/
envoy.istio
/
istio
GigaCode
beta
ОбзорЦентр заботыВойти

istio

Форк
0
Ветки: 75Коммиты: 22559Теги: 336
istio
/pilot
/pkg
/security
/authz
/builder
/testdata
/http
/
allow-full-rule-out.yaml 
925 строк · 31.5 Кб
1
name: envoy.filters.http.rbac
2
typedConfig:
3
  '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC
4
  rules:
5
    policies:
6
      ns[foo]-policy[httpbin-1]-rule[0]:
7
        permissions:
8
        - andRules:
9
            rules:
10
            - orRules:
11
                rules:
12
                - header:
13
                    name: :authority
14
                    stringMatch:
15
                      exact: exact.com
16
                      ignoreCase: true
17
                - header:
18
                    name: :authority
19
                    stringMatch:
20
                      ignoreCase: true
21
                      suffix: .suffix.com
22
                - header:
23
                    name: :authority
24
                    stringMatch:
25
                      ignoreCase: true
26
                      prefix: prefix.
27
                - header:
28
                    name: :authority
29
                    presentMatch: true
30
            - notRule:
31
                orRules:
32
                  rules:
33
                  - header:
34
                      name: :authority
35
                      stringMatch:
36
                        exact: not-exact.com
37
                        ignoreCase: true
38
                  - header:
39
                      name: :authority
40
                      stringMatch:
41
                        ignoreCase: true
42
                        suffix: .not-suffix.com
43
                  - header:
44
                      name: :authority
45
                      stringMatch:
46
                        ignoreCase: true
47
                        prefix: not-prefix.
48
                  - header:
49
                      name: :authority
50
                      presentMatch: true
51
            - orRules:
52
                rules:
53
                - header:
54
                    name: :method
55
                    stringMatch:
56
                      exact: method
57
                - header:
58
                    name: :method
59
                    stringMatch:
60
                      prefix: method-prefix-
61
                - header:
62
                    name: :method
63
                    stringMatch:
64
                      suffix: -suffix-method
65
                - header:
66
                    name: :method
67
                    presentMatch: true
68
            - notRule:
69
                orRules:
70
                  rules:
71
                  - header:
72
                      name: :method
73
                      stringMatch:
74
                        exact: not-method
75
                  - header:
76
                      name: :method
77
                      stringMatch:
78
                        prefix: not-method-prefix-
79
                  - header:
80
                      name: :method
81
                      stringMatch:
82
                        suffix: -not-suffix-method
83
                  - header:
84
                      name: :method
85
                      presentMatch: true
86
            - orRules:
87
                rules:
88
                - urlPath:
89
                    path:
90
                      exact: /exact
91
                - urlPath:
92
                    path:
93
                      prefix: /prefix/
94
                - urlPath:
95
                    path:
96
                      suffix: /suffix
97
                - urlPath:
98
                    path:
99
                      safeRegex:
100
                        regex: .+
101
            - notRule:
102
                orRules:
103
                  rules:
104
                  - urlPath:
105
                      path:
106
                        exact: /not-exact
107
                  - urlPath:
108
                      path:
109
                        prefix: /not-prefix/
110
                  - urlPath:
111
                      path:
112
                        suffix: /not-suffix
113
                  - urlPath:
114
                      path:
115
                        safeRegex:
116
                          regex: .+
117
            - orRules:
118
                rules:
119
                - destinationPort: 80
120
                - destinationPort: 90
121
            - notRule:
122
                orRules:
123
                  rules:
124
                  - destinationPort: 8000
125
                  - destinationPort: 9000
126
            - orRules:
127
                rules:
128
                - destinationIp:
129
                    addressPrefix: 10.10.10.10
130
                    prefixLen: 32
131
                - destinationIp:
132
                    addressPrefix: 192.168.10.0
133
                    prefixLen: 24
134
            - notRule:
135
                orRules:
136
                  rules:
137
                  - destinationIp:
138
                      addressPrefix: 90.10.10.10
139
                      prefixLen: 32
140
                  - destinationIp:
141
                      addressPrefix: 90.168.10.0
142
                      prefixLen: 24
143
            - orRules:
144
                rules:
145
                - destinationPort: 91
146
                - destinationPort: 92
147
            - notRule:
148
                orRules:
149
                  rules:
150
                  - destinationPort: 9001
151
                  - destinationPort: 9002
152
            - orRules:
153
                rules:
154
                - requestedServerName:
155
                    exact: exact.com
156
                - requestedServerName:
157
                    suffix: .suffix.com
158
                - requestedServerName:
159
                    prefix: prefix.
