istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/testdata/authz/deny-namespace.yaml.tmpl

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/testdata/authz/deny-namespace.yaml.tmpl (about)

     1  apiVersion: security.istio.io/v1beta1
     2  kind: AuthorizationPolicy
     3  metadata:
     4    name: {{ .To.ServiceName }}
     5  spec:
     6    selector:
     7      matchLabels:
     8        "app": "{{ .To.ServiceName }}"
     9    action: DENY
    10    rules:
    11      - to:
    12          - operation: # HTTP
    13              ports: [ "{{ (.To.PortForName `http`).WorkloadPort }}", "{{ (.To.PortForName `http2`).WorkloadPort }}" ]
    14              paths: [ "/deny*" ]
    15              notPaths: ["/deny/allow"]
    16              methods: [ "GET" ]
    17        from:
    18          - source:
    19              namespaces: [ "{{ .Denied.NamespaceName }}" ]
    20      - to:
    21          - operation: # GRPC
    22              ports: [ "{{ (.To.PortForName `grpc`).WorkloadPort }}" ]
    23              paths: [ "/proto.EchoTestService/Echo" ]
    24              methods: [ "POST" ]
    25        from:
    26          - source:
    27              namespaces: [ "{{ .Denied.NamespaceName }}" ]
    28      - to:
    29          - operation: # TCP
    30              ports: [ "{{ (.To.PortForName `tcp`).WorkloadPort }}" ]
    31        from:
    32          - source:
    33              namespaces: [ "{{ .Denied.NamespaceName }}" ]