istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/testdata/requestauthn/gateway-jwt.yaml.tmpl (about) 1 apiVersion: security.istio.io/v1beta1 2 kind: RequestAuthentication 3 metadata: 4 name: default-{{ .To.ServiceName }} 5 spec: 6 targetRef: 7 kind: Gateway 8 group: gateway.networking.k8s.io 9 name: {{ .To.ServiceName }}-gateway 10 jwtRules: 11 - issuer: "test-issuer-1@istio.io" 12 jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json" 13 - issuer: "test-issuer-2@istio.io" 14 jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json" 15 --- 16 apiVersion: security.istio.io/v1beta1 17 kind: RequestAuthentication 18 metadata: 19 name: ignored-{{ .To.ServiceName }} 20 spec: 21 selector: 22 matchLabels: 23 gateway.networking.k8s.io/gateway-name: {{ .To.ServiceName }}-gateway # This would be ignored (not a targetRef) but the feature flag isn't on, so it's applied 24 jwtRules: 25 - issuer: "test-issuer-3@istio.io" 26 jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json" 27 --- 28 apiVersion: security.istio.io/v1beta1 29 kind: AuthorizationPolicy 30 metadata: 31 name: authz-gateway-{{ .To.ServiceName }} 32 spec: 33 targetRef: 34 name: {{ .To.ServiceName }}-gateway 35 kind: Gateway 36 group: gateway.networking.k8s.io 37 rules: 38 - to: 39 - operation: 40 hosts: 41 {{- range $svc := .Services }} 42 - "example.{{ $svc.ServiceName }}.com" 43 {{- end }} 44 from: 45 - source: 46 requestPrincipals: ["test-issuer-1@istio.io/sub-1"] 47 - source: 48 requestPrincipals: ["test-issuer-3@istio.io/sub-1"] 49 - to: 50 - operation: 51 hosts: 52 {{- range $svc := .Services }} 53 - "any-request-principal-ok.{{ $svc.ServiceName }}.com" 54 {{- end }} 55 from: 56 - source: 57 requestPrincipals: ["*"] 58 - to: 59 - operation: 60 paths: ["/healthz"]