160
                - requestedServerName:
161
                    safeRegex:
162
                      regex: .+
163
            - notRule:
164
                orRules:
165
                  rules:
166
                  - requestedServerName:
167
                      exact: not-exact.com
168
                  - requestedServerName:
169
                      suffix: .not-suffix.com
170
                  - requestedServerName:
171
                      prefix: not-prefix.
172
                  - requestedServerName:
173
                      safeRegex:
174
                        regex: .+
175
            - orRules:
176
                rules:
177
                - metadata:
178
                    filter: envoy.filters.a.b
179
                    path:
180
                    - key: c
181
                    value:
182
                      stringMatch:
183
                        exact: exact
184
                - metadata:
185
                    filter: envoy.filters.a.b
186
                    path:
187
                    - key: c
188
                    value:
189
                      stringMatch:
190
                        prefix: prefix-
191
                - metadata:
192
                    filter: envoy.filters.a.b
193
                    path:
194
                    - key: c
195
                    value:
196
                      stringMatch:
197
                        suffix: -suffix
198
                - metadata:
199
                    filter: envoy.filters.a.b
200
                    path:
201
                    - key: c
202
                    value:
203
                      stringMatch:
204
                        safeRegex:
205
                          regex: .+
206
            - notRule:
207
                orRules:
208
                  rules:
209
                  - metadata:
210
                      filter: envoy.filters.a.b
211
                      path:
212
                      - key: c
213
                      value:
214
                        stringMatch:
215
                          exact: not-exact
216
                  - metadata:
217
                      filter: envoy.filters.a.b
218
                      path:
219
                      - key: c
220
                      value:
221
                        stringMatch:
222
                          prefix: not-prefix-
223
                  - metadata:
224
                      filter: envoy.filters.a.b
225
                      path:
226
                      - key: c
227
                      value:
228
                        stringMatch:
229
                          suffix: -not-suffix
230
                  - metadata:
231
                      filter: envoy.filters.a.b
232
                      path:
233
                      - key: c
234
                      value:
235
                        stringMatch:
236
                          safeRegex:
237
                            regex: .+
238
        principals:
239
        - andIds:
240
            ids:
241
            - orIds:
242
                ids:
243
                - authenticated:
244
                    principalName:
245
                      exact: spiffe://principal
246
                - authenticated:
247
                    principalName:
248
                      prefix: spiffe://principal-prefix-
249
                - authenticated:
250
                    principalName:
251
                      safeRegex:
252
                        regex: spiffe://.*-suffix-principal
253
                - authenticated:
254
                    principalName:
255
                      safeRegex:
256
                        regex: .+
257
            - notId:
258
                orIds:
259
                  ids:
260
                  - authenticated:
261
                      principalName:
262
                        exact: spiffe://not-principal
263
                  - authenticated:
264
                      principalName:
265
                        prefix: spiffe://not-principal-prefix-
266
                  - authenticated:
267
                      principalName:
268
                        safeRegex:
269
                          regex: spiffe://.*-not-suffix-principal
270
                  - authenticated:
271
                      principalName:
272
                        safeRegex:
273
                          regex: .+
274
            - orIds:
275
                ids:
276
                - metadata:
277
                    filter: istio_authn
278
                    path:
279
                    - key: request.auth.principal
280
                    value:
281
                      stringMatch:
282
                        exact: requestPrincipals
283
                - metadata:
284
                    filter: istio_authn
285
                    path:
286
                    - key: request.auth.principal
287
                    value:
288
                      stringMatch:
289
                        prefix: requestPrincipals-prefix-
290
                - metadata:
291
                    filter: istio_authn
292
                    path:
293
                    - key: request.auth.principal
294
                    value:
295
                      stringMatch:
296
                        suffix: -suffix-requestPrincipals
297
                - metadata:
298
                    filter: istio_authn
299
                    path:
300
                    - key: request.auth.principal
301
                    value:
302
                      stringMatch:
303
                        safeRegex:
304
                          regex: .+
305
            - notId:
306
                orIds:
307
                  ids:
308
                  - metadata:
309
                      filter: istio_authn
310
                      path:
311
                      - key: request.auth.principal
312
                      value:
313
                        stringMatch:
314
                          exact: not-requestPrincipals
315
                  - metadata:
316
                      filter: istio_authn
