istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/policy_attachment_only/testdata/authz/gateway-authz.yaml.tmpl

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/policy_attachment_only/testdata/authz/gateway-authz.yaml.tmpl (about)

     1  apiVersion: security.istio.io/v1beta1
     2  kind: RequestAuthentication
     3  metadata:
     4    name: default-{{ .To.ServiceName }}
     5  spec:
     6    targetRef:
     7      kind: Gateway
     8      group: gateway.networking.k8s.io
     9      name: {{ .To.ServiceName }}-gateway
    10    jwtRules:
    11    - issuer: "test-issuer-1@istio.io"
    12      jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json"
    13  --- 
    14  apiVersion: security.istio.io/v1beta1
    15  kind: AuthorizationPolicy
    16  metadata:
    17    name: authz-gateway-{{ .To.ServiceName }}
    18  spec:
    19    targetRef:
    20      name: {{ .To.ServiceName }}-gateway
    21      kind: Gateway
    22      group: gateway.networking.k8s.io
    23    action: ALLOW
    24    rules:
    25    - to:
    26      - operation:
    27          hosts:
    28  {{- range $svc := .Services }}
    29          - "example.{{ $svc.ServiceName }}.com"
    30  {{- end }}
    31      from:
    32      - source:
    33          requestPrincipals: ["test-issuer-1@istio.io/sub-1"]