istio

1
name: envoy.filters.http.rbac
2
typedConfig:
3
  '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC
4
  rules:
5
    policies:
6
      ns[foo]-policy[httpbin-1]-rule[0]:
7
        permissions:
8
        - andRules:
9
            rules:
10
            - orRules:
11
                rules:
12
                - header:
13
                    name: :authority
14
                    safeRegexMatch:
15
                      regex: (?i)example\.com
16
                - header:
17
                    name: :authority
18
                    safeRegexMatch:
19
                      regex: (?i)prefix\.example\..*
20
                - header:
21
                    name: :authority
22
                    safeRegexMatch:
23
                      regex: (?i).*\.example\.com
24
                - header:
25
                    name: :authority
26
                    presentMatch: true
27
            - notRule:
28
                orRules:
29
                  rules:
30
                  - header:
31
                      name: :authority
32
                      safeRegexMatch:
33
                        regex: (?i)not-example\.com
34
                  - header:
35
                      name: :authority
36
                      safeRegexMatch:
37
                        regex: (?i)prefix\.not-example\..*
38
                  - header:
39
                      name: :authority
40
                      safeRegexMatch:
41
                        regex: (?i).*\.not-example\.com
42
                  - header:
43
                      name: :authority
44
                      presentMatch: true
45
        principals:
46
        - andIds:
47
            ids:
48
            - any: true
49
  shadowRulesStatPrefix: istio_dry_run_allow_
50