317
                      path:
318
                      - key: request.auth.principal
319
                      value:
320
                        stringMatch:
321
                          prefix: not-requestPrincipals-prefix-
322
                  - metadata:
323
                      filter: istio_authn
324
                      path:
325
                      - key: request.auth.principal
326
                      value:
327
                        stringMatch:
328
                          suffix: -not-suffix-requestPrincipals
329
                  - metadata:
330
                      filter: istio_authn
331
                      path:
332
                      - key: request.auth.principal
333
                      value:
334
                        stringMatch:
335
                          safeRegex:
336
                            regex: .+
337
            - orIds:
338
                ids:
339
                - authenticated:
340
                    principalName:
341
                      safeRegex:
342
                        regex: .*/ns/ns/.*
343
                - authenticated:
344
                    principalName:
345
                      safeRegex:
346
                        regex: .*/ns/ns-prefix-.*/.*
347
                - authenticated:
348
                    principalName:
349
                      safeRegex:
350
                        regex: .*/ns/.*-ns-suffix/.*
351
                - authenticated:
352
                    principalName:
353
                      safeRegex:
354
                        regex: .*/ns/.*/.*
355
            - notId:
356
                orIds:
357
                  ids:
358
                  - authenticated:
359
                      principalName:
360
                        safeRegex:
361
                          regex: .*/ns/not-ns/.*
362
                  - authenticated:
363
                      principalName:
364
                        safeRegex:
365
                          regex: .*/ns/not-ns-prefix-.*/.*
366
                  - authenticated:
367
                      principalName:
368
                        safeRegex:
369
                          regex: .*/ns/.*-not-ns-suffix/.*
370
                  - authenticated:
371
                      principalName:
372
                        safeRegex:
373
                          regex: .*/ns/.*/.*
374
            - orIds:
375
                ids:
376
                - remoteIp:
377
                    addressPrefix: 1.2.3.4
378
                    prefixLen: 32
379
                - remoteIp:
380
                    addressPrefix: 5.6.0.0
381
                    prefixLen: 16
382
            - notId:
383
                orIds:
384
                  ids:
385
                  - remoteIp:
386
                      addressPrefix: 9.0.0.1
387
                      prefixLen: 32
388
                  - remoteIp:
389
                      addressPrefix: 9.2.0.0
390
                      prefixLen: 16
391
            - orIds:
392
                ids:
393
                - directRemoteIp:
394
                    addressPrefix: 1.2.3.4
395
                    prefixLen: 32
396
                - directRemoteIp:
397
                    addressPrefix: 5.6.0.0
398
                    prefixLen: 16
399
            - notId:
400
                orIds:
401
                  ids:
402
                  - directRemoteIp:
403
                      addressPrefix: 9.0.0.1
404
                      prefixLen: 32
405
                  - directRemoteIp:
406
                      addressPrefix: 9.2.0.0
407
                      prefixLen: 16
408
            - orIds:
409
                ids:
410
                - header:
411
                    name: X-header
412
                    stringMatch:
413
                      exact: header
414
                - header:
415
                    name: X-header
416
                    stringMatch:
417
                      prefix: header-prefix-
418
                - header:
419
                    name: X-header
420
                    stringMatch:
421
                      suffix: -suffix-header
422
                - header:
423
                    name: X-header
424
                    presentMatch: true
425
            - notId:
426
                orIds:
427
                  ids:
428
                  - header:
429
                      name: X-header
430
                      stringMatch:
431
                        exact: not-header
432
                  - header:
433
                      name: X-header
434
                      stringMatch:
435
                        prefix: not-header-prefix-
436
                  - header:
437
                      name: X-header
438
                      stringMatch:
439
                        suffix: -not-suffix-header
440
                  - header:
441
                      name: X-header
442
                      presentMatch: true
443
            - orIds:
444
                ids:
445
                - directRemoteIp:
446
                    addressPrefix: 10.10.10.10
447
                    prefixLen: 32
448
                - directRemoteIp:
449
                    addressPrefix: 192.168.10.0
450
                    prefixLen: 24
451
            - notId:
452
                orIds:
453
                  ids:
454
                  - directRemoteIp:
455
                      addressPrefix: 90.10.10.10
456
                      prefixLen: 32
457
                  - directRemoteIp:
458
                      addressPrefix: 90.168.10.0
459
                      prefixLen: 24
460
            - orIds:
461
                ids:
462
                - remoteIp:
463
                    addressPrefix: 10.10.10.10
464
                    prefixLen: 32
465
                - remoteIp:
466
                    addressPrefix: 192.168.10.0
467
                    prefixLen: 24
468
            - notId:
469
                orIds:
470
                  ids:
471
                  - remoteIp:
472
                      addressPrefix: 90.10.10.10
473
