istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/testdata/authz/allow-principal.yaml.tmpl

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/testdata/authz/allow-principal.yaml.tmpl (about)

     1  apiVersion: security.istio.io/v1beta1
     2  kind: AuthorizationPolicy
     3  metadata:
     4    name: {{ .To.ServiceName }}
     5  spec:
     6    selector:
     7      matchLabels:
     8        "app": "{{ .To.ServiceName }}"
     9    action: ALLOW
    10    rules:
    11      - to:
    12          - operation: # HTTP
    13              ports: [ "{{ (.To.PortForName `http`).WorkloadPort }}", "{{ (.To.PortForName `http2`).WorkloadPort }}" ]
    14              paths: [ "/allow" ]
    15              methods: [ "GET" ]
    16        from:
    17          - source:
    18              principals: [ "{{ .Allowed.ServiceAccountName }}" ]
    19      - to:
    20          - operation: # GRPC
    21              ports: [ "{{ (.To.PortForName `grpc`).WorkloadPort }}" ]
    22              paths: [ "/proto.EchoTestService/Echo" ]
    23              methods: [ "POST" ]
    24        from:
    25          - source:
    26              principals: [ "{{ .Allowed.ServiceAccountName }}" ]
    27      - to:
    28          - operation: # TCP
    29              ports: [ "{{ (.To.PortForName `tcp`).WorkloadPort }}" ]
    30        from:
    31          - source:
    32              principals: [ "{{ .Allowed.ServiceAccountName }}" ]