istio
49 строк · 1.6 Кб
1name: envoy.filters.http.rbac
2typedConfig:
3'@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC
4rules:
5policies:
6ns[foo]-policy[httpbin-1]-rule[0]:
7permissions:
8- andRules:
9rules:
10- orRules:
11rules:
12- header:
13name: :authority
14safeRegexMatch:
15regex: (?i)example\.com
16- header:
17name: :authority
18safeRegexMatch:
19regex: (?i)prefix\.example\..*
20- header:
21name: :authority
22safeRegexMatch:
23regex: (?i).*\.example\.com
24- header:
25name: :authority
26presentMatch: true
27- notRule:
28orRules:
29rules:
30- header:
31name: :authority
32safeRegexMatch:
33regex: (?i)not-example\.com
34- header:
35name: :authority
36safeRegexMatch:
37regex: (?i)prefix\.not-example\..*
38- header:
39name: :authority
40safeRegexMatch:
41regex: (?i).*\.not-example\.com
42- header:
43name: :authority
44presentMatch: true
45principals:
46- andIds:
47ids:
48- any: true
49shadowRulesStatPrefix: istio_dry_run_allow_
50