                      prefixLen: 32
474
                  - remoteIp:
475
                      addressPrefix: 90.168.10.0
476
                      prefixLen: 24
477
            - orIds:
478
                ids:
479
                - authenticated:
480
                    principalName:
481
                      safeRegex:
482
                        regex: .*/ns/ns/.*
483
                - authenticated:
484
                    principalName:
485
                      safeRegex:
486
                        regex: .*/ns/ns-prefix-.*/.*
487
                - authenticated:
488
                    principalName:
489
                      safeRegex:
490
                        regex: .*/ns/.*-ns-suffix/.*
491
                - authenticated:
492
                    principalName:
493
                      safeRegex:
494
                        regex: .*/ns/.*/.*
495
            - notId:
496
                orIds:
497
                  ids:
498
                  - authenticated:
499
                      principalName:
500
                        safeRegex:
501
                          regex: .*/ns/not-ns/.*
502
                  - authenticated:
503
                      principalName:
504
                        safeRegex:
505
                          regex: .*/ns/not-ns-prefix-.*/.*
506
                  - authenticated:
507
                      principalName:
508
                        safeRegex:
509
                          regex: .*/ns/.*-not-ns-suffix/.*
510
                  - authenticated:
511
                      principalName:
512
                        safeRegex:
513
                          regex: .*/ns/.*/.*
514
            - orIds:
515
                ids:
516
                - authenticated:
517
                    principalName:
518
                      exact: spiffe://principal
519
                - authenticated:
520
                    principalName:
521
                      prefix: spiffe://principal-prefix-
522
                - authenticated:
523
                    principalName:
524
                      safeRegex:
525
                        regex: spiffe://.*-suffix-principal
526
                - authenticated:
527
                    principalName:
528
                      safeRegex:
529
                        regex: .+
530
            - notId:
531
                orIds:
532
                  ids:
533
                  - authenticated:
534
                      principalName:
535
                        exact: spiffe://not-principal
536
                  - authenticated:
537
                      principalName:
538
                        prefix: spiffe://not-principal-prefix-
539
                  - authenticated:
540
                      principalName:
541
                        safeRegex:
542
                          regex: spiffe://.*-not-suffix-principal
543
                  - authenticated:
544
                      principalName:
545
                        safeRegex:
546
                          regex: .+
547
            - orIds:
548
                ids:
549
                - metadata:
550
                    filter: istio_authn
551
                    path:
552
                    - key: request.auth.principal
553
                    value:
554
                      stringMatch:
555
                        exact: requestPrincipals
556
                - metadata:
557
                    filter: istio_authn
558
                    path:
559
                    - key: request.auth.principal
560
                    value:
561
                      stringMatch:
562
                        prefix: requestPrincipals-prefix-
563
                - metadata:
564
                    filter: istio_authn
565
                    path:
566
                    - key: request.auth.principal
567
                    value:
568
                      stringMatch:
569
                        suffix: -suffix-requestPrincipals
570
                - metadata:
571
                    filter: istio_authn
572
                    path:
573
                    - key: request.auth.principal
574
                    value:
575
                      stringMatch:
576
                        safeRegex:
577
                          regex: .+
578
                - metadata:
579
                    filter: istio_authn
580
                    path:
581
                    - key: request.auth.principal
582
                    value:
583
                      stringMatch:
584
                        prefix: https://example.com/
585
            - notId:
586
                orIds:
587
                  ids:
588
                  - metadata:
589
                      filter: istio_authn
590
                      path:
591
                      - key: request.auth.principal
592
                      value:
593
                        stringMatch:
594
                          exact: not-requestPrincipals
595
                  - metadata:
596
                      filter: istio_authn
597
                      path:
598
                      - key: request.auth.principal
599
                      value:
600
                        stringMatch:
601
                          prefix: not-requestPrincipals-prefix-
602
                  - metadata:
603
                      filter: istio_authn
604
                      path:
605
                      - key: request.auth.principal
606
                      value:
607
                        stringMatch:
608
                          suffix: -not-suffix-requestPrincipals
609
                  - metadata:
610
                      filter: istio_authn
611
                      path:
612
                      - key: request.auth.principal
613
                      value:
614
                        stringMatch:
615
                          safeRegex:
616
                            regex: .+
617
            - orIds:
618
                ids:
619
                - metadata:
620
                    filter: istio_authn
621
                    path:
622
                    - key: request.auth.audiences
