istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/testdata/authz/deny-global.yaml.tmpl

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/testdata/authz/deny-global.yaml.tmpl (about)

     1  # The following policy denies access to path /global-deny for all workloads
     2  
     3  apiVersion: security.istio.io/v1beta1
     4  kind: AuthorizationPolicy
     5  metadata:
     6    name: policy-deny-system
     7  spec:
     8    action: DENY
     9    rules:
    10    - to:
    11      - operation:
    12          # Generally we don't expect users to set global policies, since they
    13          # impact anything in the istio-system namespace. For these tests,
    14          # the target port is needed to avoid the DENY policy also applying to
    15          # traffic through the eastwest-gateway. Since all eastwest-gateway
    16          # traffic is TCP, the policy will attempt to be as restrictive as
    17          # possible and block all traffic through the eastwest-gateway.
    18          ports: [ "18080", "18085" ]
    19          paths: ["/global-deny*"]
    20          notPaths: ["/global-deny/allow"]
    21  ---