security.istio.io/v1beta1
    16  kind: AuthorizationPolicy
    17  metadata:
    18    name: deny-policy
    19  spec:
    20    action: DENY
    21    selector:
    22      matchLabels:
    23        "istio": {{.GatewayIstioLabel | default "ingressgateway"}}
    24    rules:
    25    - to:
    26      - operation:
    27          ports: ["100"]
    28    - to:
    29      - operation:
    30          ports: ["100"]
    31  ---
    32  # Make sure listener has a least one listener, otherwise there may be no policies
    33  apiVersion: networking.istio.io/v1alpha3
    34  kind: Gateway
    35  metadata:
    36    name: gateway
    37  spec:
    38    selector:
    39      istio: {{.GatewayIstioLabel | default "ingressgateway"}}
    40    servers:
    41    - port:
    42        number: 18080
    43        name: http
    44        protocol: HTTP
    45      hosts:
    46      - "foo.bar"