623
                    value:
624
                      stringMatch:
625
                        exact: audiences
626
                - metadata:
627
                    filter: istio_authn
628
                    path:
629
                    - key: request.auth.audiences
630
                    value:
631
                      stringMatch:
632
                        prefix: audiences-prefix-
633
                - metadata:
634
                    filter: istio_authn
635
                    path:
636
                    - key: request.auth.audiences
637
                    value:
638
                      stringMatch:
639
                        suffix: -suffix-audiences
640
                - metadata:
641
                    filter: istio_authn
642
                    path:
643
                    - key: request.auth.audiences
644
                    value:
645
                      stringMatch:
646
                        safeRegex:
647
                          regex: .+
648
            - notId:
649
                orIds:
650
                  ids:
651
                  - metadata:
652
                      filter: istio_authn
653
                      path:
654
                      - key: request.auth.audiences
655
                      value:
656
                        stringMatch:
657
                          exact: not-audiences
658
                  - metadata:
659
                      filter: istio_authn
660
                      path:
661
                      - key: request.auth.audiences
662
                      value:
663
                        stringMatch:
664
                          prefix: not-audiences-prefix-
665
                  - metadata:
666
                      filter: istio_authn
667
                      path:
668
                      - key: request.auth.audiences
669
                      value:
670
                        stringMatch:
671
                          suffix: -not-suffix-audiences
672
                  - metadata:
673
                      filter: istio_authn
674
                      path:
675
                      - key: request.auth.audiences
676
                      value:
677
                        stringMatch:
678
                          safeRegex:
679
                            regex: .+
680
            - orIds:
681
                ids:
682
                - metadata:
683
                    filter: istio_authn
684
                    path:
685
                    - key: request.auth.presenter
686
                    value:
687
                      stringMatch:
688
                        exact: presenter
689
                - metadata:
690
                    filter: istio_authn
691
                    path:
692
                    - key: request.auth.presenter
693
                    value:
694
                      stringMatch:
695
                        prefix: presenter-prefix-
696
                - metadata:
697
                    filter: istio_authn
698
                    path:
699
                    - key: request.auth.presenter
700
                    value:
701
                      stringMatch:
702
                        suffix: -suffix-presenter
703
                - metadata:
704
                    filter: istio_authn
705
                    path:
706
                    - key: request.auth.presenter
707
                    value:
708
                      stringMatch:
709
                        safeRegex:
710
                          regex: .+
711
            - notId:
712
                orIds:
713
                  ids:
714
                  - metadata:
715
                      filter: istio_authn
716
                      path:
717
                      - key: request.auth.presenter
718
                      value:
719
                        stringMatch:
720
                          exact: not-presenter
721
                  - metadata:
722
                      filter: istio_authn
723
                      path:
724
                      - key: request.auth.presenter
725
                      value:
726
                        stringMatch:
727
                          prefix: not-presenter-prefix-
728
                  - metadata:
729
                      filter: istio_authn
730
                      path:
731
                      - key: request.auth.presenter
732
                      value:
733
                        stringMatch:
734
                          suffix: -not-suffix-presenter
735
                  - metadata:
736
                      filter: istio_authn
737
                      path:
738
                      - key: request.auth.presenter
739
                      value:
740
                        stringMatch:
741
                          safeRegex:
742
                            regex: .+
743
            - orIds:
744
                ids:
745
                - metadata:
746
                    filter: istio_authn
747
                    path:
748
                    - key: request.auth.claims
749
                    - key: iss
750
                    value:
751
                      listMatch:
752
                        oneOf:
753
                          stringMatch:
754
                            exact: iss
755
                - metadata:
756
                    filter: istio_authn
757
                    path:
758
                    - key: request.auth.claims
759
                    - key: iss
760
                    value:
761
                      listMatch:
762
                        oneOf:
763
                          stringMatch:
764
                            prefix: iss-prefix-
765
                - metadata:
766
                    filter: istio_authn
767
                    path:
768
                    - key: request.auth.claims
769
                    - key: iss
770
                    value:
771
                      listMatch:
772
                        oneOf:
773
                          stringMatch:
774
                            suffix: -suffix-iss
775
                - metadata:
