istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/testdata/requestauthn/global-jwt.yaml.tmpl

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/testdata/requestauthn/global-jwt.yaml.tmpl (about)

     1  apiVersion: security.istio.io/v1beta1
     2  kind: RequestAuthentication
     3  metadata:
     4    name: "default"
     5  spec:
     6    jwtRules:
     7    - issuer: "test-issuer-1@istio.io"
     8      jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json"
     9    - issuer: "test-issuer-2@istio.io"
    10      jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json"
    11  ---
    12  apiVersion: security.istio.io/v1beta1
    13  kind: AuthorizationPolicy
    14  metadata:
    15    name: authz-ingress
    16  spec:
    17    selector:
    18      matchLabels:
    19        istio: {{.GatewayIstioLabel | default "ingressgateway"}}
    20    rules:
    21    - to:
    22      - operation:
    23          hosts:
    24  {{- range $svc := .Services }}
    25          - "example.{{ $svc.ServiceName }}.com"
    26  {{- end }}
    27      from:
    28      - source:
    29          requestPrincipals: ["test-issuer-1@istio.io/sub-1"]
    30    - to:
    31      - operation:
    32          hosts:
    33    {{- range $svc := .Services }}
    34          - "any-request-principal-ok.{{ $svc.ServiceName }}.com"
    35    {{- end }}
    36      from:
    37      - source:
    38          requestPrincipals: ["*"]
    39    - to:
    40      - operation:
    41          paths: ["/healthz"]