776
                    filter: istio_authn
777
                    path:
778
                    - key: request.auth.claims
779
                    - key: iss
780
                    value:
781
                      listMatch:
782
                        oneOf:
783
                          stringMatch:
784
                            safeRegex:
785
                              regex: .+
786
            - notId:
787
                orIds:
788
                  ids:
789
                  - metadata:
790
                      filter: istio_authn
791
                      path:
792
                      - key: request.auth.claims
793
                      - key: iss
794
                      value:
795
                        listMatch:
796
                          oneOf:
797
                            stringMatch:
798
                              exact: not-iss
799
                  - metadata:
800
                      filter: istio_authn
801
                      path:
802
                      - key: request.auth.claims
803
                      - key: iss
804
                      value:
805
                        listMatch:
806
                          oneOf:
807
                            stringMatch:
808
                              prefix: not-iss-prefix-
809
                  - metadata:
810
                      filter: istio_authn
811
                      path:
812
                      - key: request.auth.claims
813
                      - key: iss
814
                      value:
815
                        listMatch:
816
                          oneOf:
817
                            stringMatch:
818
                              suffix: -not-suffix-iss
819
                  - metadata:
820
                      filter: istio_authn
821
                      path:
822
                      - key: request.auth.claims
823
                      - key: iss
824
                      value:
825
                        listMatch:
826
                          oneOf:
827
                            stringMatch:
828
                              safeRegex:
829
                                regex: .+
830
            - orIds:
831
                ids:
832
                - metadata:
833
                    filter: istio_authn
834
                    path:
835
                    - key: request.auth.claims
836
                    - key: nested1
837
                    - key: nested2
838
                    value:
839
                      listMatch:
840
                        oneOf:
841
                          stringMatch:
842
                            exact: nested
843
                - metadata:
844
                    filter: istio_authn
845
                    path:
846
                    - key: request.auth.claims
847
                    - key: nested1
848
                    - key: nested2
849
                    value:
850
                      listMatch:
851
                        oneOf:
852
                          stringMatch:
853
                            prefix: nested-prefix-
854
                - metadata:
855
                    filter: istio_authn
856
                    path:
857
                    - key: request.auth.claims
858
                    - key: nested1
859
                    - key: nested2
860
                    value:
861
                      listMatch:
862
                        oneOf:
863
                          stringMatch:
864
                            suffix: -suffix-nested
865
                - metadata:
866
                    filter: istio_authn
867
                    path:
868
                    - key: request.auth.claims
869
                    - key: nested1
870
                    - key: nested2
871
                    value:
872
                      listMatch:
873
                        oneOf:
874
                          stringMatch:
875
                            safeRegex:
876
                              regex: .+
877
            - notId:
878
                orIds:
879
                  ids:
880
                  - metadata:
881
                      filter: istio_authn
882
                      path:
883
                      - key: request.auth.claims
884
                      - key: nested1
885
                      - key: nested2
886
                      value:
887
                        listMatch:
888
                          oneOf:
889
                            stringMatch:
890
                              exact: not-nested
891
                  - metadata:
892
                      filter: istio_authn
893
                      path:
894
                      - key: request.auth.claims
895
                      - key: nested1
896
                      - key: nested2
897
                      value:
898
                        listMatch:
899
                          oneOf:
900
                            stringMatch:
901
                              prefix: not-nested-prefix-
902
                  - metadata:
903
                      filter: istio_authn
904
                      path:
905
                      - key: request.auth.claims
906
                      - key: nested1
907
                      - key: nested2
908
                      value:
909
                        listMatch:
910
                          oneOf:
911
                            stringMatch:
912
                              suffix: -not-suffix-nested
913
                  - metadata:
914
                      filter: istio_authn
915
                      path:
916
                      - key: request.auth.claims
917
                      - key: nested1
918
                      - key: nested2
919
                      value:
920
                        listMatch:
921
                          oneOf:
922
                            stringMatch:
923
                              safeRegex:
924
                                regex: .+
925
  shadowRulesStatPrefix: istio_dry_run_allow_
926

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.